Voting machines — even the optical scan ballot machines — are computers running specialized programs. Cybersecurity experts warn that antiquated hardware, remote access malware and insecure databases are vulnerabilities that might allow hackers to meddle with elections.
As the federal government has noted, states are responsible for conducting elections. Due to budget constraints, many voting machines haven’t been updated in years. In 2016 Christopher Famighetti of the Brennan Center for Justice interview told CBS News, “We found that more than 40 states are using voting machines there that are at least 10 years [old].”
This year at the cybersecurity conference Defcon, hackers were able to crack a Diebold voting machine in 15 minutes.
Although voting machines generally run Windows and have standard computer hardware like USB ports, understanding how to hack a specific voting system isn’t as easy as it may seem. In fact, most cybersecurity experts agree that while hacking individual machines is trivial, changing the outcome of a national election would be challenging.
“Someone would get hold of [an election machine] before election day — buy it on eBay, steal it, buy it legitimately from the manufacturer,” says Cris Thomas, the global strategy lead for IBM’s X-Force cybersecurity team. Then the attacker would have to deconstruct and research the hardware. If you’re lucky, he says, maybe “you could change a few votes.”
Cybersecurity experts like Thomas say the purpose of hacking a voting machine — or even many voting machines — is to undermine the faith and confidence in the American electoral system. Hackers want to instill a sense of “fear and doubt and uncertainty,” says Thomas.
It’s important to remember, says Thomas, that [the American electoral system] is guarded by “your friends or neighbors that work as poll workers. The system itself is already pretty resilient.”
For more on voting machine hacks may affect the upcoming midterm elections, read the full story on CBS News.
Campaign 2018: Election Hacking is a weekly series from CBS News & CNET about the cyber-threats and vulnerabilities of the 2018 midterm election.