Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

Four big targets in the cyber battle over the US ballot box

Here’s how hackers could strike the 2018 midterm elections.

In the months leading up to November’s midterm elections in the US, hordes of foreign hackers will head to their keyboards in a bid to influence the outcome. Their efforts will include trying to get inside the digital infrastructure that supports the electoral process.

There’s a worrying precedent here. Last year, the Department of Homeland Security (DHS) notified 21 states that Russia had targeted their election systems in the months leading up to the 2016 presidential election.

DHS officials said the Russians were mainly scanning computers and networks for security holes rather than taking advantage of any flaws they discovered. Still, that’s no cause for complacency. Intelligence officials are already warning that Russia is intent on meddling in this year’s midterm elections, too—and most of the digital technology that will be used predates the launch of the first iPhone in 2007. Here’s what cyberattackers might target.

This story is part of our September/October 2018 Issue
See the rest of the issue
Subscribe
An illustration of voter registration
SIMON LANDREIN

Voter registration systems


The Technology:
These systems keep a digital record of authorized voters, and data from them populates “poll books” used to check people in at precinct polling stations.

The Risks: Many voter registration systems are old: a report last year by the Brennan Center for Justice at New York University School of Law estimated that 41 states were still using ones built at least a decade ago. They are hosted on servers and need connectivity to receive voter data and transfer it to poll books. Hackers who gain access to them could erase voters’ entries or create fictitious ones and then mail in votes for the fake personas. That could tip the balance in tight races.

This makes the systems tempting targets. In his indictment of 12 Russian hackers in July, US special counsel Robert Mueller alleged that they penetrated the website of one (unnamed) state board of elections in 2016 and stole partial Social Security numbers, driver’s license numbers, and other data for around half a million voters.

An illustration of a voter
SIMON LANDREIN

Voter check-in


The Technology:
In many states, precinct poll workers use tablet-like electronic poll books, rather than paper ones, to verify voters. These machines are often networked to one another and run tailor-­made software.

The Risks: Hackers could target the networks to gain access to poll books, either shutting them down or altering data that’s on them. They could also break into the systems of companies that develop software for the poll books and insert malicious code.

Compromising poll books could cause chaos during an election. For instance, voters may be told that they’ve already voted when in fact they haven’t. Ideally, all polling stations should have backup plans in place that allow them to print provisional ballots if the machines fail.

An illustration of a voting machine
SIMON LANDREIN

Voting machines


The Technology:
The US uses two main types of electronic voting machines. Optical-scan ballot readers scan and record paper ballots filled in by voters, while direct-recording electronic, or DRE, machines display ballot options on a screen and record voters’ choices electronically. Only some DRE machines produce paper records too.

The Risks: Voting machines are programmed with the ballot design, which includes names of the races and candidates involved. The design is set up on election management systems at a central election office or a vendor. The information is typically then transferred to each machine by officials using memory cards or USB keys. Hackers can target the central computers to spread malicious code to multiple machines, or they can target individual devices.

If officials suspect optical-­scan ballot readers have been hacked, they can check the paper ballots; with DREs, there’s sometimes no paper record to look at. Paperless machines are still used in 13 states, and five rely solely on them.

An illustration of votes being counted
SIMON LANDREIN

Vote tallying and reporting


The Technology:
The software managing vote tallying and reporting typically runs on computers using standard operating systems.

The Risks: Hackers could target the software to throw doubt on the outcome of elections. While this may sound unlikely, there are strong suspicions Russian hackers were behind an attack that deleted key files from the Ukrainian central election commission’s system in a 2014 vote.

The good news is that almost all US states check outcomes against reports from individual precincts before certifying official results. So any confusion sown by an attack on vote tallying and reporting software should eventually be resolved as long as the underlying voting processes remain secure.

Beyond all these risks, plenty of other nightmare scenarios could affect the different stages reviewed here. They include distributed denial of service attacks, which knock web-connected systems out of action by flooding them with fake traffic, and ransomware attacks, which use malware to encrypt data—or, in the worst case, destroy it.

-----

This story is a modified and updated version of Here's how hackers could cause chaos in this year's US midterm election

AI is here. Will you lead or follow?
Join us at EmTech Digital 2019.

Register now
An illustration of voter registration
SIMON LANDREIN
An illustration of a voter
SIMON LANDREIN
An illustration of a voting machine
SIMON LANDREIN
An illustration of votes being counted
SIMON LANDREIN
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Print Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.