top of page
  • Robert J. Borer

110 Articles: Searchable Keyword Database

Searchable Database

Keywords To Search: Dominion, Election Systems & Software, ES&S, Diebold, Sequoia, Premier, GEMS, DRE, direct-recording electronic, election management system, EMS, albert, albert-sensors, optical, optical-scan, optical-scanner, poll, poll book, touch-screen, touchscreen, hand-marked, hand marked, paper ballot, stingray, remote, remote-access, modem, router, password, glitch, usb, card, thumb drive, hardware, software, malware, virus, barcode, QR, etc.


  1. NYT: How to Hack an Election (Jan. 31, 2004) “When the State of Maryland hired a computer security firm to test its new machines, these paid hackers had little trouble casting multiple votes and taking over the machines' vote-recording mechanisms… It was an ''easy matter,'' they reported, to reprogram the access cards used by voters and vote multiple times. They were able to attach a keyboard to a voting terminal and change its vote count. And by exploiting a software flaw and using a modem, they were able to change votes from a remote location.”

  2. CNN: The trouble with e-voting (Aug. 30, 2004) “A lawsuit was filed against Diebold last year in California alleging that software flaws makes the voting machines vulnerable to hacker attacks and computer viruses. There are also concerns about the lack of a verifiable paper trail with electronic voting.”

  3. Princeton: Security Analysis of the Diebold Accuvote-TS Voting Machine (Sept. 13, 2006) “Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine’s hardware and software and the adoption of more rigorous election procedures.”

  4. TechReview: How to Hack an Election in One Minute (Sept. 18, 2006) “Princeton U. researchers have released a study and video that demonstrate the ease of altering votes on an electronic voting machine… First, the CITP group discovered that not only could it install malicious code on the voting machine, but also that the code could easily be configured to “disappear” once its work was done, leaving no trace of tampering; the electronic and paper records produced by the voting machine would agree–and both be wrong. Second, they found that physically hacking into the machine and its memory card was easy… The CITP’s third finding was that its virus code could spread… An infected memory card, inserted into another voting machine, would infect that machine and then its memory card, and so on.”

  5. CNN: Dobbs: Voting Machines Put U.S. Democracy At Risk (Sept. 21, 2006) “…electronic voting machines are placing our democracy at risk...eight out of every 10 voters will be casting their ballots this November on electronic voting machines. And these machines time and again have been demonstrated to be extremely vulnerable to tampering and error, and many of them have no voter-verified paper trail…Princeton researchers found that "malicious software" running on a single voting machine can steal votes with little, if any, risk of detection, and that anyone with access can install the software. The study also suggests these machines are susceptible to voting-machine viruses.”

  6. HBO: Hacking Democracy (Nov. 2, 2006) “Hacking Democracy follows citizen investigators as they prove America's votes can be stolen without a trace. Their mission climaxes in a duel between the Diebold corporation's voting machines and a computer hacker – with America’s democracy at stake. "Hacking Democracy" ends on a sour note, which serves as an apt metaphor for the entire election-reform movement. We see Harris and her hacker friends set out to prove that they can program a Diebold memory card -- the card that stores votes in touch-screen and optical-scan counting machines -- so that it easily steals an election. Their demonstration is so unmistakably successful you can't help feeling sick.”

  7. Salon: Hacking Democracy (Nov. 2, 2006) “In a nutshell, the case against touch-screen voting systems -- on which about 40 percent of Americans will cast their ballots this year -- boils down to this: You can never really know what's going on inside… But paperless touch-screen machines store their votes on hard drives and memory cards, rendering recounts impossible. If the computer hasn't recorded people's votes correctly in the first place, or if someone has weaseled into the database and shifted around the totals, the true count will be lost to all forever.”

  8. NYT: Scientists’ Tests Hack Into Electronic Voting Machines in California and Elsewhere (July 28, 2007) “Computer scientists from California universities have hacked into three electronic voting systems from three of the four largest companies in the business: Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems.. and found several ways in which vote totals could potentially be altered… The reports also said the investigators had found possible problems not only with computerized touch-screen machines, but also with optical scanning systems and broader election-management software.”

  9. Wired: Whistleblower: Voting Machine Company Lied to Election Officials About Reliability of Machines (March 27, 2008) “A former technician who worked for Hart InterCivic — a voting machine company based in Texas — has alleged that his company lied to election officials about the accuracy, testing, reliability and security of its voting machines. Among the claims he makes: …didn't completely alpha test its software and didn't beta test its software at all… created a "dummy" machine to undergo certification testing in Ohio because he says its standard system configuration would not have passed certification…created a dummy report by hand and told certification officials that it came from the voting system…patched the software in some jurisdictions without telling customers it was changing the software and without submitting the changes for certification.”

  10. CNN: Computerized Systems Also Vulnerable To Hacking (Oct. 30, 2008) “U.S. election watchdogs are concerned about the accuracy of electronic voting…About half of voters will use optical-scan systems; one-third will use touch screens…Touch-screen machines can occasionally fail or register votes for unintended candidates. Optical-scan systems can have trouble reading paper ballots that are too long or marked with the wrong ink. At least one study suggests that electronic voting machines can be easily hacked…The problem now is that roughly a third of voters nationwide will use unverifiable electronic machines. So if there are uncertainties, there will be no way to resolve them.”

  11. Wired: ES&S Voting Machines Can Be Maliciously Calibrated to Favor Specific Candidates (Nov. 3, 2008) “Touchscreen voting machines at the center of recent vote-flipping reports can be easily and maliciously recalibrated in the field to favor one candidate in a race, according to a report prepared by computer scientists for the state of Ohio…At issue are touchscreen machines manufactured by ES&S, 97,000 of which are in use in 20 states…The process for calibrating the touchscreens allows poll workers or someone else to manipulate specific regions of the screen, so that a touch in one region is registered in another. Someone attempting to rig an election could thus arrange for votes for one candidate to be mapped to the opponent.”

  12. CNN: Hacking Your Vote (Oct. 27, 2010) “For University of Michigan Prof. J. Alex Halderman, getting into the machines was as easy as picking a cheap lock. Once in, the researchers were able to reprogram the memory card inside the machines, set up a mock election and then steal votes at will… We were flipping votes from one candidate to another to keep the total number of votes the same…We have found that we can make a voting machine virus that can jump from machine to machine and change the election outcome across a whole state.”

  13. TechReview: How Long Before Hackers Steal Votes? (March 18, 2011) “New Jersey’s electronic voting machines, which are emblematic of machines across the U.S., remain vulnerable to attack by hackers who could inject software or hardware to skew vote counts. DRE voting machines are very vulnerable to software-based fraud: if an attacker replaces the firmware (software) that determines how the computer interprets button-presses on the user interface, then he can make the machine fraudulently miscount votes according to an algorithm he determines. He can choose the algorithm so as to resist detection by black-box testing, that is, not to cheat in circumstances other than in real elections.”

  14. NBC: It only takes $26 to hack a voting machine (Sept. 28, 2011) “Researchers from the Argonne National Laboratory in Illinois have developed a hack that, for about $26 and an 8th-grade science education, can remotely manipulate the electronic voting machines used by millions of voters all across the U.S… an attacker could tamper with, and remotely take full control, of the e-voting machine simply by attaching what they call a piece of "alien electronics" into the machine's circuit board. The electronic hacking tool consists of a $1.29 microprocessor and a circuit board that costs about $8. Together with the $15 remote control, which enabled the researchers to modify votes from up to a half-mile away, the whole hack runs about $26.”

  15. PBS: Internet Voting: Will Democracy or Hackers Win? (Feb. 16, 2012) “Professor Halderman and some of his grad students took the bait and got busy, documenting their exploit in detail. Within 36 hours, they were in total control of the elections server. They changed votes to elect science fiction computers and robots, downloaded a file with all the real voter passwords, and rigged it so whenever someone submitted a ballot, they heard the Michigan fight song, "The Victors," after a 15-second delay.”

  16. WSJ: Will The Next Election Be Hacked? (Aug. 17, 2012) “Two years ago, hackers gained access to an online voting system created by the District of Columbia and altered every ballot on behalf of their own preferred candidates…Internet voting systems were a real threat to the integrity of the democratic process.”

  17. PopSci: How I Hacked An Electronic Voting Machine (Nov. 5, 2012) “What do you need to rig an election? A basic knowledge of electronics and $30 worth of RadioShack gear, professional hacker Roger Johnston reveals… He launched security attacks on electronic voting machines to demonstrate the startling ease with which one can steal votes…It’s called a man-in-the-middle attack. It’s a classic attack on security devices. You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off. We’re basically interfering with transmitting the voter’s intent…Anyone who does digital electronics–a hobbyist or an electronics fan–could figure this out.”

  18. Verge: Feed the machine: America's stumble through a decade of electronic voting (Nov. 6, 2012) “When it comes to the Sequoia AVC Edge with which President Obama submitted his ballot, this is what they're saying: it has "significant security weaknesses."…"The nature of these weaknesses raises serious questions as to whether the Sequoia software can be relied upon to protect the integrity of elections." Yet these machines are still in use in part or all of 13 states…A single precinct in Volusia County, Florida, late on Election Night — where voters used optical scan, fill-in-the-bubble ballots — reported that Gore had inexplicably received 16,022 negative votes. As they became more widely used, reports surfaced of glitches, including disappearing and "flipping" votes.”

  19. BrennanCenter: America’s Voting Machines At Risk (Sept. 15, 2014) “No one expects a laptop to last for 10 years. And although today’s machines debuted at the beginning of this century, many were designed and engineered in the 1990s. Forty-three states are using some machines that will be at least 10 years old in 2016. In most of these states, the majority of election districts are using machines that are at least 10 years old. In 14 states, machines will be 15 or more years old. Nearly every state is using some machines that are no longer manufactured and many election officials struggle to find replacement parts. Older machines can also have serious security and reliability flaws that are unacceptable today. For example, Virginia recently decertified a voting system used in 24 percent of precincts after finding that an external party could access the machine’s wireless features to “record voting data or inject malicious data.”

  20. Guardian: Voting machine password hacks as easy as 'abcde' (April 15, 2015) “Touchscreen WinVote voting machines used in numerous elections between 2002 and 2014 used “abcde” and “admin” as passwords and could easily have been hacked from the parking lot outside the polling place, according to a state report…Anyone within a half mile could have modified every vote, undetected…the version of Windows operating on each of them had not been updated since at least 2004, that it was possible to “create and execute malicious code” on the WINVote and that “the level of sophistication to execute such an attack is low”.”

  21. NYT: Millions of Voter Records Posted, and Some Fear Hacker Field Day (Dec. 30, 2015) “First and last names. Recent addresses and phone numbers. Party affiliation. Voting history and demographics. A database of this information from 191 million voter records was posted online over the last week, the latest example of voter data becoming freely available, alarming privacy experts who say the information can be used for phishing attacks, identity theft and extortion. It is not known who built the database, where all the data came from, and whether its disclosure resulted from an inadvertent release or from hacks…states are not taking the security of voter data seriously enough.”

  22. Politico: More than 20 states have faced major election hacking attempts, DHS says (Sept. 30, 2016) “Hackers have intensely probed state voter registration systems in more than 20 states…The revelation comes amid fears that the electoral system is vulnerable to digital meddling. The DHS official — speaking on background because of the subject’s sensitive nature — explained that hackers of all stripes are constantly testing the digital defenses of every state’s public-facing election systems. But in 20-plus states, the agency determined that these intrusion attempts have become what DHS calls probing of concern.”

  23. Wired: America’s Electronic Voting Machines Are Scarily Easy Targets (Aug. 2, 2016) “They are old, buggy, and insecure. If someone wanted to mess with the US election, these machines would be an easy way in. Most of these machines are running Windows XP, for which Microsoft hasn’t released a security patch since April 2014…researchers have demonstrated that many of them are susceptible to malware or, equally if not more alarming, a well-timed denial of service attack.”

  24. Politico: How to Hack an Election in 7 Minutes (Aug. 5, 2016) “Princeton professor Andrew Appel decided to hack into a voting machine… He summoned a graduate student named Alex Halderman, who could pick the machine’s lock in seven seconds. Clutching a screwdriver, he deftly wedged out the four ROM chips—they weren’t soldered into the circuit board, as sense might dictate—making it simple to replace them with one of his own: A version of modified firmware that could throw off the machine’s results, subtly altering the tally of votes, never to betray a hint to the voter. The attack was concluded in minutes… the machines that Americans use at the polls are less secure than the iPhones they use to navigate their way there. We found the machine did not have any security mechanisms beyond what you’d find on a typical home PC, it was very easy to hack…foreign hackers could attack the state and county computers that aggregate the precinct totals on election night…They could attack digitized voter registration databases…They could infect software at the point of development, writing malicious ballot definition files that companies distribute, or do the same on a software patch…They could FedEx false software to a county clerk’s office and, with the right letterhead and convincing cover letter, get it installed. Even with optical scan voting, it’s not just the voting machines themselves—it’s the desktop and laptop computers that election officials use to prepare the ballots, prepare the electronic files from the OpScan machines, panel voter registration, electronic poll books. And the computers that aggregate the results together from all of the optical scans.”

  25. LawfareBlog: Secure the Vote Today (Aug. 8, 2016) “…the computer experts have almost universally agreed: we can’t secure purely electronic voting systems. It may be surprising to outsiders, but computer scientists believe in paper ballots, either directly marked by the voter or created by a machine and placed in the ballot box. Voting systems need to convince rational losers that they lost fairly. In order to do that, it is critical to both limit fraud and have the result be easily explained. It is impossible to prevent all fraud but we must ensure that the cost of fraud scales with the size: it should take 100 times more effort to change 100 votes compared with the effort associated with changing one vote. Any voting system in which fraud is constant—that is, in which changing 100 votes takes the same effort as changing one—must be viewed as critically flawed.”

  26. CNN: Just How Secure Are Electronic Voting Machines? (Aug. 9, 2016) “We've officially entered the era of the hackable election. In a demo, Varner showed CNNMoney how a voter access card can be hacked by a small device that reprograms the card, giving voters the ability to cast their vote as many times as they wish…a hacker could intercept the signals from an electronic voting machine connected to the Internet, similar to how hackers could intercept a user's data when he or she connects to WiFi at a coffee shop. We don't know what the transport network looks like between this machine and the actual database server that's aggregating the votes and then sending it up for live broadcast. Anywhere along that path... the communications could be intercepted."

  27. CBS: Hacker demonstrates how voting machines can be compromised (Aug. 10, 2016) “Concerns are growing over the possibility of a rigged presidential election. Roughly 70 percent of states in the U.S. use some form of electronic voting. Hackers told CBS News that problems with electronic voting machines have been around for years. The machines and the software are old and antiquated. The voter doesn't even need to leave the booth to hack the machine. For $15 and in-depth knowledge of the card, you could hack the vote… There are so many places in the voting process once it goes electronic that's vulnerable. We found that more than 40 states are using voting machines there that are at least 10 years old.”

  28. ABC: Yes, It's Possible to Hack the Election (Aug. 19, 2016) “Slight meddling in some swing precincts in swing states could tip the scales. If it’s a computer, it can be hacked… if sophisticated hackers want to get into any computer or electronic device, even one that is not connected to the internet, they can do so… In most states the data that are used to determine who won an election are processed by networked, computerized devices… There are almost no locations that exclusively use paper ballots… The process of recording which person got your vote can — almost always — be hacked. Malware can be implanted on voting machines. Almost none of these machines have any kind of malware detection software like those used at major corporations and government agencies. Even if they did, many of those cybersecurity tools are regularly defeated by today’s sophisticated hackers… In America’s often close elections, a little manipulation could go a long way… Smart malware can be programmed to switch only a small percentage of votes from what the voters intended. That may be all that is needed, and that malware can also be programmed to erase itself after it does its job, so there might be no trace it ever happened. Minimal election security standards could be simply stated: 1) No vote recording machine shall be connected electronically to any network — including but not limited to local area networks (LANs), Wi-Fi, the internet and virtual private networks (VPNs). 2) Every voting machine must create a paper copy of each vote recorded, and those paper copies must be kept secured for at least a year. 3) A verification audit by sampling shall be conducted within 90 days on a statistically significant level by professional auditors to compare the paper ballots of record with the results recorded and reported. One of the best ideas is that the software used to run voting machines be restricted to open source applications, whose code could be publicly examined. Another proposal that makes sense is that voting machines be required to run a certified malware detection software application before, during and after the voting process.”

  29. Atlantic: How Electronic Voting Could Undermine the Election (Aug. 29, 2016) “…computer-security experts think electronic voting is a very, very bad idea. For years, security researchers and academics have urged election officials to hold off on adopting electronic voting systems, worrying that they’re not nearly secure enough to reliably carry out their vital role in American democracy. Their claims have been backed up by repeated demonstrations of the systems’ fragility: When the District of Columbia tested an electronic voting system in 2010, a professor from the University of Michigan and his graduate students took it over from more than 500 miles away to show its weaknesses; with actual physical access to a voting machine, the same professor—Alex Halderman—swapped out its internals, turning it into a Pac Man console. Halderman showed that a hacker who has access to a machine before election day could modify its programming—and he did so without even leaving a mark on the machine’s tamper-evident seals…pure electronic voting is simply too dangerous: We must use paper, either directly filled out by the voter or as a voter verifiable paper audit trail…”

  30. FOX: Princeton Professor demonstrates how to hack a voting machine (Sept. 18, 2016) “I have demonstrated how to hack the AVC Advantage voting machines that we use in New Jersey... The touch screen voting machine, the type used in about ten states, can be tampered with... By simply swapping the machines computer chip for his own... I figured out how to make a slightly different computer program that just before the close of the polls, it shifts some votes around from one candidate to another. I wrote that computer program onto a memory chip like this and now to hack a voting machine, you have to get seven minutes alone with it, with a screwdriver.”

  31. Fortune: Watch This Security Researcher Hack a Voting Machine (Nov. 4, 2016) “Researchers at cybersecurity startup Cylance said they were able to hack into the Sequoia AVC Edge Mk1, used to count votes in states including California, Florida, and New Jersey, and change the final tally it produced. In Cylance's hacking demonstration, researchers were able to alter the memory of the machine as well as the paper trail it created to change vote counts and precinct records. To pull off the hack, the researchers slipped in a custom PC memory card that overwrote software embedded on the device. Cylance said it had notified Dominion Voting Systems (née Sequoia), the voting machine's maker, and government authorities about the threat.”

  32. Vox: Here’s how hackers can wreak havoc on Election Day (Nov. 7, 2016) “Voting machines are old and vulnerable, and voter databases are connected to the internet. Many voting machines are running software that’s over a decade old, like Windows XP, which Microsoft hasn’t issued a security patch for since 2014. Others store ballots on memory cards, which could be used to insert viruses that can cause the machines to malfunction or alter votes. Take the Sequoia AVC Edge, for example, which is used in 12 states. It was hacked by a group of academics who installed malware that made the machine unable to do anything but play Pac-Man... Across the country, state voter registration data is synced with the internet; the integration has allowed people to register online or at the DMV. But it also means those databases are vulnerable to hackers… In Indiana last month, a security researcher demonstrated how he was able to quickly break into the state’s database and edit people’s voter information. Last year, another researcher found 191 million hacked voter registration records sitting on an open database that apparently anyone could find.”

  33. PBS: Here’s how hackers might mess with electronic voting on Election Day (Nov. 8, 2016) “…vulnerabilities in electronic ballots, make hacking a major possibility on Election Day… Five states — New Jersey, Delaware, Georgia, Louisiana and South Carolina — will cast votes on digital systems without leaving a paper trail. The same applies to several jurisdictions in battleground states like Pennsylvania and Ohio. Cyber vulnerabilities exist in all of these locations. Most revolve around the age of the machines and their software. The Brennan Center report estimated 43 states will use voting machines in 2016 that are more than 10 years old. Many of these devices contain outdated software — think Microsoft Windows XP or older — without security updates. Meanwhile, the mainframes of other machines are guarded by easy-to-pick padlocks or by no barrier at all. With the kind of stealth and sophistication that’s already out there, why wouldn’t a nation-state, cyber-criminal gang or activist group go into election systems that are completely vulnerable?…much of this voting technology is proprietary, so forensic auditors couldn’t independently scrub for and detect malicious software, especially given such code might delete itself after Election Day… Some counties use devices that collect and calculate results at once, such as the AccuVote TS and TSX voting machines. But the software for these popular machines lack basic cybersecurity, like encryption or strong passwords. Marketplaces for voter registration data have sprouted on the Dark Web over the last year, according to an election hacking report from the ICIT. Prices vary, but one listing offered 0.5 Bitcoins ($300) for a single state’s database.”

  34. Slate: Now Is the Time to Replace Our Decrepit Voting Machines (Nov. 17, 2016) “With antiquated voting devices at the end of their projected lifespans still in widespread use across the country, the U.S. is facing an impending crisis in which our most basic election infrastructure is unacceptably vulnerable to breakdown, malfunction, and hacking. It’s not just an inconvenience. If the machinery of democracy is called into question, so are its foundations. In today’s hyperpartisan environment, such a scenario—or even unfounded accusations of a “rigged” election that gained postelection traction—would be far more contentious. Just imagine what it might be like in 2020. No one expects a laptop to run reliably for more than a decade. Yet on Election Day 2016, 42 states used voting machines that were at least 10 years old, and 13 of those states used ones more than 15 years old. Perhaps even more troubling, these aging machines are particularly vulnerable to hacking. Although the country has made important advances in securing our voting technology in recent years, these older devices often rely on unsupported software (we found machines still operating on Windows 2000) that doesn’t receive the regular security patches that help protect against modern methods of cyberattacks and hasn’t been through the relatively rigorous federal certification program that exists today. What’s more, many of these systems don’t have a physical paper trails or ballots to back up the results, meaning there’s no way to independently verify how voters intended to cast their ballots in the case of a suspected hack. Voters complained of touchscreen calibration errors that “flipped” votes in North Carolina, Texas, Nevada, and Georgia and interfered with selecting straight party tickets in Pennsylvania. Optical scan machines malfunctioned in parts of Michigan and Massachusetts, and a few in Illinois had to be replaced because a “memory card blew.”

  35. PBS: Recounts or no, U.S. elections are still vulnerable to hacking (Dec. 26, 2016) “Pennsylvania is one of 11 states where the majority of voters use antiquated machines that store votes electronically, without printed ballots or other paper-based backups that could be used to double-check the balloting. There’s almost no way to know if they’ve accurately recorded individual votes — or if anyone tampered with the count. More than 80 percent of Pennsylvanians who voted Nov. 8 cast their ballots on such machines, according to VotePA, a nonprofit seeking their replacement. A recount would, in the words of VotePA’s Marybeth Kuznik, a veteran election judge, essentially amount to this: “You go to the computer and you say, ‘OK, computer, you counted this a week-and-a-half ago. Were you right the first time?'” These paperless digital voting machines, used by roughly 1 in 5 U.S. voters last month, present one of the most glaring dangers to the security of the rickety, underfunded U.S. election system. Like many electronic voting machines, they are vulnerable to hacking. But other machines typically leave a paper trail that could be manually checked. The paperless digital machines open the door to potential election rigging that might not ever be detected. Researchers would like to see the U.S. move entirely to computer-scannable paper ballots, since paper can’t be hacked. Many advanced democracies require paper ballots, including Germany, Britain, Japan and Singapore. Wallach and his colleagues believe a crafty team of pros could strike surgically, focusing on select counties in a few battleground states where “a small nudge might be decisive,” he said…Vote-tallying systems, typically at the county level, are also tempting targets. They tend to be little more than PCs running a database. Tabulation databases at the county level, which collect results from individual precincts, are supposed to be “airgapped” or disconnected from the internet at all times — though experts say they sometimes get connected anyway. They’re considered insecure for other reasons; many have USB ports where malware could be introduced. Forty-three states use machines more than a decade old. Most run on vintage operating systems such as Windows 2000 that pre-date the iPhone and are no longer updated with security patches.”

  36. Politico: U.S. elections are more vulnerable than ever to hacking (Dec. 29, 2016) “America's political system will remain vulnerable to cyberattacks and infiltration from foreign and domestic enemies unless the government plugs major holes and commits millions of dollars in the coming years… Hackers even invaded two state voter registration databases, spurring an FBI alert that sparked questions about whether a broader attack was coming. As for Election Day itself, 15 states — including swing state Pennsylvania — still rely at least partly on electronic voting machines that leave no paper trail. That’s despite years of warnings from digital security specialists, who say the touch-screen machines are prone to being hijacked and would provide no effective way to disprove claims of digital vote tampering… Democrats like Lieu say Republicans are playing with fire, warning the GOP could be in Russia’s cross hairs come 2018. And have no doubt, he added, foreign hackers “could absolutely swing an election” if the U.S. fails to lock its doors.”

  37. ScientificAmerican: Our Voting System Is Hackable by Foreign Powers (March 1, 2017) “It is entirely possible for an adversary to hack American computerized voting systems directly and select the next commander in chief. A dedicated group of technically sophisticated individuals could steal an election by hacking voting machines in key counties in just a few states. Indeed, University of Michigan computer science professor J. Alex Halderman says that he and his students could have changed the result of the November election… It needn’t be a superpower like Russia or China. Even a medium-size country would have the resources to accomplish this, with techniques that could include hacking directly into voting systems over the Internet; bribing employees of election offices and voting-machine vendors; or just buying the companies that make the voting machines outright. It is likely that such an attack would not be detected, given our current election security practices... We need to audit computers by manually examining randomly selected paper ballots and comparing the results with machine results. Audits require a voter-verified paper ballot, which the voter inspects to confirm that his or her selections have been correctly and indelibly recorded. Since 2003 an active community of academics, lawyers, election officials and activists has urged states to adopt paper ballots and robust audit procedures…It is important that audits be performed on every contest in every election so that citizens do not have to request manual recounts to feel confident about election results. With high-quality audits, it is very unlikely that election fraud will go undetected, whether perpetrated by another country or a political party.”

  38. Politico: Will the Georgia Special Election Get Hacked? (June 14, 2017) “Logan Lamb decided he wanted to get his hands on a voting machine. A 29-year-old former cybersecurity researcher with the federal government’s Oak Ridge National Laboratory in Tennessee, Lamb, who now works for a private internet security firm in Georgia, wanted to assess the security of the state’s voting systems. When he learned that Kennesaw State University’s Center for Election Systems tests and programs voting machines for the entire state of Georgia, he searched the center’s website… Lamb found on the center’s website was a database containing registration records for the state’s 6.7 million voters; multiple PDFs with instructions and passwords for election workers to sign in to a central server on Election Day; and software files for the state’s ExpressPoll pollbooks — electronic devices used by pollworkers to verify that a voter is registered before allowing them to cast a ballot. There also appeared to be databases for the so-called GEMS servers. These Global Election Management Systems are used to prepare paper and electronic ballots, tabulate votes and produce summaries of vote totals. The files were supposed to be behind a password-protected firewall, but the center had misconfigured its server so they were accessible to anyone, according to Lamb. “You could just go to the root of where they were hosting all the files and just download everything without logging in,” Lamb says. The site was also using a years-old version of Drupal — content management software — that had a critical software vulnerability long known to security researchers. “Drupageddon,” as researchers dubbed the vulnerability, got a lot of attention when it was first revealed in 2014. It would let attackers easily seize control of any site that used the software. A patch to fix the hole had been available for two years, but the center hadn’t bothered to update the software, even though it was widely known in the security community that hackers had created automated scripts to attack the vulnerability back in 2014…King has long insisted that the machines are secure because they and the GEMS tabulation computers are never connected to the internet and because officials perform tests before, during and after elections to ensure that they perform properly and that only certified software is installed on them. But critics say the tests Georgia performs are inadequate and that the center has shown a pattern of security failures that can’t be dismissed. In addition to failing to install the 2-year-old patch on its server software, Georgia, testimony in the injunction hearing last week revealed, is still using a version of software on its touch-screen machines that was last certified in 2005. That voting software is running on the machines on top of a Windows operating system that is even older than this.”

  39. NPR: If Voting Machines Were Hacked, Would Anyone Know? (June 14, 2017) “U.S. officials are increasingly worried about how vulnerable American elections really are… But even if most voting machines aren't connected to the Internet, says cybersecurity expert Jeremy Epstein, "they are connected to something that's connected to something that's connected to the Internet."… A recently leaked National Security Agency report on Russian hacking attempts has heightened concerns. According to the report, Russian intelligence services broke into an election software vendor's computer system and used the information it gained to send 122 election officials fake emails infected with malicious software. Bloomberg News reported Tuesday that Russia might have attempted to hack into election systems in up to 39 states. University of Michigan computer scientist Alex Halderman says it's just the kind of phishing campaign someone would launch if they wanted to manipulate votes. "That's because before every election, the voting machines have to be programmed with the design of the ballots — what are the races, who are the candidates," says Halderman. He notes that the programming is usually done on a computer in a central election office or by an outside vendor. The ballot program is then installed on individual voting machines with a removable memory card. "So as a remote attacker, I can target an election management system, one of these ballot programming computers. If I can infect it with malicious software, I can have that malicious software spread to the individual machines on the memory cards, and then change votes on Election Day," says Halderman. He and computer security experts, such as Halderman, think the best solution is to make sure all voting machines have paper records to back up the electronic results. They say states should also conduct audits after every election to make sure the electronic results match the paper ones. About half the states already do some audits, but Norden says most are inadequate.”

  40. HuffPost: Good News For Russia: 15 States Use Easily Hackable Voting Machines (July 17, 2017) Touch-screen machines can be programmed to change votes and are nearly impossible to audit, computer experts say… Manufacturers like Diebold touted the touch-screens, known as direct-recording electronic (DRE) machines, as secure and more convenient than their paper-based predecessors. Computer experts were skeptical, since any computer can be vulnerable to viruses and malware, but it was hard to get ahold of a touch-screen voting machine to test it. The manufacturers were so secretive about how the technology worked that they often required election officials to sign non-disclosure agreements preventing them from bringing in outside experts who could assess the machines. In September 2006, they published a research paper and an accompanying video detailing how they could spread malicious code to the AccuVote TS to change the record of the votes to produce whatever outcome the code writers desired. And the code could spread from one machine to another like a virus. That was more than a decade ago, but Georgia still uses the AccuVote TS. The state is one of five ― the others are Delaware, Louisiana, New Jersey and South Carolina ― that rely entirely on DREs for voting. Ten other states use a combination of paper ballots and DRE machines that leave no paper trail. Many use a newer version of the AccuVote known as the TSX ― even though computer scientists have demonstrated that machine, too, is vulnerable to hacking. Others use the Sequoia AVC Advantage, which Princeton professor Andrew Appel demonstrated could be similarly manipulated in a 2007 legal filing. Appel bought a Sequoia machine online for $82 and demonstrated that he could remove 10 screws and easily replace the Sequoia’s memory card with a modified version that would alter the outcome of an election…Computer scientists like Halderman, Appel and Felten have been warning states about the risks of DRE machines for over a decade, urging them to replace touch-screen machines with paper ballots that can be read with an optical scanner and easily audited after an election. Paper ballots create a physical copy of the voter’s choice that can be checked against the results; with DRE machines, it’s impossible to verify whether the choice the person intended to select is, in fact, what the machine recorded.”

  41. Forbes: These Hackers Reveal How Easy It Is To Hack US Voting Machines (July 29, 2017) “One of the things we want to drive home is that these things are ultimately software-based systems and we know software-based systems have vulnerabilities, that just comes with the territory… The attack is remarkably simple-looking, even to non-technical eyes. First, he finds the Wi-Fi access point in the device, normally used to hook up to other systems on an election network. Using a tool called Wireshark, he was then able to grab the IP address of the device. Knowing that it ran an ancient version of Microsoft Windows, Schurmann ran a hacking tool called Metasploit, which exploited an old vulnerability that was never patched on the machine. And that was it: he had enough access to alter records. What made the attack particularly worrisome was that it was possible wirelessly. "You don't even need to get up for this to work," he tells Forbes, noting that he had previously practiced the attack ahead of time . "Now we can really change things as we're the admin.””

  42. CNET: Defcon hackers find it’s very easy to break voting machines (July 30, 2017) “When the password for a voting machine is "abcde" and can't be changed, the integrity of our democracy might be in trouble. The Advanced Voting Solutions WinVote machine, dubbed "America's worst voting machine," came equipped with this simple password even as it was used in some of the country's most important elections. AVS went out of business in 2007, but Virginia used its insecure machines until 2015 before dropping them for scrap metal. That means this vulnerable hunk of technology was used in three presidential elections, starting with George W. Bush's re-election in 2004 to Barack Obama's in 2012… "It's really just a matter of plugging your USB drive in for five seconds and the thing's completely compromised at that point," Synack co-founder Jay Kaplan said. "To the point where you can get remote access. It's very simple."… Once you're out of the voting program on the machine, it's just like any old Windows XP computer, Synack found.”

  43. CNN: We watched hackers break into voting machines (Aug. 11, 2017) “These are supposed to be the latest machines, they're still used in elections, and they're running ancient software. I think that if somebody wanted to, it would be pretty easy to fake an election…So if you are a voter in America, we're likely hacking the Machine that you vote on. There's a few dozen of these machines and also electronic poll books… We can go ahead and impact this log within 10 seconds you gain access to the operating system. We could actually remove this and clone this particular USB. We could go back and start looking at and reverse engineering what's on this image and determining the various ways that we can impact this particular operating system.”

  44. Intercept: The U.S. Election System Remains Deeply Vulnerable (Oct. 3, 2017) The Harvard report, titled “Voter Identity Theft: Submitting Changes to Voter Registrations Online to Disrupt Elections,” concludes that online attackers can alter voter registration information in as many as 35 states and the District of Columbia by buying personal information through either legitimate or illegitimate sources. Voter registration information is public, and many states allow citizens to make changes online, even if they registered in person or by mail. A determined hacker could buy voter lists from the 36 jurisdictions that allow online registration, and separately buy the personal information used to confirm a voter’s identification – such as Social Security or drivers’ license numbers – to get in and make changes. Voting software is another potential target for hackers. The Intercept has previously reported on a top-secret National Security Agency report detailing a cyberattack by a Russian intelligence agency on at least one U.S. voting software supplier. The attackers sent spear-phishing emails to more than 100 local election officials just days before the November election, according to the highly classified report that was provided anonymously to The Intercept.

  45. NYT: The Myth of the Hacker-Proof Voting Machine (Feb. 2, 2018) “Eckhardt and his colleagues concluded that the problem with the machines, made by Election Systems & Software (ES&S), was likely a simple calibration error. But the experts were alarmed by something else they discovered. Examining the election-management computer at the county’s office — the machine used to tally official election results and, in many counties, to program voting machines — they found that remote-access software had been installed on it. Remote-access software is a type of program that system administrators use to access and control computers remotely over the internet or over an organization’s internal network. Election systems are supposed to be air-gapped — disconnected from the internet and from other machines that might be connected to the internet. The presence of the software suggested this wasn’t the case with the Venango machine, which made the system vulnerable to hackers. Anyone who gained remote access to the system could use the software to take control of the machine. Logs showed the software was installed two years earlier and used multiple times, most notably for 80 minutes on November 1, 2010, the night before a federal election… In the 15 years since electronic voting machines were first adopted by many states, numerous reports by computer scientists have shown nearly every make and model to be vulnerable to hacking. The systems were not initially designed with robust security in mind, and even where security features were included, experts have found them to be poorly implemented with glaring holes… ES&S has in the past sometimes sold its election-management system with remote-access software preinstalled, according to one official; and where it wasn’t preloaded, the company advised officials to install it so ES&S technicians could remotely access the systems via modem, as Venango County’s contractor did, to troubleshoot and provide maintenance… An ES&S contract with Michigan from 2006 describes how the company’s tech support workers used remote-access software called pcAnywhere to access customer election systems. And a report from Allegheny County, Pennsylvania, that same year describes pcAnywhere on that county’s election-management system on June 2 when ES&S representatives spent hours trying to reconcile vote discrepancies in a local district race that took place during a May 16th primary. An Allegheny County election official told me that remote-access software came pre-installed on their ES&S election-management system… On election nights, many polling places around the country transmit voting results to their county election offices via modems embedded in or connected to their voting machines. Election officials and vendors insist that the modem transmissions are safe because the connections go over phone lines and not the internet. But as security experts point out, many of the modems are cellular, which use radio signals to send calls and data to cell towers and routers belonging to mobile carriers — Verizon, Sprint, AT&T. These routers are technically part of the internet. Even when analog (landline) modems are used instead of cellular ones, the calls still likely pass through routers, because phone companies have replaced much of their analog switching equipment in recent years with digital systems. Because of this, attackers could theoretically intercept unofficial results as they’re transmitted on election night — or, worse, use the modem connections to reach back into election machines at either end and install malware or alter election software and official results... To subvert machines via their modem connection, an attacker could set up a device known as an IMSI-catcher (or stingray, as they’re also called) near precincts or county election offices to intercept and alter vote tallies as they’re transmitted. IMSI-catchers — which law enforcement, militaries and spies use — impersonate legitimate cell towers and trick phones and other devices in their vicinity into connecting to them instead of legitimate towers. Alternatively, a hacker could subvert telecom routers to intercept and alter election results as they pass through telecom equipment. Like any other digital device, telecom routers have vulnerabilities, and they have become a prime target in recent years for nation-state hackers from Russia and other countries. ‘‘The incorrect assertion that voting machines or voting systems can’t be hacked by remote attackers because they are ‘not connected to the internet’ is not just wrong, it’s damaging,’’ says Susan Greenhalgh, a spokeswoman for the National Election Defense Coalition, an elections integrity group. ‘‘This oft-repeated myth instills a false sense of security that is inhibiting officials and lawmakers from urgently requiring that all voting systems use paper ballots and that all elections be robustly audited.’’…The top voting machine maker in the country, ES&S, distributes modems or modeming capability with many of its DRE and optical-scan machines. About 35,000 of ES&S’s newest precinct-based optical scanner, the DS200, are used in 31 states and the District of Columbia and can be outfitted with either analog or cellular modems to transmit results. Maryland, Maine, Rhode Island and the District of Columbia use only DS200 machines statewide (though they also use two other systems specifically for disabled voters and absentee ballots); Florida and Wisconsin use the DS200s in dozens of counties, and other states use them to lesser degrees. ES&S’s earlier model M100 optical scanners, which also can be equipped with modems, have long been used in Michigan — a critical swing state in the 2016 presidential election — though the state is upgrading to DS200 machines this year, as well as machines made by Dominion Voting Systems. Dominion’s machines use external serial-port modems that are connected to machines after an election ends. ”

  46. Slate: America's Voting Systems Are Highly Vulnerable to Hackers (Feb. 22, 2018) “Did Russia shift the election’s outcome by hacking registration rolls or voting machines? The fact is that it’s impossible to say. In September, the Department of Homeland Security informed officials in 21 states that Russians had hacked into their registration systems in the run-up to the election. Whether the hackers manipulated the rolls—removed names or switched their precincts—no one has investigated; perhaps no one could investigate, as so many months had passed before the hack was revealed… J. Alex Halderman a professor of computer science at the University of Michigan, testified that only a handful of vendors and contractors provide the equipment used in election machines. “Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters,” he said. “Furthermore, in close elections, decentralization can actually work against us. An attacker can probe different areas of the most important ‘swing states’ for vulnerabilities, find the areas that have the weakest protection, and strike there.” For the past decade, Halderman has run the “red teams”—the simulated attacker—in games to test the vulnerability of election machines. In those games, he testified, his team “could reprogram the machine to invisibly cause any candidate to win. We also created malicious software—vote-stealing code—that could spread from machine to machine like a computer virus, and silently change the election outcome…This month, the Center for American Progress released a study measuring the degree to which each of the 50 states meets these basic standards. The results were alarming. Paperless voting systems—touch screens with no paper backups—are still used in 14 states. Only 26 states require postelection audits. Forty-one states use database software that was created more than a decade ago—so long ago that the vendors no longer track vulnerabilities or send patches to the users. More distressing still, some of the worst laggards, by these measures, are battleground states. Florida gets an F, judged as “incomplete” or “unsatisfactory” on six of seven security metrics. Pennsylvania and Arizona get D’s. Iowa, Michigan, Nevada, Virginia, and Wisconsin get C’s. No state gets an A. Just 10 get B’s.”

  47. NYT: I Hacked an Election. So Can the Russians. (April 5, 2018) “After the chaos of the 2000 election, we were promised a modern and dependable way to vote,” Halderman says in the video. “I’m here to tell you that the electronic voting machines Americans got to solve the problem of voting integrity, they turned out to be an awful idea. That’s because people like me can hack them all too easily. Our highly computerized election infrastructure is vulnerable to sabotage and even to cyberattacks that could change votes. Halderman has testified before Congress on the issue. He says that while it’s promising that the Senate Intelligence Committee has recently shown some understanding of the problem, states must act too.”

  48. NewYorker: America Continues To Ignore Risks of Election Hacking (April 18, 2018) “America’s voting systems are hackable in all kinds of ways. As a case in point, in 2016, the Election Assistance Commission, the bipartisan federal agency that certifies the integrity of voting machines, and that will now be tasked with administering Congress’s three hundred and eighty million dollars, was itself hacked. The stolen data—log-in credentials of E.A.C. staff members—were discovered, by chance, by employees of the cybersecurity firm Recorded Future, whose computers one night happened upon an informal auction of the stolen passwords. Another case to consider: the Department of Homeland Security recently discovered a number of rogue cell-phone simulators—technical tools that are commonly called “Stingrays”—in Washington, D.C., and has been unable to identify who was operating them…As a pair of Princeton computer scientists, Andrew Appel and Kyle Jamieson, have pointed out, cell-phone simulators, which mimic legitimate cell towers, happen also to be handy and inexpensive vote-hacking devices. On the Freedom to Tinker blog, Appel and Jamieson have posted easy-to-follow diagrams showing how the transmission of voting information from polling places could be intercepted by a Stingray and surreptitiously altered before being sent on to its intended destination, a central tabulating computer. The voting machine that Appel and Jamieson picked to illustrate this hypothetical “man-in-the-middle” attack was the DS200, a popular optical-scan voting machine that reads marked paper ballots, made by a company called Election Systems & Software… as of 2015, forty-three states and the District of Columbia were using machines that are no longer in production. Some of these machines are so old that their operating systems can’t be patched when security flaws are found, and replacement parts must be scrounged up on eBay…Software vulnerabilities, unreliable tabulators, and unprotected memory cards have left voting systems open to exploitation ever since electronic machines were introduced.”

  49. Reuters: Old voting machines stir concerns among U.S. officials (May 31, 2018) “In 14 of the 40 most competitive races, Americans will cast ballots on voting machines that do not provide a paper trail to audit voters’ intentions if a close election is questioned… These include races in Pennsylvania, New Jersey, Texas, Florida, Kansas and Kentucky. Nationwide, of 435 congressional seats up for grabs, 144 are in districts where some or all voters will not have access to machines using paper records, the analysis shows… Most of the dozen-plus state and local election officials interviewed by Reuters said they worry about bad actors hacking the older electronic voting machines to alter ballots, and then being unable to verify the results because there will be no paper trail. But the officials worry most about voters losing trust in elections, because officials would not be able to visibly demonstrate that the tally was indeed accurate.”

  50. Axios: There's more than one way to hack an election (July 3, 2018) “Here are the systems at risk in the election process: voter registration systems, voter registration databases (which the voter registration process produces), voter records at polling places (known as poll books, which exist in both printed and electronic versions), voting machines (which capture the votes), vote tabulation (when the votes are tallied)… Many parts of election systems are at risk of being exposed to the internet — and thereby potentially being inappropriately accessed or meddled with — because of human error or bad security protocols. Here are some of the main points of risk: registration interfaces, voter registration databases, electronic poll books, printed poll books, voting machines, electronic vote tabulation, optical scan vote tabulation, election management systems.”

  51. Newsweek: Election Hacking: Voting-Machine Supplier Admits It Used Hackable Software Despite Past Denials (July 17, 2018) “Election Systems and Software (ES&S) told Democratic Senator Ron Wyden of Oregon in an April letter that has now been released, first reported by Vice News and later obtained by Newsweek, that the company provided election equipment with remote connection software to an unspecified number of states from 2000 to 2006. "Prior to the inception of the [Election Assistance Commission] testing and certification program and the subsequent requirement for hardening and at customer's request, ES&S provided pcAnywhere remote connection software on the [Election-Management System] workstation to a small number of customers between 2000 and 2006," wrote Tom Burt, ES&S president.”

  52. Salon: Remote-access allowed: Voting machine company admits installing vulnerable software (July 20, 2018) “A letter sent to Congress reveals that, between 2000 and 2006, one of America's top voting machine companies installed remote-access software in their products that made it possible for them to be manipulated by third parties. In the letter, Election Systems and Software admitted that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006." As The Verge notes, "pcAnywhere’s security vulnerabilities have been well-documented in the past": In 2006, hackers stole the source code for pcAnywhere and then stayed quiet until 2012, when a hacker published part of the code online. Symantec, which distributed pcAnywhere, knew vaguely of the theft back in 2006 but only spoke up about it after the code leaked, along with the warning that users should disable or uninstall the software. At the same time, security researchers studied pcAnywhere’s code and found a vulnerability that could let a hacker take control of a whole system and bypass the need to enter a password.”

  53. BBC: Hacking the US mid-terms? It's child's play (Aug. 11, 2018) “Bianca Lewis, 11, has many hobbies. She likes Barbie, video games, fencing, singing… and hacking the infrastructure behind the world’s most powerful democracy…She’s taking part in a competition organised by R00tz Asylum, a non-profit organisation that promotes “hacking for good”…Its aim is to send out a dire warning: the voting systems that will be used across America for the mid-term vote in November are, in many cases, so insecure a young child can learn to hack them with just a few minute’s coaching.”

  54. PBS: An 11-year-old changed election results on a replica Florida state website in under 10 minutes (Aug. 12, 2018) “An 11-year-old boy on Friday was able to hack into a replica of the Florida state election website and change voting results found there in under 10 minutes during the world’s largest yearly hacking convention, DEFCON 26, organizers of the event said. “These are very accurate replicas of all of the sites,” Sell told the PBS NewsHour on Sunday. “These things should not be easy enough for an 8-year-old kid to hack within 30 minutes, it’s negligent for us as a society.””

  55. Guardian: Why US elections remain 'dangerously vulnerable' to cyber-attacks (Aug. 13, 2018) “By mid-evening, Jon Ossoff, the leading Democrat, had 50.3% of the vote, enough to win outright without the need for a run-off against his closest Republican challenger. Then Marks noticed that the number of precincts reporting in Fulton County, encompassing the heart of Atlanta, was going down instead of up. Soon after, the computers crashed. Election officials later blamed a “rare error” with a memory card that didn’t properly upload its vote tallies. When the count resumed more than an hour later, Ossoff was suddenly down to 48.6% and ended up at 48.1%… Georgia’s 15-year-old all-electronic voting system was almost impossible to audit because it produced no independently verifiable paper trail to check against the computer-generated tallies. Cybersecurity experts have warned for years that malfeasance, technical breakdown or administrative incompetence could easily wreak havoc with electronic systems and could go largely or wholly undetected. “Virtually every American voter has come to understand that the nation’s election infrastructure is susceptible to malicious manipulation from local and foreign threats,” the suit reads. “Yet, Georgia’s election officials continue to defend the state’s electronic voting system that is demonstrably unreliable and insecure, and have repeatedly refused to take administrative, regulatory or legislative action to address the election security failures.””

  56. Guardian: Kids at hacking conference show how easily US elections could be sabotaged (Aug. 22, 2018) “The risk of a hacker casting the validity of an election into question through one of any number of other entry points is huge, and the actual difficulty of such an attack is child’s play. Literally. “The most vulnerable part of election infrastructure is the websites,” explained the security expert Jake Braun… Unlike a voting machine, Braun explains, websites represent a compelling target because they are, by their nature, connected to the internet 24/7. And, whether they are used for voter registration, online campaigning or announcing the results at the end of the election, they can be used to sow havoc…Armed with facsimiles of the websites of 13 battleground states and a child-friendly guide to basic hacking techniques, the kids were set loose on critical infrastructure – and proceeded to tear it apart… “The No 1 thing we found last year wasn’t a hack at all, it was the fact that we opened up the back of the machine, and of course, no surprise, all the parts are made across the world, especially China. “This isn’t conjecture, this isn’t my dystopian fantasy world, this is something we know they do … The fragmentation argument is absolute horseshit, because once you’re in the chips, you can hack whole classes of machines, nationwide, from the fucking Kremlin.”… The bad actor just needs to steal enough votes in a few counties in America’s battleground states – just enough to swing a close election…“I’ve only one conclusion,” said Schürmann: “Use paper and do your audits.””

  57. National Academies of Sciences, Engineering, Medicine: Securing The Vote (Sept. 6, 2018) “Elections should be conducted with human-readable paper ballots. Paper ballots form a body of evidence that is not subject to manipulation by faulty software or hardware and that can be used to audit and verify the results of an election. Human-readable paper ballots may be marked by hand or by machine (using a ballot-marking device), and they may be counted by hand or by machine (using an optical scanner), the report says. Voters should have an opportunity to review and confirm their selections before depositing the ballot for tabulation. Voting machines that do not provide the capacity for independent auditing – i.e., machines that do not produce a printout of a voter’s selections that can be verified by the voter and used in audits – should be removed from service as soon as possible.”

  58. CBS: Why voting machines in the U.S. are easy targets for hackers (Sept. 19, 2018) “Tens of thousands of voting machines in the United States are vulnerable to hacking. They have been successfully dismantled and attacked by security researchers for years to demonstrate their flaws. In 2017, at the annual Defcon hackers conference, one tech professor from the University of Copenhagen was able to penetrate an Advanced Voting Solutions machine in about 90 minutes. The attackers were able to access the administrator mode, allowing them to potentially alter voting data. At this year's conference, a group of hackers was able to crack one in 15 minutes. One hacker told CNET: "Should you be trusting your vote with these? I don't think so." "They're running Windows. They have USB ports. They're actual computers and are very susceptible to attacks," says Cris Thomas, the global strategy lead for IBM's X-Force cybersecurity team.” Optical scan ballot machines are vulnerable to hacking — all electronic devices are — but most cybersecurity experts are more concerned with electronic machines. Voting results are stored on the machine's internal storage. If the voting data is not encrypted or improperly configured, with little effort a bad actor could access the memory and alter the voting results… The results go from [the voting machine] into a piece of electronics that takes it to the central counting place. That data is not encrypted and that's vulnerable for manipulation.”

  59. NYT: The Crisis of Election Security (Sept. 26, 2018) The Illinois intruders had quietly breached the network in June and spent weeks conducting reconnaissance. After alighting on the state’s voter-registration database, they downloaded information on hundreds of thousands of voters…In early August, Jenkins learned of another breach, this one on an Arizona state website, and it appeared to come from one of the same I.P. addresses that had been used to attack Illinois. This time, the intruders installed malware, as if setting the stage for further assault. Then reports from other states began to pour in, saying that the same I.P. addresses appeared to be probing their voter-registration networks…Internet voting, they learned, was the least of their concerns; the real problems were the machines used to cast and tally votes and the voter-registration databases the Russians had already shown interest in hacking. The entire system — a Rube Goldberg mix of poorly designed machinery, from websites and databases that registered and tracked voters, to electronic poll books that verified their eligibility, to the various black-box systems that recorded, tallied and reported results — was vulnerable…They don’t address core vulnerabilities in voting machines or the systems used to program them. And they ignore the fact that many voting machines that elections officials insist are disconnected from the internet — and therefore beyond the reach of hackers — are in fact accessible by way of the modems they use to transmit vote totals on election night. Add to this the fact that states don’t conduct robust postelection audits — a manual comparison of paper ballots to digital tallies is the best method we have to detect when something has gone wrong in an election — and there’s a good chance we simply won’t know if someone has altered the digital votes in the next election…How did our election system get so vulnerable, and why haven’t officials tried harder to fix it? The answer, ultimately, comes down to politics and money: The voting machines are made by well-connected private companies that wield immense control over their proprietary software, often fighting vigorously in court to prevent anyone from examining it when things go awry. In Ohio in 2004, for example, where John Kerry lost the presidential race following numerous election irregularities, Kerry’s team was denied access to the voting-machine software. “We were told by the court that you were not able to get that algorithm to check it, because it was proprietary information,” Kerry recalled in a recent interview on WNYC’s “Brian Lehrer Show.” He was understandably rueful, arguing how wrong it was that elections are held under “the purview of privately owned machines, where the public doesn’t have the right to know whether the algorithm has been checked or whether they’re hackable or not. And we now know they are hackable.”…There are roughly 350,000 voting machines in use in the country today, all of which fall into one of two categories: optical-scan machines or direct-recording electronic machines. Each of them suffers from significant security problems. With optical-scan machines, voters fill out paper ballots and feed them into a scanner, which stores a digital image of the ballot and records the votes on a removable memory card. The paper ballot, in theory, provides an audit trail that can be used to verify digital tallies. But not all states perform audits, and many that do simply run the paper ballots through a scanner a second time. Fewer than half the states do manual audits, and they typically examine ballots from randomly chosen precincts in a county, instead of a percentage of ballots from all precincts. If the randomly chosen precincts aren’t ones where hacking occurred or where machines failed to accurately record votes, an audit won’t reveal anything — nor will it always catch problems with early-voting, overseas or absentee ballots, all of which are often scanned in county election offices, not in precincts. Direct-recording electronic machines, or D.R.E.s, present even more auditing problems. Voters use touch screens or other input devices to make selections on digital-only ballots, and votes are stored electronically. Many D.R.E.s have printers that produce what’s known as a voter-verifiable paper audit trail — a scroll of paper, behind a window, that voters can review before casting their ballots. But the paper trail doesn’t provide the same integrity as full-size ballots and optical-scan machines, because a hacker could conceivably rig the machine to print a voter’s selections correctly on the paper while recording something else on the memory card. About 80 percent of voters today cast ballots either on D.R.E.s that produce a paper trail or on scanned paper ballots. But five states still use paperless D.R.E.s exclusively, and an additional 10 states use paperless D.R.E.s in some jurisdictions…More than a dozen companies currently sell voting equipment, but a majority of machines used today come from just four — Diebold Election Systems, Election Systems & Software (ES&S), Hart InterCivic and Sequoia Voting Systems. Diebold (later renamed Premier) and Sequoia are now out of business. Diebold’s machines and customer contracts were sold to ES&S and a Canadian company called Dominion, and Dominion also acquired Sequoia. This means that more than 80 percent of the machines in use today are under the purview of three companies — Dominion, ES&S and Hart InterCivic. Many of the products they make have documented vulnerabilities and can be subverted in multiple ways. Hackers can access voting machines via the cellular modems used to transmit unofficial results at the end of an election, or subvert back-end election-management systems — used to program the voting machines and tally votes — and spread malicious code to voting machines through them. Attackers could design their code to bypass pre-election testing and kick in only at the end of an election or under specific conditions — say, when a certain candidate appears to be losing — and erase itself afterward to avoid detection. And they could make it produce election results with wide margins to avoid triggering automatic manual recounts in states that require them when results are close. Hackers could also target voting-machine vendors and use this trusted channel to distribute their code. Last year a security researcher stumbled across an unsecured ES&S server that left passwords exposed for its employee accounts. Although the passwords were encrypted, a nation-state with sufficient resources would most likely be able to crack them, the researcher noted. Since ES&S creates ballot-definition files before each election for some customers — the critical programming files that tell machines how to apportion votes based on a voter’s screen touch or marks on a paper ballot — a malicious actor able to get into ES&S’s network could conceivably corrupt these files so machines misinterpret a vote for Donald Trump, say, as one for his opponent, or vice versa. The Department of Homeland Security, the intelligence community and election officials have all insisted that there is no evidence that Russian hackers altered votes in 2016. But the truth is that no one has really looked for evidence. Intelligence assessments are based on signals intelligence — spying on Russian communications and computers for chatter or activity indicating that they altered votes — not on a forensic examination of voting machines and election networks. “We should always be careful to point out that there hasn’t been any evidence that votes were changed in any election in this way, and that’s a true fact,” said Matt Blaze, a computer-science professor at the University of Pennsylvania and a voting-machine-security expert. “It’s just less comforting than it might sound at first glance, because we haven’t looked very hard.” Even if experts were to look, it’s not clear what they would find, he added. “It’s possible to do a pretty good job of erasing all the forensic evidence.”…Deborah Tannenbaum had a front-row seat for what occurred that night. A Democratic Party field director in Florida, she refreshed her web browser frequently as returns came in from around the county. At 10 p.m., Al Gore was ahead in Volusia, with 83,000 votes to George W. Bush’s 62,000. Things were going well for Gore across the state, and exit polls projected a six-point lead for him. But then something changed. “I had stepped out, and one of the assistants came, and he’s just like, ‘I need you to come here and verify the numbers,’ ” Tannenbaum recalled. When she looked at the county’s website, Gore’s total had dropped 16,000 votes. Tannenbaum called the county election office, alarmed. “I don’t know what’s going on down there, but you can’t take away votes!” she said. The mysterious drop would later be traced to Precinct 216, a community center in DeLand, where Gore’s total was showing negative 16,022 votes. It wasn’t the only mathematical absurdity in the tally. A Socialist Workers Party candidate named James Harris had 9,888 votes. But the DeLand precinct had only 585 registered voters, and only 219 of them cast ballots at the center that day. Volusia officials blamed the mishap on a faulty memory card. The county used optical-scan machines made by Global Election Systems (a Canadian company later acquired by Diebold and renamed Diebold Election Systems), which the county had used since 1996. When the election ended, poll workers were supposed to transmit results to the county election office via modem; but the transmission failed, so a worker drove the memory card in, where officials inserted it directly into the election-management system to tally results. Logs for that computer, however, showed two memory cards for Precinct 216 inserted, an hour apart. The vote totals went haywire after the second card was loaded. Beyond the mystery of the two cards, there was another problem with this explanation. A faulty memory card should produce an onscreen error message or cause a computer to lock up, not alter votes in one race while leaving others untouched. And what kind of faulty card deleted votes only for Gore, while adding votes to other candidates?…Despite this proliferation of voting-machine problems, the industry was expanding its reach and control, even as it was concentrating power into fewer hands. By 2010, ES&S was so big — it had bought Diebold’s election division and controlled more than 70 percent of the market — that the Justice Department filed an antitrust suit and required it to sell off some of its assets. Many election officials, baffled by the new technology and unable to hire dedicated I.T. staff, purchased complete suites of election services from vendors, services that in some cases included programming ballot-definition files for voting machines and assisting with tabulation. It became common to see voting-machine employees or their local contractors in election offices before, during and after elections, and in some cases even working in election offices full time. ES&S, for instance, even installed remote-access software and modems on election-management systems to gain remote access to them from its Nebraska headquarters to troubleshoot when things went wrong. And when things did go wrong with machines, it was often the vendor who investigated and supplied the explanation that was fed to the news media and the public.

  60. Politico: Attack on commonly used voting machine could tip an election (Sept. 27, 2018) “A malicious hacker could alter the outcome of a U.S. presidential election by taking advantage of numerous flaws in one model of vote-tabulating machine used in 26 states, cybersecurity experts warned in a report presented Thursday at the Capitol… The biggest flaw in the process we found is, even when we identify flaws, they don't get fixed… The report says an attacker could remotely gain access to the Model 650 tabulating machine manufactured by Election Systems and Software, one of the country's largest sellers of voting equipment, by exploiting numerous vulnerabilities in the unit. Researchers also said this model has an unpatched vulnerability that the manufacturer was notified about a decade ago… The event organizers said the Model 650 vote-tabulation vulnerabilities are especially problematic because states use the machines to processes ballots for entire counties. "[H]acking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election," the report says.”

  61. WSJ: Voting Machine Used in Half of U.S. Is Vulnerable to Attack (Sept. 27, 2018) “Election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack, according to a report to be delivered Thursday on Capitol Hill. The issue was found in the widely used Model 650 high-speed ballot-counting machine made by Election Systems & Software LLC, the nation’s leading manufacturer of election equipment. It is one of about seven security problems in several models of voting equipment described in the report, which is based on research conducted last month at the Def Con hacker conference. The flaw in the ES&S; machine stood out because it was detailed in a security report commissioned by Ohio’s secretary of state in 2007, said Harri Hursti, an election-security researcher who co-wrote both the Ohio and Def Con reports. “There has been more than plenty of time to fix it,” he said…Earlier this month, the National Academies of Sciences, Engineering, and Medicine recommended U.S. states move away from voting machines that don’t include paper ballots…Election security researchers and politicians aren’t convinced ES&S; is doing enough. The company hasn’t adopted common internet security standards that secure against phishing attacks and make it harder to intercept messages, according to staffers for Sen. Ron Wyden (D., Ore.).”

  62. CNN: Hackers Bring Stark Warning About Election Security (Sept. 27, 2018) “The vulnerabilities in America’s voting systems are “staggering,” a group representing hackers warned lawmakers on Capitol Hill on Thursday – just over a month before the midterm elections. The hacking group claims they were able to break into some voting machines in two minutes and that they had the ability to wirelessly reprogram an electronic card used by millions of Americans to activate a voting terminal to cast their ballot. “This vulnerability could be exploited to take over the voting machine on which they vote and cast as many votes as the voter wanted,” the group claims in the report…A voting tabulation machine the group says is used in more than two dozen states is vulnerable to be remotely hacked, they said, claiming, “hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election.”

  63. Wired: Voting Machines Are Still Absurdly Vulnerable to Attacks (Sept. 28, 2018) “A new report details dozens of vulnerabilities across seven models of voting machines—all of which are currently in use…The report details vulnerabilities in seven models of voting machines and vote counters, found during the DefCon security conference's Voting Village event. All of the models are in active use around the US, and the vulnerabilities—from weak password protections to elaborate avenues for remote access—number in the dozens…"We didn't discover a lot of new vulnerabilities," says Matt Blaze, a computer science professor at the University of Pennsylvania and one of the organizers of the Voting Village, who has been analyzing voting machine security for more than 10 years. "What we discovered was vulnerabilities that we know about are easy to find, easy to reengineer, and have not been fixed over the course of more than a decade of knowing about them. And to me that is both the unsurprising and terribly disturbing lesson that came out of the Voting Village."…One device, the "ExpressPoll-5000," has root password of "password." The administrator password is "pasta."… Many of the machines participants analyzed during the Voting Village run software written in the early 2000s, or even the 1990s. Some vulnerabilities detailed in the report were disclosed years ago and still haven't been resolved. In particular, one ballot counter made by Election Systems & Software, the Model 650, has a flaw in its update architecture first documented in 2007 that persists. Voting Village participants also found a network vulnerability in the same device—which 26 states and the District of Columbia all currently use.”

  64. JenniferCohn: The genesis of America’s corrupted computerized election system (Oct. 10, 2018) “From 2002 until 2009, two voting machine vendors dominated United States elections: Diebold Election Systems (renamed “Premier in 2007) and Election Systems & Software (“ES&S”)…In 2009, Diebold Inc. sold its elections division, Diebold Election Systems, to ES&S…In 2010, the Department of Justice filed an anti-trust suit against ES&S & forced it to divest, stating that the combined company (ES&S + Diebold) provided more than 70 % of US voting equipment. Later that year, Diebold purportedly dissolved and its assets were split between ES&S and Dominion Voting, which was at that time a relatively unknown Canadian company. The same year, Dominion bought Sequoia (20% of US voting equipment) as well…Two brothers from Nebraska, Bob and Todd Urosevich, founded ES&S in the late 1970’s under the name DataMark. Per the Omaha Herald, the Urosevich Brothers received funding in 1979 from billionaire William Ahmanson and changed the company name from DataMark to American Information Systems (“AIS”), which was the precursor of ES&S…Thus, the voting machine giants known as ES&S and Diebold (later renamed Premier) both have direct ties to the Urosevich brothers (though Bob has apparently retired).”

  65. Slate: Can Paper Ballots Save Our Democracy? (Oct. 10, 2018) “Just stole an election at @VotingVillageDC. The machine was an AccuVote TSX used in 18 states, some with the same software version. Attackers don't need physical access--we showed how malicious code can spreads from the election office when officials program the ballot design… Though the context was lighthearted, what Halderman really demonstrated is staggeringly serious: that these kinds of direct-recording electronic voting machines—ones that will still be in use in many states come November—are not secure from remote hacking. The Center for American Progress recently released a study that highlighted that 42 states use electronic voting machines with software a decade old or more that leaves them especially vulnerable to hacking and malware. What’s more, five states rely solely on machines that leave no paper trail, and another 10 will use them in at least some districts. These paperless voting machines are especially problematic because even if such a machine were known or suspected to have been hacked, there’s no physical backup ballot to check it against—and therefore no way to determine for certain whether the vote an individual cast matched with the vote that the machine recorded. Worse still, some of the states with the poorest voting-system security are also electoral heavyweights, including Georgia, Texas, Pennsylvania, and Florida…A growing number of voting-rights advocates and cybersecurity experts—among them organizations like the National Academies of Sciences, Engineering, and Medicine and Verified Voting—feel that the way forward is in a return to the past: paper ballots.”

  66. NYT: America's Elections Could Be Hacked. Go Vote Anyway (Oct. 19, 2018) In the months before the 2016 presidential election, Russian hackers tried to infiltrate voting systems in dozens of states. They succeeded in at least one, gaining access to tens of thousands of voter-registration records in Illinois. In April, the nation’s top voting machine manufacturer told Senator Ron Wyden of Oregon that it had installed remote-access software on election-management systems that it sold from 2000 to 2006. Senator Wyden called it “the worst decision for security short of leaving ballot boxes on a Moscow street corner.” At a hacking convention last summer, an 11-year-old boy who had been coached on finding the vulnerabilities in a mock-up of Florida’s state election website broke into the fake site and altered the vote totals recorded there. It took him less than 10 minutes…America’s voting systems, like all large and complex computerized systems, are highly vulnerable to cyberattack — whether by altering or deleting voter-registration data, or even by changing vote counts. “The vast majority of technical infrastructure for our voting is absolutely, without doubt, woefully insecure,” said Matt Blaze, a University of Pennsylvania computer-science professor who studies voting machine security. Both of the primary methods by which Americans cast their ballots — optical-scan machines and touch-screen monitors — can be tampered with fairly easily…One, provide a paper trail for every vote. Hackers work most effectively in the dark, so they love voting machines that produce no paper verification. Currently, five states — Delaware, Georgia, Louisiana, New Jersey and South Carolina — run their elections entirely on paperless touch-screen machines. But all five states are considering a switch back to paper ballots in time for 2020. In this year’s midterms, 19 states and Washington, D.C., will use only paper ballots. Two, audit the vote. The best way to do this is known as a risk-limiting audit, which means comparing the digital tally to a manual count of a randomized sample of paper ballots. This type of audit can identify voting tabulation errors resulting from either malicious attacks or software failures.

  67. Vox: The hacking threat to the midterms is huge. (Oct. 25, 2018) “The DHS’s prized pig is the “Albert” sensor, an ungainly gray box that attaches itself, koala-like, to a server rack and monitors incoming online traffic in real time — then sends alerts to a team of analysts sitting in the Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC) facility in Albany, New York. Forty-one states had installed Alberts into their election-related IT infrastructure as of mid-September. Sixty-eight counties had had one installed, too. Masterson and DHS officials tell Vox that 1,300 local jurisdictions and all 50 state governments are participants in its continuous threat-sharing program with EI-ISAC. Yet these figures also show the vast extent of the challenge. If 21 states receive risk-and-vulnerability assessments, that means by Election Day, the majority won’t. Eighty-eight counties receiving remote hygiene scans means that roughly 2,900 aren’t. And boasting of 1,300 local jurisdictions that have signed on for federal monitoring also means that roughly nine out of 10 of these localities in the US have opted out of a free, vital program…On a scale of 1 to 10, with 10 being the Pentagon’s [security measures], elections have probably moved from a 2 to a 3…They laid out a number of scenarios that could exploit vulnerable election infrastructure: names deleted from voter registration databases; e-pollbooks that send voters to the wrong precinct; malware that corrupts ballot-definition files for machines or software that governs vote tabulation, before it’s installed in various counties and precincts; or corrupted public-facing websites to announce a false winner on election night…These private companies “represent an enticing target [f]or malicious cyber actors,” according to the Senate Intelligence report. Yet the report admits that state and federal authorities continue to “have very little insight into the cybersecurity practices of many of these vendors…Today, the American elections industry today is dominated by three companies: Dominion, Hart InterCivic, and, the largest, Election Systems and Software (ES&S). If you voted in the past 10 years, the chances are good that you used these machines (92 percent of voters do), or the myriad supportive technology required to stage an election… Much of the criticism has been directed at digital voting machines, called DREs. But election offices have become increasingly digital in other, less obvious ways: Adopting e-pollbooks; hauling voter registration information into state-run or third-party databases; proffering all-in-one election management suites, which program the machines and tabulate the outcomes; and building internet-based services for voters, like the precinct tally program in Knox County…One machine that came out of this process, built by Diebold, infamously was found to have a hard-coded encryption key identical to every machine, a basic security flaw…But other experts say this insistence overlooks the sophistication of nation-state attackers, who can find other creative methods for intrusion — infected USB drives, modem access, remote-access software — or, of course, infiltrating the company networks themselves, engineering direct upload malware through regular software updates…Public security audits of election technology are rare; the last major ones, commissioned by California and Ohio in 2007, were scathing. And the companies have often seemed committed to avoiding them, with one even threatening Princeton University researchers with lawsuits…In a public statement, Sen. Kamala Harris’s (D-CA) office called it “unacceptable that ES&S continues to dismiss the very real security concerns that Def Con raised.”…Two of the three largest vendors, ES&S and Hart, are owned by private equity companies whose agendas are unclear; Dominion’s headquarters isn’t even American, but Canadian… Many of the vulnerabilities election vendors have patched were previously unknown to them, instead pointed out by others. Earlier this year, security consultants flagged a “Client Web Portal” page for Dominion Voting that lacked SSL encryption. And last year, ES&S unwittingly exposed data for roughly 1.8 million Illinois voters on an Amazon server it controlled, a breach that included ES&S employee’s passwords — encrypted, but potentially crackable by an advanced adversary.”

  68. Forbes: Threats Obvious, But Electronic Voter Systems Remain Insecure (Nov. 1, 2018) “So far, government officials have repeatedly said there is “no evidence” of any malicious tampering with vote counts in previous elections. But, as Matt Blaze, computer-science professor at the University of Pennsylvania and a voting-machine-security expert told the New York Times just a week ago, that lack of evidence is “less comforting than it might sound at first glance, because we haven’t looked very hard.” And even if experts did look very hard, “It’s possible to do a pretty good job of erasing all the forensic evidence,” he said.” Beyond that, as the Associated Press noted earlier this week, the top three vendors of electronic voting systems – ES&S of Omaha, Nebraska; Dominion Voting Systems of Denver and Hart InterCivic of Austin, Texas, which collectively control more than 80% of the market – tenaciously resist transparency. They won’t allow open-ended vulnerability testing by independent, white-hat hackers, and won’t make public the results of any testing they have commissioned themselves. Two of the three won’t even say who’s doing the testing… Indeed, here’s a list of just some of the things that experts told both AP and The New York Times that malicious or hostile actors could do: Alter or erase lists of registered voters. Secretly introduce software to flip votes. - Scramble tabulation systems. Knock results-reporting sites offline. Erase all recorded votes at the end of voting. Delete voter names from the voter roll and electronic poll book. Rig DREs to print a voter’s selections correctly on the paper while recording something else on the memory card. Access voting machines via the cellular modems used to transmit unofficial results at the end of an election. Subvert back-end election-management systems – used to program the voting machines and tally votes – and spread malicious code to voting machines through them. Design code to bypass preelection testing and kick in only at the end of an election or under specific conditions – perhaps when a certain candidate appears to be losing – and erase itself afterward. Make it produce results with wide margins to avoid triggering automatic manual recounts in states that require them in close elections. Given all that, should voters trust that their votes will be counted, and counted accurately?…Voting machines are terrible in every way: the companies that make them lie like crazy about their security, insist on insecure designs, and produce machines that are so insecure that it’s easier to hack a voting machine than it is to use it to vote.”

  69. SciAmerican: The Vulnerabilities of Our Voting Machines (Nov. 1, 2018) “A few weeks ago computer scientist J. Alex Halderman rolled an electronic voting machine onto a Massachusetts Institute of Technology stage and demonstrated how simple it is to hack an election…Halderman, among others, has warned our “outmoded and under-tested” electronic voting systems are increasingly vulnerable to attacks…what’s happening in Texas is another warning sign of aging machines not functioning well, which makes them fertile ground for vote-stealing attacks. Ultimately—whether scenarios like the one in Texas stem from glitchy software, defective machinery or an adversarial hack—one outcome is a loss of confidence in our election process…As paperless computer voting machines were being introduced, there were many computer scientists who—before anyone had even studied one of these machines directly—were saying, “This just isn’t a good idea to have elections be conducted by, essentially, black box technology.”…The voting machines themselves have received much, much, much less scrutiny post-2016 from intelligence and defensive sides—as far as we know in the public sphere anyway. To my knowledge, no state has done any kind of rigorous forensics on their voting machines to see whether they had been compromised…One possibility is that attackers could infiltrate what are called election-management systems. These are small networks of computers operated by the state or the county government or sometimes an outside vendor where the ballot design is prepared…There’s a programming process by which the design of the ballot—the races and candidates, and the rules for counting the votes—gets produced, and then gets copied to every individual voting machine. Election officials usually copy it on memory cards or USB sticks for the election machines. That provides a route by which malicious code could spread from the centralized programming system to many voting machines in the field. Then the attack code runs on the individual voting machines, and it’s just another piece of software. It has access to all of the same data that the voting machine does, including all of the electronic records of people’s votes So how do you infiltrate the company or state agency that programs the ballot design? You can infiltrate their computers, which are connected to the internet. Then you can spread malicious code to voting machines over a very large area. It creates a tremendously concentrated target for attack.”

  70. NYT: The Election Has Already Been Hacked (Nov. 3, 2018) A recent poll shows that 46 percent of the American electorate do not think their votes will be counted fairly, and about a third think it is likely that a foreign country will tamper with the results…The actual problems in the electoral infrastructure are considerable. For example, just three companies produce all the voting machines. Such centralization would be dangerous even if the machines weren’t so vulnerable — which, unfortunately, they are…Yes, Georgia is running its election on old Windows 2000 machines (so old that Microsoft no longer supports the operating system for security updates), with no means of voter verification, audits or recounts…Recently, the National Academies of Sciences, Engineering and Medicine released a comprehensive study, “Securing the Vote,” which offers extensive practical recommendations. Luckily, fewer and fewer electronic voting machines remain in use around the country; they should be replaced with optical-scan ballots. Meaningful audit processes should be instituted nationwide. States need federal money to upgrade their voting machines, train their poll workers and secure and upgrade their pollbooks (which maintain voter identification information).

  71. NYBooks: Voting Machines: What Could Possibly Go Wrong? (Nov. 5, 2018) Elections Systems & Software, LLC, and Dominion Voting, account for about 80 percent of US election equipment. A third company, Hart Intercivic, whose e-slate machines have recently been reported to be flipping early votes in the current Senate race in Texas between Beto O’Rourke and Ted Cruz, accounts for another 11 percent. The enormous reach of these three vendors creates an obvious vulnerability and potential target for a corrupt insider or outside hacker intent on wreaking havoc. These vendors supply three main types of equipment that voters use at the polls: optical or digital scanners for counting hand-marked paper ballots, direct record electronic (usually touchscreen) voting machines, and ballot-marking devices that generate computer-marked paper ballots or “summary cards” to be counted on scanners. Contrary to popular belief, all such equipment can be hacked via the Internet because all such equipment must receive programming before each election from memory cards or USB sticks prepared on the county’s election management system, which connects to the Internet. Thus, if an election management system is infected with malware, the malware can spread from that system to the memory cards and USB sticks, which then would transfer it to all voting machines, scanners, and ballot-marking devices in the county. Malicious actors could also attack election management systems via the remote access software that some vendors have installed in these systems. ES&S, which happens to have donated more than $30,000 to the Republican State Leadership Council since 2013, admitted earlier this year that it has installed remote access software in election management systems in 300 jurisdictions, which it refuses to identify. The memory cards or USB sticks used to transfer the pre-election programming from the election management system to the voting machines, scanners, and ballot-marking devices constitute another potential attack vector. In theory, the person who distributes those cards or USB sticks to the precincts could swap them out for cards containing a vote-flipping program. Memory cards are also used in the reverse direction—to transfer precinct tallies from the voting machines and scanners to the election management system’s central tabulator, which aggregates those tallies. Problems can occur during this process, too. During the 2000 presidential election between George W. Bush and Al Gore, for example, a Global/Diebold machine in Volusia County, Florida, subtracted 16,000 Gore votes, while adding votes to a third-party candidate. The “Volusia error,” which caused CBS news to call the race prematurely for Bush, was attributed to a faulty memory card, although election logs referenced a second “phantom” card as well. As noted recently in the New York Times Magazine, questions from this disturbing episode remain unanswered, such as “[W]hat kind of faulty card deleted votes only for Gore, while adding votes to other candidates?”…Further complicating matters, some jurisdictions transfer results from the precincts to the central tabulators via cellular modems. ES&S has recently installed such cellular modems in Wisconsin, Florida, and Rhode Island. Michigan and Illinois transfer results via cellular modem as well. According to Computer Science Professor Andrew Appel of Princeton University, these cellular modems could enable a malicious actor to intercept and “alter vote totals as they are uploaded” by setting up a nearby cell phone tower (similar to the Stingray system used by many police departments. After precinct tallies are sent by memory card or modem to the central tabulators, a memory card or flash drive transfers the aggregated totals from the central tabulators to online reporting systems, creating another hacking opportunity. Central scanners, which are used to count absentee ballots and paper ballots from polling places that lack precinct-based scanners, are also vulnerable. As a video produced by the Emmy award-winning journalist and filmmaker Lulu Friesdat has demonstrated, the ES&S 650 central scanner, which is used in twenty-four states, can be rigged to flip votes within one minute of direct access… The most worrisome aspect of all these various vulnerabilities is that—should they be exploited—we will be unable to prove whether and to what extent they have affected the outcome of an election.”

  72. GQ: How to Hack an Election (Nov. 5, 2018) “Simply put, computer code can be corrupted, and in ways that are not readily, if ever, apparent. And most anything connected to the Internet can be hacked ("I can't wait for people to find out they can be hacked through their refrigerators," Schneider says), and that hacking can be done from a safe, anonymous remove. Nor does it necessarily matter if the voting machines themselves are offline: Unless the isolation is absolute and perpetual, clever attackers can figure out how to jump the air gap. And because it's physically easier to infect a fleet of computers with a spreading virus than it is to break the counting gears of 10,000 mechanical machines, fraud can be scaled up, and dramatically. Halderman hacked his first voting machine in 2006, when he was still a Ph.D. student at Princeton and a professor recruited him to study a DRE he'd bought online. It took months to reverse-engineer the machine and probe its vulnerabilities, but after that, the actual hacking required only a few minutes. In 2010, working with a colleague and a few of his students, he built a circuit board that could be swapped in for the original in the DREs then being used in India, the world's largest democracy. For a more clandestine and less hardware-intensive approach, he also built a small device that could be attached to one of the DRE's chips with an alligator clip and change all the votes. Halderman, in fact, has found vulnerabilities in every machine he's studied. There are two main types—DREs and optical scanners, which collect data from marked ballots fed into them—and they're all vulnerable. Moreover, none of the machines need to be opened up: All of them can be corrupted with code slipped in via a memory card or other portable media.”

  73. Salon: Philly ignores cybersecurity and disability access in voting system selection (Feb. 16, 2019) “The consensus opinion among independent cybersecurity election experts, who recommend hand-marked paper ballots (counted on scanners or by hand) for most voters, not ballot-marking devices… The expert consensus among independent cybersecurity experts specifically cautions against universal use of machine-marked paper summary cards from ballot-marking devices like ExpressVote XL, which some election officials and voting system analysts misleadingly call “voter-marked paper ballots.” (There is no universal definition of “paper ballot,” which is what allows them to do this.) The National Election Defense Coalition and Verified Voting, two nonpartisan election integrity nonprofits, likewise recommend hand-marked paper ballots as a primary voting system, as opposed to machine-marked so-called “paper ballots” from ballot-marking devices…A recent study shows that most voters don’t review the machine-marked printouts generated by ballot-marking devices, even when instructed to do so. Often, voters who do undertake such a review fail to catch inaccuracies. This means if the ExpressVote XL were secretly programmed or hacked to change the voters’ selections as reflected on the paper printout, it is likely that most voters would not notice the difference. The same would be true of unintentional programming “glitches.”…In addition, the machine-marked printouts from the ExpressVote XL include barcodes that purport to encapsulate the voter’s selections. These barcodes, which humans can’t read and verify, are the only portion of the so-called “paper ballot” that is actually counted by the scanners. Although such barcoded printouts also include human-readable text that purports to summarize the voter’s selections, the recent study mentioned above shows that most voters won’t notice if the text has been manipulated to alter their intended selections. According to computer science professor Richard DeMillo of Georgia Tech, the barcodes also can be manipulated to instruct the scanners to flip votes. Adding insult to injury, these barcode systems cost about three times as much as using hand-marked paper ballots and scanners. In addition, despite initial denials, ES&S admitted last year that it has installed remote access software in central tabulators — the county computers that aggregate electronic precinct totals — in 300 jurisdictions. Although ES&S won’t identify the 300 jurisdictions, a forensic analysis conducted in 2011 of voting equipment in Venango County, PA, revealed that someone had “used a computer that was not a part of the county’s election network to remotely access the [ES&S] central election tabulator computer, illegally, ‘on multiple occasions.’”

  74. Politico: State election officials opt for