Photo via Michael Vadon/Flickr (CC-BY-SA)
A dedicated hacker can definitely screw up an election. But the odds that such a thing will decide our next president are extremely small, experts say.
Republican presidential candidate Donald Trump has recently renewed claims that the upcoming November election will somehow be “rigged” against him. But while he’s not provided much evidence of exactly how that will happen—he’s derided media coverage of women accusing him of sexual assault and jokes made at his expense on “Saturday Night Live” as examples—surveys nonetheless show some voters so fear hackers directly targeting the election system that they may stay home on Election Day.
It certainly appears hackers are trying hard to indirectly influence the U.S. election. After news broke in late spring that hackers had breached servers belonging to the Democratic National Convention, information from them, as well as from personal email accounts of other political figures, including former Secretary of State Colin Powell and aides to Democratic candidate Hillary Clinton, has slowly leaked into the public. According to both the Department of Homeland Security and the Director of National Intelligence, this is a deliberate effort from the Russian government to destabilize our elections.
But what about directly hacking American votes? Researchers at cybersecurity company Symantec recently bought voting machine equipment at an auction and demonstrated their findings for Vocativ. Their goal was to try what any good hacker would do: reverse-engineer the device to see if they could hack it, and in the process find a way a criminal could do the same in November.
A sophisticated researcher, they found, could indeed similarly buy the same kind of machine used at their local polling station, figure out how its voter chip cards work, purchase a handheld card rewriter, and trick a single voting machine into voting multiple times. Poll workers tally their results at the end of the day, so this wouldn’t actually give a candidate a glut of votes, but it would invalidate the votes of everyone else who used that machine that day.
It’s extremely unlikely that such a hack could take place en masse, and not just because it would require a registered voter with serious computer science ability for every single voting machine they’d want to invalidate. Each of the U.S.’s 50 states runs their own election. According to an estimate by the nonprofit Verified Voting, there are about 45 different hardware configurations currently in use. So if attackers wanted to ruin a polling place, they’d have to make sure they’d prepared by deconstructing the exact machine used at their designated polling center.
While no one would claim our voting machines are all up to date — in fact, many are dangerously obsolete and prone to failure — the fact that they’re so disparate and decentralized is inadvertently a serious safety net. “The beauty of the American voting system is that it is dispersed among the 50 states and it’s clunky as heck,” FBI Director James Comey said at the Intelligence and National Security Summit in September. “It’s not exactly a swift part of the internet of things, so it’s hard for an actor to reach our voting processes.”
“We don’t have a lot of evidence of people hacking or maliciously attacking election systems,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, told Vocativ.
Machines failing on their own is a far more likely a culprit for damaging an accurate vote count than the idea of foreign hackers, he said. “Equipment malfunction has always been the biggest risk in running computerized elections. The reports of voting machines breaking down or behaving weirdly are legion.”
So while a dedicated criminal hacker could damage the outcome of a few hundred votes, the odds that hackers will tip the 2016 election are extremely slim. The much more likely hack is one of social engineering: That fear of hackers will keep people away from the polls.