Security News

WATCH: Midterm Election Security Fact Check With Sophos’ Chet Wisniewski

Security remains a top concern as the nation heads to the voting booth on Tuesday for the midterm elections. In an interview with CRNtv, Sophos Principal Researcher Chet Wisniewski analyzed the facts from the fiction when it comes to the subject on many of our minds.

“I think the electronic voting in general is the biggest weakness whether there’s hacking or not. I think there’s so many ways these machines can be used by accident. The lack of transparency is a real challenge, especially in systems that are electronic and don’t have a paper trail,” said Wisniewski. “Almost everyone I know, despite the fact that we make our careers in technology, are quite dubious about using that level of technology in our voting system.”

A new study from the progressive-leaning Center for American Progress adds to those concerns. It finds that 42 states use electronic voting machines with old software, leaving them vulnerable to hacking and malware.

Wisniewski also discussed the potential impact of voting records sold on the dark web. Researchers at Anomali Lab report that 35 million voting registration records are for sale on a popular hacking forum. The disclosure reportedly affects 19 states and includes 23 million records for just three of the 19 states. No record counts were provided for the remaining 16 states, but do include prices for each state.

“I don’t know how much impact it would actually have on an election,” he said. “An attacker or someone purchasing that information is not going to know who cast a ballot and who hasn’t cast a ballot. Obviously many ballots cast by a voter would register as a fraud alert and would be detected.”

[Related: Former CIA Director John Brennan On Criminal Hackers, 'Ignorant' Elected Officials, And Russian Interference In U.S. Politics]

Plus, the growing popularity of mail-in ballots could be a cause of concern.

“It’s another one of those things that’s very difficult to validate. My signature looks quite different every time I sign it, and I’m not sure if trying to do signature matching with AI or something would work in those cases.”

For more of Wisniewski’s interview, watch the video included in this article.

Learn More: Application and Platform Security| Cloud Security| Network Security| Network-Systems Management| Professional Services| Mergers and Acquisitions| Malwarebytes

Advertisement