Experts: Hackers CAN [WILL?] crack election systems

WND/ Steve Elwart

The result of an election will be changed by hackers, the only question remaining for an online security expert is which election will it be.

“I’m somewhat surprised it hasn’t happened yet,” said Stephen Cobb, a security evangelist for ESET-North America, an IT security company, in a recent article in Dark Reading.

With the U.S. presidential election turning into a dead heat, every vote is going to count, but if some hackers had their way, your vote won’t matter.

Hacktivist groups like Anonymous and LulzSec are growing more sophisticated every day with their use of new collaborative hacking techniques, such as “crowdsourcing.” Meanwhile, voter databases are increasingly being put online on state and local computer systems that are often insecure and administered by part-time IT personnel.

“If big, Internet-based companies like Yahoo, LinkedIn, or Sony can fall to hackers, then, yeah, big government databases and local authorities who actually administer the election process can be hacked,” said Cobb.

While the voter databases carry mostly innocuous information, such as name and address, a hacktivist group could create havoc in an election if they were to make changes to that database.

A hacker could, for example, switch the addresses of people on a voting roll, putting them in a different precinct than where they actually live. An error like this could be done close to the election and could very well not be noticed until the day of the election. By then it would be too late. That person would be ineligible to vote that day.

Combining a voting database with other database information, such as those collected by supermarkets, coupon offers, and consumer polling data, hackers could target an area for disenfranchisement by simply looking at the demographic breakdown of a voting precinct.

In a close race, as this presidential contest is shaping up to be, shifting the election turnout in a few precincts in a swing state (i.e. Ohio) could change the outcome of an entire election. One only needs to look at the 2000 election results in Florida to see how the voting results in one or two precincts would have given the country President Gore.

In the 2008 senatorial race in Minnesota, Al Franken won by 312 votes, the equivalent of one precinct. Tampering with just one machine could have changed the outcome of the election.

Such a scenario is not fanciful. States like Washington and Maryland putting voter registration data online make the threat all too real.

“Any system that is networked, especially to the Internet, is inherently vulnerable to attacks on its availability, and the confidentiality and integrity of its data,” says Steve Santorelli, director of global outreach for the security research group Team Cymru.

According to Dr. Hugh Thompson, program committee chairman for RSA Conference, one of the biggest dangers of voting-related cybercrime is its undermining of voter confidence.

“Interestingly, the wrong person winning is not the worst thing that can happen,” he says. “The real worst case is a hacker proving that the vote was compromised and ultimately undermining the entire voting process.”

Many political observers are already saying that this election could be even more contentious than the 2000 contest without the added complexity of electronic voter fraud. The new reality is that a candidate may not have to just win an election, but to win it convincingly enough to avoid a challenge in court.

If a hacktivist group were to prove that their activities changed the outcome of the presidential election, it could throw the legitimacy of the outcome of all levels of election results into question.  More on WND.com. >>