TECH TUESDAY: U.S. Elections Prove Easy Targets for Russian Hackers

BeeBright
BeeBright

Tech Tuesday.png

Chris Grayson, a cyber-security researcher, attended DEFCON, a security conference held in Las Vegas and an event we mention often here. DEFCON is a big convention for all the hackers. At DEFCON, Grayson thought “Why don’t I just try and hack these voter databases that are in the States and just see what the Russians could see.” This is what you do at this event like this: on a whim, give a hack a go.

When Grayson executed the hack, he could not believe the results.

His target was the voter database of Georgia, and Grayson within moments of thinking up this scheme managed to download a confidential file. The download included all the registered voters in Georgia, along with a list of all passwords for voting machines. Included in this data breach was another unprotected sub-directory that held software patches used for upgrading said voting machines. These software upgrades, on closer inspection, would be easy for any hacker of skill to compromise these software upgrades and recompile them with malware that would be installed once election officials upgrade the machines. The malware Grayson could write could do anything he liked with the voting machine’s numbers, in turn affecting the outcome of a state election.

This is a security disaster waiting to happen.

Hooded computer hacker stealing information with laptopAll this was Grayson just sitting there, coming up with the notion and then playing around with it at DEFCON. Now as DEFCON is more about ethical hacking, Grayson called up the FBI and informed them about this vulnerability. Turned out the FBI already knew about this and had told Georgia to clean up their act. They hadn’t done anything yet. That’s kind of a big problem.

Confidence in the voting systems system’s invulnerability has really eroded in the last couple of years after discussion of Russian hackers breaking into stuff. Now Federal law enforcement officials say they are confident the vote count was not disrupted in 2016. There is more concern about upcoming cycles seeing as voting officials just haven’t done their homework to secure voting systems. The FBI warns a well-timed hack of vendors that serves multiple states would be enough to cause chaos because they could probably infect with malware machines across many states.  Georgia election officials were warned about this problem months ago, and they told everyone it was fixed. Obviously, it wasn’t.

But wait, there’s more. Over 40 states have installed voting machines since the year 2000 because, if you remember, there was the drive and desire to get rid of the problem plaguing the Gore/Bush election. So an initiative was carried out to rid elections of paper-punched ballots, but let’s not secure these new, digital machine. I mean, what’s the worst that could happen?

And of course now Maryland has gone back to the paper ballots because they had so many problems with the computers.

We’re really spinning our wheels here, but eventually I think we’ll get this all figured out. We just have to really be careful with our election process and make it secure, this time on the digital front.

 


 

shurtz.jpgA research physicist who has become an entrepreneur and educational leader, and an expert on competency-based education, critical thinking in the classroom, curriculum development, and education management, Dr. Richard Shurtz is the president and chief executive officer of Stratford University. He has published over 30 technical publications, holds 15 patents, and is host of the weekly radio show, Tech Talk. A noted expert on competency-based education, Dr. Shurtz has conducted numerous workshops and seminars for educators in Jamaica, Egypt, India, and China, and has established academic partnerships in China, India, Sri Lanka, Kurdistan, Malaysia, and Canada.