Symantec Shows How Easy It Is To Hack An Election
Here’s a scary idea: someone casting his or her vote for president, but in your name. Or how about: someone gains entry to an electronic voting booth and prints out false results, and hands them into officials. Unfortunately, according to Symantec, these idea could easily become reality.
Symantec simulated a variety of methods that malicious hackers could use to access modern electronic voting booths and disrupt political elections.
The first two types of attacks Symantec identified focused on the hardware used in voting booths. Hackers, for example, could modify the code on registration ID chip cards issued at voting locations.
Hackers could either ’vote more than once, or perhaps, hardcode, for the rest of the day, your name on that card, that gets used,’ according to Senior Vice President Samir Kapuria.
’Some of these devices use a cartridge, which is no more than a glorified USB stick,’ he continued. ’They use that cartridge at the end of the day for volunteer poll workers to take all of that information out of one of these voting systems and into a tallying database.’
Someone with malicious intent could tamper with the cartridge to impact the tally for that booth.
’Without a paper receipt of everyone that voted that day, that could really disrupt or nullify one of the systems and all of the votes that were associated with it,’ Kapuria said.
Someone could also put malware on one of the cartridges and essentially infect the whole voting system network at a location.
The third threat Symantec found is actually misinformation. That would be the case of a hacker distributing false or misleading data regarding voting totals to major media outlets, which could change whether or not people decide to actually go to the polls on election day.
The good news is that there are solutions for these threats.
’It starts with defining a standard,’ Kapuria said. ’There’s such a variance or quilt of these systems being dispersed among states and counties that we need to really create a standard.’
’A lot of the security technology that’s out there can be applied to this,’ he said. ’Everything from endpoint technology, because these are nothing more than computers, to network technology.’