Connect with us

Hi, what are you looking for?



Leaked Documents Show US Vote Hacking Risks

Security experts have warned for years that hackers could penetrate electronic voting systems, and now, leaked national security documents suggest a concerted effort to do just that in the 2016 US election.

Security experts have warned for years that hackers could penetrate electronic voting systems, and now, leaked national security documents suggest a concerted effort to do just that in the 2016 US election.

An intelligence report revealed this week showed a cyberattack that targeted more than 100 local election officials and software vendors, raising the prospect of an attempt, possibly led by Russia, to manipulate votes.

The top-secret document from the National Security Agency, published by online news outlet The Intercept, stops short of drawing any conclusions about the impact of the attacks and whether it affected any ballots. But it suggests hackers got deeper into US voting systems than previously believed.

“These are our worst fears,” said Joseph Hall, chief technologist at the Center for Democracy and Technology, who researches voting systems.

“For over 15 years, I and a lot of other people have said we had never seen a confirmed hack of voting systems. We’re not going to say that anymore.”

Hall said systems could be vulnerable because localities that manage elections rely on private software sellers that may lack resources against a well-funded cyber adversary.

“A lot of those vendors are quite small,” Hall said. “There’s not a lot of hope when you have are going up against an 800-pound bear.”

Advertisement. Scroll to continue reading.

Russian President Vladimir Putin has denied any effort to influence the 2016 US election. But the report suggests meddling went beyond psychological warfare to an attack on voting systems themselves.

Hacking elections “has always been thought of as a theoretical possibility, but now we know it is a real threat,” said Susan Greenhalgh, a researcher with the Verified Voting Foundation, an election systems monitor.

“We need to ensure our voting systems are resilient going into 2018 and 2020” elections, she added.

Alex Halderman, a University of Michigan computer scientist whose projects have included simulated hacking of voting machines, called the latest disclosures “significant.”

“This shows Russia was interested in attacking the computer infrastructure that operated the election and raises important questions including how far they got,” he told AFP.

While voting machines are not connected to the internet, most of the electronic systems need to be programmed with computers which are connected, opening up security holes.

“If you can manipulate that ballot programming you can often exploit the vulnerabilities,” Halderman said, opening the door to vote tampering.

– Long-term impact –

Andrew Appel, a Princeton University computer science professor who has studied election systems, said that if the report is accurate and the cyberattack occurred days before the November vote, it would likely have been too late to affect the outcome.

But Appel said any tampering with vote systems could have serious and far-reaching effects.

“If this kind of attack had taken place weeks before the election, it would be cause for significant concern” for the outcome, he said.

“And it’s many weeks now before the next election, and if there has been Russian penetration of our election software systems or anyone else’s penetration, it could continue to affect vote counting for years.”

Appel said that if ballots are manipulated within a voting machine, “it won’t be obvious, people won’t know about it” unless there is an audit or recount.

Most US states now use optical scanners with paper ballots that can be audited, but a handful employ paperless systems with no paper trail to verify the count.

“Internet elections are even more hackable, and I’m glad we’re not doing that,” Appel said.

Greenhalgh said that even though most jurisdictions have paper ballots which can be used for recounts, “the bad news is the vast majority of the country doesn’t do an audit to catch any errors in the vote counting software.”

Bruce Schneier, chief technology officer of IBM Resilient and a fellow at Harvard’s Berkman Klein Center for Internet & Society, said the report shows the weaknesses of US election systems.

“This (attack) feels more exploratory than operational, but this is just one piece. There are lots of vulnerabilities,” Schneier said. “Election officials are largely in denial. The next election will be no more secure than this election.”

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union.