Earlier this month, Bianca Lewis, who is eleven years old, was wearing a T-shirt printed with the words “No time for Barbie, there’s hacking to be done” and sitting in front of a computer at the annual Def Con hacking conference, in Las Vegas, meddling with a replica of the Florida Secretary of State’s election Web site. She’d already surreptitiously entered the site’s database through what is known as an SQL injection. “First, you open the site,” she explained, “then you type a few lines of code into the search bar, and you can delete things and change votes. I deleted Trump. I deleted every single vote for him.”
Lewis was visiting an event at the conference run by R00tz Asylum, a nonprofit that teaches hacking to kids, where organizers had replicated thirteen Secretary of State Web sites and invited kids to hack them. The day the conference began, as programmers were finishing coding the sites, the National Association of Secretaries of State issued a press release complaining that Def Con “utilizes a pseudo environment which in no way replicates state election systems, networks, or physical security.” That was true enough—these sites were only look-alikes—but they were constructed from data scraped from the actual state sites, and contained known vulnerabilities that had been exploited by hackers in the past. One of the organizers, Jake Braun, rolled his eyes when I asked him about the association’s letter. “It’s totally tone-deaf,” he said. “A nation-state is literally hacking our democracy—wouldn’t you want to take any help you could possibly get? If they don’t think that the Russians are not doing what we’re doing here all year, as opposed to just a weekend, then they are fucking idiots, right?”
Last year, Braun and a group of other cybersecurity researchers created Def Con’s first-ever Voting Village, a conference within the conference, devoted to election security and its evil twin, election insecurity. Def Con would bring more than twenty-five-thousand of the most avid hackers in the world together, jamming the halls of Caesars Palace, and organizers saw an opportunity to show the American public, still reeling from news of Russian interference in the 2016 Presidential election, how easily voting machines could be compromised. For last year’s conference, Braun and his colleagues purchased roughly two dozen voting machines from government auction sites and eBay, and every single one was successfully hacked, some within minutes.
This year, the Voting Village featured nearly four dozen machines, and, again, their vulnerabilities were on full display. (By lunchtime on the first day, one of the machines had been reprogrammed to project an image of the Illuminati.) “To me, the real value is that everyone who comes through here, the thousands of people, will be leaving with very specialized expertise that can be applied down the road to future systems,” Matt Blaze, another organizer, and a professor of computer science at the University of Pennsylvania, said. “It’s an incredible opportunity to expand the pool of experts who understand how they work and know how to evaluate them.”
Blaze and I were in a windowless conference room on the lower level of Caesars, surrounded by dozens of people earnestly attempting to mess with the different voting-machine models, many of which are still in use around the country, despite well-known security flaws. Nearby, another group of hackers was gathered on what was being called the cyber range, a virtual state-election system, based partly on the one used in Cook County, Illinois. (Hackers breached election systems in Illinois in 2016.) The idea was for attackers to try to break through the system’s firewalls and steal voter-registration data, and for defenders to try to stop them. “We’re using this to train the election officials who are here,” Harri Hursti, another organizer, had told me earlier, noting that some sixty-six hundred election officials had been invited to Vegas. Only about a hundred had actually responded and shown up. “They can see through the eyes of the attacker, they see what this environment looks like when you are the bad guys. You start to think how to defend it. You get the muscle memory.”
Voter-registration databases, like the one in the cyber range and the ones built for the young R00tz Asylum hackers, are rich targets for hackers. “If we look at what happened in 2016, that was all about poking the back-office systems and support systems,” Hursti said. During the 2016 election, Russian operatives targeted election systems in twenty states. Change a letter in the spelling of a voter’s name, change a house number, strike someone from the registry altogether, and when they show up at the polls they’re going to be turned away. This is crucial: votes don’t need to be changed and voting machines don’t need to be tampered with for an election to be hacked.
American elections are overseen by the states and administered by municipalities. Offers of help from the federal government to “harden” voting systems have, in some cases, been met with suspicion by local and state officials wary of losing their autonomy. Even where that’s not the case, the Department of Homeland Security, the federal agency in charge of election security, can help states or municipalities only if they request assistance, and its recommendations, like those of another federal agency, the Election Assistance Commission, are not mandatory. But local election officials often lack the expertise needed to evaluate their systems’ vulnerabilities and, in addition, they have been known to be careless about securing those systems. Software updates go uninstalled; machines are left unguarded and unlocked; election programming and vote tabulation are often outsourced to third-party venders that may have their own vulnerabilities. (According to a leaked National Security Agency document, in 2016, Russian hackers broke into VR Systems, a Tallahassee-based election-technology vender that services eight states, including Florida, where it does work for fifty-eight of the state’s sixty-seven counties. The company said a review found no evidence of a breach.) And local officials have been known to be under the sway of the election-machine manufacturers, who wine and dine and lobby them in an effort to snag their business.
Those same manufacturers have been reluctant to admit flaws in their products, and eager to promote the myth that machines that are not connected to the Internet are not susceptible to hacking. At the start of Def Con, Election Systems and Software (ES&S), the largest voting-machine company in the country, sent a letter to its customers, assuring them that the unfettered access hackers would have at Def Con was nothing like what happens on election day. “Physical security measures make it extremely unlikely that an unauthorized person, or a person with malicious intent, could ever access a voting machine,” the letter said. But the work of security researchers suggests otherwise.
On the second day of Def Con, J. Alex Halderman, a computer-science professor at the University of Michigan, stood by the door of the Voting Village, encouraging everyone who came through to cast a vote for either George Washington or Benedict Arnold in a mock election he was running using a common ES&S-owned touch-screen voting machine, the AccuVote-TSX. The AccuVote is most studied electronic voting machine in the country, Halderman explained, as people pressed their fingers to the screen and watched it register their vote.
“I don’t know how we ended up with such a treasonous group,” Hursti said, as the vote tallies ticked up and up for Arnold. Actually, he conceded, he did. The election was rigged. Halderman had infected the machine—which was not connected to the Internet—with software that registered every vote for Washington as a vote for his rival. Because the AccuVote is a Direct-Recording Electronic device (D.R.E.), which provides no physical record of votes cast, there was no way to know what the real tally had been.
Later in the day, Halderman told an audience how he’d put the fix in for Arnold by adding some lines of code to the external media card that is used to set up the AccuVote for an election. It was a quick, simple, and undetectable modification.
“I was part of a study in California where the Secretary of State in 2007 brought together a group of respected security experts to do a code review of all of the election equipment in the state,” he said. “This is an excerpt from one of the reports about this machine, the AccuVote-TSX, and it details some of its vulnerabilities: multiple buffer overflows, software updates without authentication, interpreted code, things that could be exploited by voters,”—including the ability to erase votes using a paperclip—“things that could be exploited from the memory card. You can forge the voter cards. Inadequate randomization of the ballots, so ballot secrecy can be compromised. All of this stuff. This was in 2007 and there are pages and pages of elaborate technical documentation about these vulnerabilities. California decertified the machines—they wouldn't use them anymore. But other states”—eighteen, in fact—“continue to use them.”
Halderman and his fellow-researchers have long promoted an uncomplicated and inexpensive way to protect against election hacking, one that might seem out of place among Def Con’s high tech élite: use paper. “The simple defense and I think the most important defense that we can roll out in the pragmatic form today is to make sure that every vote is backed by a piece of paper and that all states audit that paper to a high level of statistical certainty to make sure that it reflects the same outcome the computers gave us,” Halderman told the crowd, repeating points he’d made last year while testifying to the Senate Select Committee on Intelligence.
There was a brief moment during which it seemed that Congress was listening. Last December, Senators James Lankford and Amy Klobuchar—a Republican and a Democrat—introduced the Secure Elections Act (SEA), a measure intended to provide guidelines and funds to help local election jurisdictions defend their systems from attack. When it was first proposed, the Act included language that encouraged election officials to phase out paperless D.R.E. voting machines and to implement regular post-election audits comparing reported results with a sample of the paper ballots. Early this week—when it appeared that that language was going to be stripped out of the bill because of pressure coming from voting-machine manufacturers—election-integrity groups, including the National Election Defense Coalition and Verified Voting, pulled their support for the bill. On Wednesday, when the bill was scheduled for markup by the Senate Rules Committee, it was suddenly sidelined and “postponed until further notice,” reportedly at the behest of the White House.
If, prior to 2016, reluctance to fix the American voting system could be chalked up to bureaucratic intransigence, corporate lobbying, or public apathy, the events of 2016 should have changed that. Instead, led by a President who refuses to embrace the intelligence community’s findings about the penetration of our election system by Russian state actors, and backed up by a Republican Congress that has continually stymied efforts at reform, election security has become—foolishly and dangerously—a partisan issue. Without it, democracy doesn’t stand a chance.
Source: newyorker
Author: Sue Halpern
No comments:
Post a Comment