Could the outcome of November’s election for the President of the United States rest less on whatever policies Hillary Clinton and Donald Trump have to offer and more on the efforts of malicious hackers? Two senior Democrats who sit on the Senate and House of Representatives intelligence committees today pointed the finger firmly at Russia as a bad actor in the process. Elsewhere, hacked emails and vulnerable voting systems mean that voters might have as much confidence in the outcome as sports fans have had recently in cycling and athletics.
A joint statement issued by Senator Dianne Feinstein and Representative Adam B. Schiff said US political entities were being penetrated under direction from the very top in Russia. “At the least, this effort is intended to sow doubt about the security of our election and may well be intended to influence the outcomes. We believe that orders for the Russian intelligence agencies to conduct such actions could come only from very senior levels of the Russian government,” the statement said.
Recent elections have shown the importance of voter data and the use of social media. President Barack Obama’s first term of office was the result of detailed groundwork using data to identify and enrol supporters. Donald Trump’s campaign is using social media to deliver unfiltered (and unchecked) information to supporters outside of conventional channels and without dissenting voices. Both rely on large data sets and the systems which are driven by them - as do UK elections - which makes them vulnerable to outside attack and misuse.
Evidence for the intrusion first came to light in August when up to 200,000 voter records were stolen in Illinois. According to the FBI, the hackers were based in Russia and warned election officials nationwide to be alert to similar attempts. Since then, DCLeaks, which has ties to a hacker suspected of being linked to Russian intelligence, has revealed emails from former Secretary of State Colin Powell which include, among other things, some disparaging views of Trump and further insight into the controversial use by Clinton of a private email server.
“While the content of those emails has sparked much debate, arguably the more critical issue must centre on the causes of these hacks,” said Dave Worrall, CTO at Secure Cloudlink, a cloud-services brokerage solution for secure identity management. “The severity of these hacks is scalable, depending on which political, financial or even medical context you look at them, but the regularity will only continue.”
He added: “Even though Mr. Powell’s private email archive was protected by a password, which was probably selected with care and diligence and may have been complex and unique, the hack still occurred. Olympic medical records were still hacked and published online by a group known as the Fancy Bears. The appetite for data is not merely for financial purposes and there is a blanket fault as to why valuable information is becoming easily attained.”
If a foreign intelligence agency is involved, however indirectly, then the likely intention will be to sew doubt and mistrust in the system. That could dissuade undecided voters whose involvement could swing the outcome decide to stay at home. A more troubling possibility is that votes will be stolen, either by preventing registered voters from being accepted at polling stations or by changing or even deleting their votes once they have been cast.
A major study into the very real technological risk of this happening was recently published. “Hacking elections is easy! Part 2: Psst! Wanna buy a national voter database? Hacking e-voting systems was just the beginning” is the result of deep research by the Institute of Critical Infastructure Technology, described as America’s cyber-security think tank.
The authors of the report warn that, “America’s election process has been at risk since the widespread adoption of electronic voting (e-voting) systems in 2002-06. Despite the fact that researchers have spent the past decade demonstrating that Direct Recording Electronic (DRE) and optical scanning systems from every manufacturer are vulnerable along numerous attack vectors, the United States is still plagued with a lack of transparency on the part of electronic voting system manufacturers and poorly-trained election officials and staff. The preservation of the integrity of the American democratic process rests on the expediency in which we respond to the hyper-evolving threat landscape in this digital age.”
The report itself does not hold back. It’s opening sentence states that, “Western democracy is held hostage to vulnerable code in black boxes on dilapidated bare bones PCs with virtually zero endpoint security, otherwise known as e-voting machines.” It adds that, “no proof exists that the vulnerabilities in electronic voting machines discovered by security researchers over the last decade have been mitigated in anyway,” and warns, “local elections are run by untrained volunteer personnel who lack even the basic understanding of information security necessary to ensure the confidentiality, integrity, and availability of election data.”
That is not a pretty picture, especially if a foreign government really has interested itself in swaying the result. If access to the voting system itself really is as easy as the ICIT claims, then an intelligence agency may not choose to stop at sewing doubt, but could take direct action by meddling with the data itself. Plausible deniability through the use of hackers is all the cover it might need to proceed.
Politicians routinely blame anybody but themselves when they lose a vote. But in the case of November’s choice for the most powerful political office in the West, this time around there could genuinely be other reasons why Trump or Clinton do not make it to the White House.