SPONSORED:

Hacker conference report details persistent vulnerabilities to US voting systems

Hacker conference report details persistent vulnerabilities to US voting systems

U.S. voting systems remain vulnerable to cyberattacks three years after documented efforts to penetrate election machines, according to a report released Thursday.

The report is based on the findings of the white-hat hacker DEF CON Voting Village, an annual gathering of hackers that uses election machines to find vulnerabilities that could allow someone to interfere with the voting process.

ADVERTISEMENT

This year’s event allowed hackers to test voting equipment, including e-poll books, optical scan paper voting devices and direct recording electronic voting machines — all certified for use in at least one U.S. voting jurisdiction.

“Voting Village participants were able to find new ways, or replicate previously published methods, of compromising every one of the devices in the room in ways that could alter stored vote tallies, change ballots displayed to voters, or alter the internal software that controls the machines,” the report said.

Despite the “disturbing” findings of the report, the authors wrote that the findings were “not surprising,” particularly in light of the fact that many of the election equipment cyber vulnerabilities found were “reported almost a decade earlier.”

Equipment that was tested included those made by leading voting machines companies Election Systems and Software (ES&S) and Dominion Systems.

A spokesperson for ES&S told The Hill that the company "works with federal officials and state and local jurisdictions to ensure risks are minimized and elections continue to be secure. For example, we encourage all jurisdictions to set the credentials on their pollbook devices to non-default values and change them per election, as well as enable encryption for all devices."

A spokesperson for Dominion told The Hill that "as we have done in past years, we will review and verify any identified critical security issues and take appropriate steps with state and local election authorities to address them in timely and reasonable fashion."

The Dominion spokesperson noted that one of its systems, the ImageCast Precinct demo unit, analyzed by DEF CON hackers was "never certified for use," meaning that it is not in use in any election jurisdiction. 

The authors emphasized the need to secure the supply chain involved in building election equipment, noting the vulnerabilities posed by using components originating in foreign countries.

They emphasized there is an “urgent need for paper-ballots and risk-limiting audits.”

The authors also noted that the vulnerabilities found are particularly pressing given the lack of information technology expertise involved in running elections at the state and local level.

“With rapid deployment of new IT technology into the election infrastructure, election offices are especially exposed to remote attack (including by hostile state actors),” the authors wrote. “Unfortunately, very few election offices have the resources to effectively counter this increasingly serious type of threat.”

The report's release follows the findings of a Senate Intelligence Committee investigation into Russian interference efforts from 2016. The committee found that “as of the end of 2018, the Russian cyber actors had successfully penetrated Illinois's voter registration database, viewed multiple database tables, and accessed up to 200,000 voter registration records.”
 
Separately, the 448-page report compiled by former special counsel Robert MuellerRobert (Bob) MuellerCNN's Toobin warns McCabe is in 'perilous condition' with emboldened Trump CNN anchor rips Trump over Stone while evoking Clinton-Lynch tarmac meeting The Hill's 12:30 Report: New Hampshire fallout MORE also highlighted Russian hacking attempts in the lead-up to the 2016 election, including Russian intelligence officers who "targeted private technology firms responsible for manufacturing and administering election-related software and hardware, such as voter registration software and electronic polling stations."
 
Mueller testified before Congress in July that he not only expected the Russians to attempt to interfere in the 2020 U.S. elections, but that they were doing so "as we sit here."

The findings of the 2019 Voting Village report build on the vulnerabilities found by hackers at past events. In 2018, an 11-year-old was able to hack into a replica of Florida’s voting website and change the election results in less than 10 minutes.

This year's report was rolled out during an event on Capitol Hill on Thursday, during which Sen. Ron WydenRonald (Ron) Lee WydenTwo more parting shots from Trump aimed squarely at disabled workers On The Money: Push for student loan forgiveness puts Biden in tight spot | Trump is wild card as shutdown fears grow | Mnuchin asks Fed to return 5 billion in unspent COVID emergency funds Grassley, Wyden criticize Treasury guidance concerning PPP loans MORE (D-Ore.) and Reps Jackie SpeierKaren (Jackie) Lorraine Jacqueline SpeierDemocratic Women's Caucus members split endorsements for House campaign chief Pentagon puts on show of force as questions circle on COVID-19 outbreak Candymakers meet virtually with lawmakers for annual fly-in, discuss Halloween safety MORE (D-Calif.) and John KatkoJohn Michael KatkoRundown of the House seats Democrats, GOP flipped on Election Day Republicans who could serve in a Biden government Fitzpatrick wins reelection in Pennsylvania MORE (R-N.Y.) sounded the alarm about existing vulnerabilities in voting systems.

Wyden said that he and Speier would aim to get a copy of the 2019 Voting Village report into the hands of every member of Congress.

Speier said she felt the only way to get certain lawmakers to support legislation on the topic was to “scare the living bejesus” out of them that voting systems can be “rigged against them."

Wyden, who has been one of the key leaders in pushing for action on election security, cautioned that the time to take action to secure the 2020 elections may have already passed.

”We’ve got a really short time window folks,” Wyden said. “As of today, I am concerned that a window has closed, and certainly the next few weeks are going to decide if we are actually prepared for 2020.”

-Updated at 7:05 p.m. to reflect input from election equipment companies.