In a representational democracy like the United States, voting is a fundamental right, privilege and civic duty. The infrastructure of our electoral process is critical to governing in the U.S., and election security should be of the utmost importance. But is it easy to hack an election? The short answer to the question is – yes.
The election process in the U.S. is uniquely complex, and the lack of standardization and widespread attack surface (total number of entry points or vectors, where a malicious actor can add or extract information) makes elections a hacktivist’s playground. The people, databases, software and hardware are all potential targets. But securing every attack vector is a herculean task.
First, let’s focus on the singular aspect of supply chain attacks. The well documented and historic concept of “well poisoning” is a defensive battle strategy that taints the source of infrastructure to disrupt an enemy, or as an offensive rhetorical device, preemptively associates unfavorable information with an opponent.
The information supply chain: “Fake news”.
In terms of social engineering, information propaganda is a potent weapon that diverts or subverts resources and sows the seeds of chaos. The 2016 national election was a prime example of how social media can be manipulated. Numerous national intelligence reports from the Central Intelligence Agency (CIA), National Security Agency (NSA), and Federal Bureau of Investigations (FBI) describe how Russia utilized the stolen Clinton campaign emails from Wikileaks and a sophisticated Twitter hack to wage a propaganda war on American politics. Throw the scandal of Cambridge Analytica into the mix and you have a stew of disinformation.
Database supply chain: Accumulation recipes.
Voter registration databases are marinating in highly sensitive information. The ingredients usually include: a person’s full name, social security number, driver’s license number, home address, contact information, and even political party affiliation. There have been numerous incidences of state voter databases being hacked – in California, Kansas, Illinois, and most recently, more than 14 million voter records were exposed in Texas.
But a database doesn’t have to necessarily be ‘hacked’ for information to be exposed. Server misconfiguration is one of the most devastating security risks; like the Deep Root Analytics cloud repository on an Amazon S3 server Chris Vickery discovered last year. While the majority of the information he found was already publicly available, it was the aggregation of 198 million U.S. voters’ data in one unsecured location that made this a treasure trove for malicious actors.
Hardware and software supply chain: Backdoors.
In the physical world of security, controls are an integral part of the information security discipline. However, the security of electronic voting is no exception. Recently, the Chinese “god-mode” manufacturing hack sent chills of disquietude through the U.S. intelligence community. This vulnerability is all the more reason to secure the manufacturing sources and asset inventory chain of custody of voting machines.
While there have been many modernization efforts, voting still occurs using vulnerable technologies. A federal district court judge ordered the scrapping of Georgia’s 27,000 electronic voting machines because they leaked sensitive data related to voters and election supervisors. What is distressing is that used voting machines that still contain personal data can be purchased on eBay. Matt Bernhard demonstrates how “tamper-proof” security ties can be easily circumnavigated in this YouTube video.
Tainting the hardware supply chain is promising to deliver long term, stealth access to personal and election data, but it is still extremely difficult to pull off. A much easier target is the software supply chain. Using something as benign as a software update, a backdoor can potentially introduce malware into the software code that is used to run the electronic voting programs.
NotPetya, the most vicious malware ever used by Sandworm, a known group of hacking agents, wreaked havoc around the world in 2017, and was distributed through a legitimate update of a tax and accounting software. Another example is the recently reported colourama attack, where a tainted module diverted cryptocurrency payments to an attacker’s wallet. What if something similar could be introduced to divert votes from one candidate to another?
When considering the supply chains of digital information, hardware and software, it is clear how difficult it can be to protect and defend voters, votes and the election process. So, who is responsible for ensuring the security of elections? Is it lawmakers, the U.S. court system, electoral officials who oversee the physical process of our elections, the candidates running for office, our police forces, or the average American citizen? If the answer is lawmakers, then the question is at what level? National? State? County? City?
The challenge is that elections are run by individual states, and therefore, the federal government is reluctant to take ownership, aside from certain measures that have been taken. At the federal level, the Department of Homeland Security hosted election security exercises in August. Similarly, at the city level, Boston area police participated in a cybersecurity exercise of a simulated election hack. While we encourage security and law enforcement to remain vigilant to secure the election process, they must tread lightly! Prevention of misconduct is the job of the election officials, while the role of the police is to enforce the law, not the voting process.
Interested in learning more about security practices?
There is a critical shortage of skilled cybersecurity workers! Check out the education and employment offerings at WhiteHat: https://www.whitehatsec.com/company/careers/