Warnings from a “White-Hat Hacker” actually — a skilled computer science professor, who recently testified before Congress, about the ‘world of hurt’ Jackpot we now find ourselves in:
A computer science professor told the Senate Intelligence Committee Wednesday that voting machines that create an electronic record of the voters' decisions are open to fraud and computer hacking, vulnerabilities that are big enough to potentially change the outcome of some elections.
J. Alex Halderman, professor of computer science at Michigan University, said he and his team began studying "direct-recording electronic" (DRE) voting machines 10 years ago and found that "we could reprogram the machine to invisibly cause any candidate to win. We also created malicious software — vote-stealing code — that could spread from machine-to-machine like a computer virus, and silently change the election outcome."
[...]
As a computer science professor, Halderman has not only run academic trials on hacking voting machines, he has also run real-time examples.
"The one instance when I was invited to hack a real voting system while people were watching was in Washington D.C in 2010, and in that instance it took less than 48 hours for us to change all the votes and we were not caught," Halderman said about the experiment.
— washingtonexaminer.com — June 21, 2017 [Emphasis added]
Here’s some of Professor Halderman’s written testimony, as reported by VerifiedVoting.org:
by J. Alex Halderman — June 21, 2017
This testimony was delivered at a hearing on June 21, 2017. (Download PDF)
[...]
Cyberattacks Could Compromise Elections
Of course, interfering in a state or national election is a bigger job than just attacking a single machine. Some say the decentralized nature of the U.S. voting system and the fact that voting machines aren’t directly connected to the Internet make changing a state or national election outcome impossible. Unfortunately, that is not true.9
Some election functions are actually quite centralized. A small number of election technology vendors and support contractors service the systems used by many local governments. Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters.
Furthermore, in close elections, decentralization can actually work against us. An attacker can probe different areas of the most important “swing states” for vulnerabilities, find the areas that have the weakest protection, and strike there.10 In a close election, changing a few votes may be enough to tip the result, and an attacker can choose where—and on which equipment—to steal those votes. State and local elections are also at risk.
Our election infrastructure is not as distant from the Internet as it may seem.11 Before every election, voting machines need to be programmed with the design of the ballot, the races, and candidates. This programming is created on a desktop computer called an election management system, or EMS, and then transferred to voting machines using USB sticks or memory cards. These systems are generally run by county IT personnel or by private contractors.12 Unfortunately, election management systems are not adequately protected, and they are not always properly isolated from the Internet. Attackers who compromise an election management system can spread vote-stealing malware to large numbers of machines.13
Russian Attack Attempts: The Threats Are Real
The key lesson from 2016 is that hacking threats are real.
[...]
[Emphasis added]
This “White-Hat” Professor goes on to outline Practical Steps we must take to Defend our Voting Infrastructure — primary of which is:
• “we need to replace obsolete and vulnerable voting machines, such as paperless systems, with optical scanners and paper ballots”.
As I wrote about yesterday, even though the Dept of Homeland Security has deemed our Voting System as part of our “critical infrastructure” — they sure aren’t acting with the urgency, to actually DO SOMETHING about it. One very disturbing example of DHS “foot-dragging” here, is:
[...] state officials raised concerns about the information sharing and stated that so far no secretary of state has been authorized to receive classified threat data from DHS.
Although it’s not entirely clear, the implication of that Tech Journal article is that the “classified threat data” that they protecting like “state secrets”, has something to do with:
“Russian hackers probed election-related systems in 21 different states in the run-up to the 2016 election. The officials said they could not disclose the states on that list, other than Arizona and Illinois, which have made their own public disclosures.”
In fact DHS, besides not disclosing what they have discovered about this organized hacking attempt, they also seem to be promoting a counter-narrative that ‘All is well in Smallville, USA’ … This is in spite of the “dire warnings” they too, have heard from cyber-expert Halderman”:
[...]
Alex Halderman, a professor of computer science and engineering at the University of Michigan, said that despite assurances from DHS that voting machines and systems are difficult to hack and that any systemic attempt to change votes would be detected, manipulating machines and the outcome of an election is actually quite easy — because he has routinely hacked voting machines as part of his research.
As FCW reported prior to the November 2016 election, Halderman confirmed that machines are highly vulnerable and that targeting a few machines in a swing county could change the results of a state or national election.
[...]
— fcw.com, The Business of Federal Technology — Jun 21, 2017
[Emphasis added]
Given the extent of the Russian “probing” into the 2016 election — both the detected and undetected — it may be long past time for someone to “break the glass” — and call 911 and report “the Emergency” (metaphorically speaking) ...
From the foot-dragging and sunshine-spinning that the DHS is pedaling — it is obvious that they only plan on “talking” about it (the Russian Hacking attempts) … And from the “privacy concerns” they keep raising at every turn — their plan includes “talking” about it, as little as possible.
— — —
For those who prefer “constructive solutions” instead of more “dire warnings”, here is what VerifiedVoting.org recommends:
PS. With respect to Congress, fixing this Critical National Infrastructure should be as least as “urgent” as providing yet even more unnecessary “Tax Breaks to Millionaires and Billionaires” — they have enough sway over our elections already, if you asked me.