CyberCrimeGovernement-ITRegulationSecuritySecurity Management

US Election Hack Warning From Cyber Security Experts

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

Experts warn the US election could be disrupted by hackers, and warn authorities to closely watch key US states

Security experts from the University of Michigan have warned that hackers could disrupt the US election process in key American states.

The warning comes amid news that the US Department of Homeland Security has been carrying out tests on voting machines across America.

Key US States

The cyber threat to the US election comes because a lot of US states use computer voting systems, unlike the UK for example, which nationwide still relies on the traditional pencil and paper when people are cast their votes.

According to Matt Bernhard and Professor J Alex Halderman of the University of Michigan, election technology in the United States is less than perfect.

But the good news is that the voting machines tend to vary county by county, and state by state. This means that there is no single unified voting technology, which makes life much more difficult for outside hackers.

Hillary Clinton“Unless the election is extraordinarily close, it is unlikely that an attack will result in the wrong candidate getting elected,” the experts stated. “However, there is a non-negligible risk that anomalous events could cause state-level disruptions.”

And they warn that the risk is especially great in those US states were the margins between the two presidential candidates are tight.

“Notably, several at-risk states have narrow margins in current polls,” they blogged. “As jurisdictions with close races are most vulnerable to having their results perturbed or cast into doubt, these are the ones to be concerned about. Nevada, Pennsylvania, Ohio, and Colorado top the list of states to watch out for tomorrow. Together, they account for just under 10 percent of electoral votes.”

And the researchers point out that there are well known vulnerabilities with different electronic voting machines, so called DREs.

Indeed, last year for example Virginia Information Technologies Agency warned that a particular DRE used in certain US states had a shocking level of protection from hackers.

The AVS WINVote voting terminal was found to be running a version of Windows XP Embedded that had not been updated in over ten years. It was also hard encoded with very weak passwords and encryption.

Donald Trump“Not only are DREs prone to hacking, but in the event of a close, disputed race, they produce little evidence to rule out computer-based fraud,” warn the Michigan university experts. “DRE-dependent states with close margins will be important to watch tomorrow, particularly Nevada, North Carolina, Florida, Ohio, and Pennsylvania.”

“In conclusion, the 2016 election is less secure than it should be,” they wrote. “While we think it’s unlikely that hackers will be able to silently change who wins, attacks that attempt to disrupt or discredit the electoral process in critical states are a distinct possibility.”

Election Threat

Meanwhile it is known that the US Department of Homeland Security, in addition to carrying out cyber tests on voting systems across the country, also have security experts on stand-by on election day in case irregularities are spotted.

Matters have not been helped after Google recently disclosed a serious vulnerability with Windows, and controversially only gave Redmond just six days to patch it.

What makes this so serious is the vulnerability is already being exploited by hackers, and Microsoft is only issuing the fix with its Patch Tuesday update process, that will begin to roll out just as American’s are casting their votes.

Microsoft last week blamed Russian-linked hackers (a group known as Strontium) as being responsible for exploiting the unpatched Windows vulnerability.

And US intelligence officials last month officially blamed this same Russian hacker group, which it said was linked to “senior” Russian government. These hackers, according to the US, are responsible for recent politically motivated hacking incidents, including the release of emails stolen from the Democratic National Committee (DNC).

Are you a security pro? Try our quiz!