WASHINGTON DC – Russian hackers are attempting to alter the outcome of the US national election by tampering with voter registration databases with the simple goal of undermining confidence in one of the most contentious presidential elections in history.
But cybersecurity experts said actually altering results is impossible because voter registration databases are not the same as voting machines. About a dozen electronic voting systems are used in the country, and none of them is connected to the internet. Sure, all touchscreen systems could theoretically be tampered with. But that would require a hacker with a USB stick full of malicious code (or on some older machines, a special computer chip and the right-size screwdriver) to spend a few minutes in-person on each machine he or she wanted to tamper with.
Plus, you’d have to target the right swing states and alter the right amount of votes.
“There would be a lot of guesswork in it and a lot of statistics,” said Malcolm Harkins, chief security and trust officer at cybersecurity company Cylance. Harkins has researched the security of electronic voting machines and says hacking the election is “impractical…and not likely to occur.”
Still, concerns about the integrity of the system and the election’s results weigh on voters’ minds. More than half of voters rate the possibility that voting machines could be hacked as “likely” or “very likely,” according to a survey conducted by Carbon Black, a cybersecurity company.
Andrew Appel, a Princeton computer science professor, has made a career of hacking electronic voting machines. He can list all the ways each vulnerable machine could be hacked, but he says the logistical hurdles for foreign hackers would be too high to surmount.
The only way to do it, he says, would be to hack each machine the way US and Israeli spies reportedly hacked computers at a secret Iranian nuclear enrichment facility. The spies reportedly tricked Iranians into plugging USB sticks with malicious code on them into the facilities’ computers, which weren’t connected to the internet.
The lack of uniformity in the US voting system will keep it safe, say cybersecurity experts.
“We don’t have a national election,” said Tod Beardsley, senior security research manager at cybersecurity firm Rapid7, who became an election judge in Texas so he could access and research voting machines. “We have 3,000 elections happening on the same day.”
But watch out on election day, Beardsley said. What voters might see instead of hacked voting machines are defaced websites when they try to look up a polling place. Or claims that voting machines were hacked. Either of those kinds of incidents might make voters doubt the election’s outcome.
If that were to happen, “I would hope that proof would be demanded,” Beardsley said.
