In July, computer scientist Carsten Schürmann from the IT University in Copenhagen went to Las Vegas to attend Defcon which is one of the world’s largest hacking conferences. At the conference Schürmann participated in a workshop on hacking voting machines. More specifically the American voting machines that were used for, among other things, several elections in 2004-2015. The machines are Windows based and the hack was successful due to an old error in Windows XP. The security flaw could have potentially allowed hackers to change election results and thus affect who would become senators, governors and US president. The machines are called WinVote machines, voters cast their votes electronically and anonymously making it difficult to trace the hack. Microsoft Corporation has refused to comment on the incident.
Easy hack that can’t be tracked
Schürmann used a classical method to hack the WinVote machine. First he connected his computer wirelessly with the voting machine. Then he exploited a security flaw in the machine’s Windows XP operating system and thus gained administrative control over the system. When he had gained control over the machine he could easily access the software and change the votes without any problems. In other words this is not a system that requires super-hackers or great preparation for hacking, but a system as easy to hack as a normal computer. Perhaps even easier than some computers.These days some US states do not even produce a paper copy of the declared and counted votes, which means that in case of hacking you can still not prove that a hack has happened. The solutions to this huge democratic problem are not difficult to see: Updated systems without security holes and paper based records of the counted votes would ensure that this type of hack will not happen in the upcoming elections of 2018 and 2020.
Foreign states can manipulate voting results
The safety issues surrounding the use of electronic voting machines has been been discussed in the United States for a long time and now there is good reason to look into the matter. It took hackers less than two hours to get remote access to the machine and the registered votes at different polling stations. This sort of hacking won’t just mean that individuals can influence the election results. Some foreign states hire hackers to gain access to the secret intelligence of other states and for example weapons programs. Now it turns out that it is also possible and even easy for foreign countries to hack other countries’ voting machines and to manipulate the outcome of important polls. In addition this means that large companies with commercial interests in having a particular presidential candidate come to power can potentially achieve their desired result through hacking. The most mind blowing part of the story is that this hack can not be traced. It can therefore not to be said whether there have been hacks like this during the 11-year period when WinVote machines were used in US elections. This is not the first time that Schürmann has hacked a WinVote machine, but after the demonstration at Defcon he is pleased that there is a new debate about the security of the voting machines.
New debate about voting machines
The hack has once again raised the debate about the uncertainties of the vote counts in 2000, where there was a close run between presidential candidates Al Gore and George W. Bush. In Florida a polling machine had registered 16,022 minus votes to Al Gore. Whether this minus should actually have been a plus, was never explained. Naturally this is speculation but here is a situation that already back then caused a lot of debate. 15 states still use the type of voting machines that were used in Florida in 2000 and the systems have neither been maintained nor updated as they should have been. This is because an update costs money in the form of new certification. Already next year there is a mid-term election in the United States and there are no indications that the voting machines will be replaced nor updated before then.
Your computer can easily be hacked
The reason why it was so easy to hack the election machines is that there was a security hole in Windows XP that hadn’t been patched. Furthermore the machines had not been updated for several years. This is a classic hack of the kind we usually see on private computers. You can avoid suffering the same destiny as the American election machines by looking after your computer.