By Rob Lever
Washington (AFP) Oct 10, 2017
Hackers could have easily infiltrated US voting machines in 2016 and are likely to try again in light of vulnerabilities in electronic polling systems, a group of researchers said Tuesday.
A report with detailed findings from a July hacker conference which demonstrated how voting machines could be manipulated concluded that numerous vulnerabilities exist, posing a national security threat.
The researchers analyzed the results of the "voting village" hacking contest at the DefCon gathering of hackers in Las Vegas this year, which showed how ballot machines could be compromised within minutes.
"These machines were pretty easy to hack," said Jeff Moss, the DefCon founder who presented the report at the Atlantic Council in Washington.
"The problem is not going away. It's only going to accelerate."
The report said the DefCon hack was just the tip of the iceberg -- with potential weaknesses in voter databases, tabulating software and other parts of the system.
The researchers said most voting machines examined included at least some foreign-manufactured parts, raising the possibility that malware could be introduced even before the devices are delivered.
"This discovery means that a hacker's point-of-entry into an entire make or model of voting machine could happen well before that voting machine rolls off the production line," the report said.
"With an ability to infiltrate voting infrastructure at any point in the supply chain process, then the ability to synchronize and inflict large-scale damage becomes a real possibility."
- No certainty on 2016 -
Harri Hursti, a researcher with Nordic Innovation Labs and a co-author of the report, said it's impossible to say with certainty if votes were tampered with in 2016 because many systems "don't have the capacity" to be audited.
The report said five US states operate entirely on paperless systems which have no paper trail to be reviewed and another nine states are partially paperless.
"The only way to know is if the hacker tells you," he said, adding that "it can be done without leaving tracks."
Douglas Lute, former US ambassador to NATO who presented the report, said in a forward to the report that the findings highlight "a serious national security issue that strikes at the core of our democracy."
Although some researchers in the past have shown individual machines could be breached, this report suggests a range of vulnerabilities across a range of hardware, software and databases.
"What the report shows is that if relative rookies can hack a voting system so quickly, it is difficult to deny that a nefarious actor -- like Russia -- with unlimited time and resources, could not do much greater damage," said University of Chicago cybersecurity instructor Jake Braun, another co-author.
The threat becomes all the more grave "when you consider they could hack an entire line of voting machines, remotely and all at once via the supply chain," he added.
In presenting the findings, the researchers said members of the DefCon hacker community would work with academics and security researchers in a new coalition aimed at improving election security.
Washington (AFP) Oct 3, 2017
US officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans, a Trump administration official said Tuesday. Rob Joyce, the White House cybersecurity coordinator, told a forum at the Washington Post that officials were studying ways to use "modern cryptographic identifiers" to re ... read more
Cyberwar - Internet Security News - Systems and Policy Issues
|The content herein, unless otherwise known to be public domain, are Copyright 1995-2017 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement|