Hacking November’s presidential voting machines to ensure a win for either Republican nominee Donald Trump or Democratic nominee Hillary Clinton would be “easy,” cybersecurity experts claimed in a report released Monday.
America’s outdated voting systems are about as secure as a home computer, and are run by election officials and poll workers with little digital technology expertise, creating the perfect environment for hackers to rig the election, according to the report, “Hacking The Elections Is Easy!” from cybersecurity think tank Institute for Critical Infrastructure Technology (ICIT).
“The United States e-voting system is so vulnerable that a small group of one or a few dedicated individuals could target a lynchpin district of a swing state, and sway the entire presidential election,” the ICIT report said.
The vulnerability of the country’s 9,000 voting jurisdictions is “an epidemic in our democracy,” James Scott, ICIT senior fellow and co-author of the paper with ICIT researcher Drew Spaniel, told The Daily Caller News Foundation. “They say your vote matters, but looking at this, how do you know?”
The report lends substance to Trump’s repeated claim the election could be rigged, a theory many considered far-fetched.
In a related development Monday, Yahoo News reported that foreign hackers accessed two states’ election databases, prompting the FBI to warn officials across the country to enhance their computer systems’ security. Hackers reportedly downloaded the personal data of up to 200,000 voters in Illinois, and installed malicious software in Arizona’s voter registration system.
Foreign actors — likely Russia or China — or domestic hackers could easily sway the democratic process, the ICIT report said. All a hacker needs is a USB drive or memory card containing malware (pernicious software) with the right algorithm (a sequence of instructions telling the computer what to do), the report said.
“Once you have access to a machine, you can inject malware with an algorithm that will take if you’re voting for Hillary, it could give two votes to Trump, (or) voting for Trump, take one away from him and give it to Hillary,” Scott said.
Inserting malware while machines are stored in warehouses in the weeks leading up to the election would be the easiest way to manipulate the election, ICIT found.
“It takes nothing to gain access to those warehouse voting machines,” Scott told TheDCNF. “It’s easy to compromise the field. It takes a few minutes. Very easy to do.”
It would only take acetone and a razor blade to bypass any weak physical lock on the machine, install the malware and re-apply the security seal in five to seven minutes, the report said.
Hackers could also send malware — disguised as a software update from the machine manufacturer — through the mail to election officials. Those election officials, with little to no technical training, may not recognize the threat, the report said.
Hackers could infiltrate polling places on election day with a few ill-intentioned poll workers, since background checks are so rare, the report said. Those poll workers could then insert the malware.
“It’s easy to inject insider threats into the process because for the most part, they’re volunteers,” Scott said.
Someone could also alter votes after poll workers collect votes by reprogramming insertable media to recount and redistribute votes, according to ICIT.
If researchers found vulnerabilities in the country’s election system, ill-intentioned hackers have, too, Scott said.
“I think, as a society, we’re not evolving with the hyper-evolving threat landscape that’s out there.”
Scott said he hopes election officials take the vulnerabilities their report exposes seriously, but it may be too little, too late.
“This discussion only happens every four years, so after everybody calms down after the election, unfortunately, after the election is done and everybody is done counting, there will be abnormalities,” Scott said. “And somehow they always get swept under the rug.”
Send tips to firstname.lastname@example.org.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact email@example.com.