U.S. Will Try to Thwart Russian Election Hackers, But It's Virtually Impossible

WASHINGTON - Sept. 6, 2016 - PRLog -- The announcement by U.S. intelligence and law enforcement agencies they will be investigating the possibility of cyber-attacks on elections shows that the threat is a very serious one, but the systems are so vulnerable even to unsophisticated attacks that preventing the hacking of the presidential election may be almost  impossible, warns public interest law professor John Banzhaf.

        There is a "perfect storm" - an unusual combination of at least 4 factors drastically heightening risk - heading towards our coming elections, perhaps even the presidential election, says Banzhaf.

        First, one of the scariest revelations of the FBI report on the recent hacking of election systems in two states shows that the hackers did not require much sophistication or secret hacker knowhow.

        On the contrary, notes Banzhaf, the intruders used COTS (common off the shelf) hacking tools widely available and easily obtained by anyone searching the Internet.

        Thus, our vulnerability is not limited to a group of master hackers or foreign countries with vast resources, he notes.  The FBI report shows how and why we could be hacked by teens from many countries.

         The second element of the perfect storm into which our presidential election may be heading is that we use the Electoral College rather than have a direct election for the president.

        Banzhaf started hacking in the late 1950s, and his technique for determining the chance that any particular voter or small group of voters could change the outcome of a presidential election – now called "The Banzhaf Index" – has been widely adopted and utilized.

        That's important, he explains, because, under our Electoral College system, any rigging/fraud/hacking which resulted in a change in even a very small number of votes, and perhaps even only a small number of votes in one individual state, could change the outcome of the presidential election, something very unlikely to occur were there to be a direct presidential election.

        He reminds us of how the 2000 presidential election was decided by fewer than 1000 votes out of almost 6 million cast in Florida.  That election, with its hanging chads and long delays, focused public attention on the many problems of using punch card ballots.

        A third element of the perfect storm facing the presidential election, and well as many state and local ones, is the increased use of electronic voting machines (especially where they leave no paper trail).

        While some electronic voting machines do generate paper records so that some type of audit trail is available if hacking is suspected, too many do not.  This can create what Wired's Brian Barrett terms a "technological train wreck" because, if some one tampered with the machine's software, there would be no way to prove it by comparing real votes with machine tallies.

        Reportedly Delaware, Georgia, Louisiana, New Jersey, and South Carolina use voting machines which leave no paper trail.  The same is apparently true in some parts of Arkansas,
Florida, Indiana, Kansas, Kentucky, Mississippi,  Pennsylvania, Tennessee, Texas, and Virginia.

        A third factor making the perfect storm an even greater threat is that more and more of the computers and data processing devices used in the election process are connected to the Internet.

        The recent hacking of the Pentagon, the alleged hacking of the Democratic Party by the Russians, and the hacking of many large corporations such as Sony by North Korea, shows that even the most sophisticated data processing systems - with strong firewalls and up-to-date intrusion detection software maintained by experts - can be hacked if any portion is connected to the Internet.

        After all, if the Pentagon, Sony, the White House, the Iranian nuclear centrifuge control system (which was reportedly not even connected to the Internet), SWIFT (the international banking exchange system), the State Department, Aramco oil company, and many other large and seemingly impregnable computer systems can be hacked, what guarantee is there that the more primitive systems in Chicago or any other large city or county aren't at least as vulnerable.

        If these mighty fortresses of system security can be breached, it seems clear that many state and local systems - which do not have highly trained experts watching over them, insuring that all their software is up to date, constantly checking for malware and intrusions, etc. - are at least as vulnerable.

        A fourth on-line vulnerability is that some states permit residents to cast their votes from home over the Internet.  Thus, in addition to sending in fraudulent votes from a hacker's computer, scammers might be able to trick voters into sending in their votes for a different candidate, or to providing scammers with the necessary information to send in a phony vote – just as scammers now get their victims to provide credit card numbers and other vital information, or even to have their computers serve as "slave" computers.

        It was said in the Godfather movie that "The lawyer with a briefcase can steal more money than the man with the gun."  Today what's even more scary is that a teenage hacker with easily available malware may be able to steal more votes than any corrupt mayor or governor.

        Ironically, some of the biggest risks could be eliminated by taking a few simple steps, says Banzhaf.  Using only election machines which leave an audit trail, disconnecting election machines and related computers from the Internet, eliminating voting from home over the Internet, insisting that all voting systems be maintained with up-do-date firewalls and malware detection programs manned by experts, etc. would be important steps which could make a big difference, he says.


http://banzhaf.net/    @profbanzhaf