E-voting machines and voter registration systems used widely in the United States and other countries’ elections can readily be hacked—in some cases with less than two hours’ work. This conclusion emerged from a three-day-long hackathon at the Def Con security conference in Las Vegas last weekend. Some of those hacks could potentially leave no trace, undercutting the assurances of election officials and voting machine companies who claim that virtually unhackable election systems are in place.
Def Con, an annual computer hacking conference celebrating its 25th year, hosted its first Voting Machine Hacking Village this year. In it, conference attendees were given access to many of the most popular voting machines and voter registration tracking systems in use around the world today. And before the Hacking Village organizers were even finished with their opening morning introductory remarks, a Danish hacker in the audience had already broken into one of the target machines wirelessly.
Soon after on the same morning, a second group in the room wirelessly hacked into a popular electronic poll book system, responsible for storing and maintaining voter registration information. In total, the inaugural e-voting hackathon turned up at least 18 new vulnerabilities to e-voting and e-poll book systems. (This may be a conservative estimate, as the hacks discovered at the Village are now being verified and studied before they’ll be compiled and counted as legitimate new hacks.)[shortcode ieee-pullquote quote=""We have shown it over and over again that electronic voting is currently beyond our technical capabilities"" float="left" expand=1]
“These people who hacked the e-poll book system, when they came in the door they didn’t even know such a machine exists. They had no prior knowledge, so they started completely from scratch,” says Harri Hursti, Hacking Village co-coordinator and data security expert behind the first hack of any e-voting system in 2005.
The Danish hacker, Hursti added, also had no prior knowledge about the e-voting system he hacked. Both hacks, Hursti says, undermine critics who have claimed that computerized election system hacks are too elaborate and unrealistic to be used in real world settings.
“I hacked the same e-poll book system in 2007,” Hursti says. But it took him two weeks instead of the few hours it took hackers last weekend.
One big difference between now and then is a key rule issued in October 2015, by the U.S. Copyright Office. That rule established that hacks to e-voting and electronic vote counting and tabulating systems are allowable under the Digital Millennium Copyright Act—so long as those hacks are used for research purposes.
Prior to 2015, Hursti says, the DMCA restricted e-voting machine access to hackers. And those few like Hursti who could access them had to ensure that the machines were not altered in any way that might affect their performance or void their warrantees.
So, realistically, the Hacking Village couldn’t have happened anytime before the Copyright Office’s DMCA e-voting machine exemption, Hursti says.
The restricted access that real-world hackers previously had to voting machines made the weekend something of an opening of the floodgates. As Village co-organizer Matt Blaze, associate professor of computer and information science at the University of Pennsylvania, tweeted, “Overheard more than once (at the Hacking Village): 'Wait, it can't be that simple, can it?'”
Another attendee added, “Default passwords, man. Default passwords. #votingvillage”
One disturbing aspect of a number of attacks was that a hacker might be able to cover their tracks. The untraceability of such hacks is nothing new. Hursti recalls an interaction he had with Ohio’s then-Secretary of State Jennifer Brunner, who he says assured him there was not a single incident of any e-voting machine ever being hacked.
“I said if you continue to use these machines, that will always remain true,” Hursti says. “These machines have no capability of providing you any kind of evidence whether they were not hacked or hacked. There’s no protective locks, there’s no forensic evidence gathering. There’s absolutely nothing. The machine cannot prove it’s been hacked.”
And while this year’s Hacking Village concentrated on voting’s front-end—the e-voting machines and e-poll registration systems used at polling places—there are other spots for hackers to attack.
“There has been a lot of interest in the voting machines, because that’s the customer-facing side. That is the machine the voter sees,” Hursti says. “That is just the tip of the iceberg. The whole system is the election management system, the ballot originating system, the tallying system, the reporting system, the voter registration system, the e-poll books. That is a humungous amount of infrastructure.”
Future DEF CON Voting Machine Hacking Villages plan to tackle such larger election cybersecurity challenges, the organizers say.
In the meantime, Hursti is advocating for a return to a smart paper-ballot and scan machine system, plus regular audits.
“A lot of these electronic voting machines are software unfixable,” he says. “The problem is in the hardware design. The problem is in the architecture. There’s nothing you can do in software to really fix them.”
On the other hand, Hursti disagrees with some e-voting critics who overcompensate and advocate a return to hand-counting paper ballots. “That is stupid,” he says. “Humans are extremely error prone. Humans have the capability of being dishonest. So paper ballots with the responsible use of technology—meaning, optical scan machines, software analyzing, and an audit process which will verify the machine-produced results. And whether the audit process is purely human, or by software and other scanners, those are other questions. Different jurisdictions will pick up different answers.”
“The sad part here is in 10 years nothing really has happened, except that the [voting officials] have moved on,” he says. “And we have shown it over and over again that electronic voting is currently beyond our technical capabilities… if we keep auditability and secrecy and privacy of the ballot, then we cannot have electronic voting. That’s a full stop.”