The Security Challenge of e-Voting – Anthony Giandomenico

As threats become more sophisticated, and always-connected electronic voting machines become more widely used, tampering with voting results is a risk that is pretty easy to predict will increase over time.

Guest Editorial by Anthony Giandomenico, Senior Security Strategist and Office of the CTO at Fortinet

Countries where open elections occur have often developed arcane rules and processes for casting, collecting, and tabulating votes, in part because counting and managing votes is so time-consuming, but also because different groups, especially those with power, have strongly vested interests not only in the outcome, but in the process itself.

In the US, for example, Americans don’t actually vote for Presidential candidates, but for slates of “electors” pledged to support those candidates.

In fact, the US President is actually chosen by an Electoral College of 538 individuals, and needs a majority of 270 votes to win.

Many Americans are completely unaware of this process, nor that once their states’ electors are chosen they don’t actually have to vote for the candidate they were elected to cast their vote for.

But among those who understand the Electoral College process, a growing number feel it’s time for a change to one person – one vote popular election model.

We have the technology, they argue, to put in place an electronic voting system that would allow for a popular vote to take place, and for results to be tabulated immediately.

Not so fast. There are serious security issues surrounding online elections that will need to be sorted out before something like this can become a fully trusted reality anywhere, not just in the US.

Elections have several stages, and each of them carries risks.

And few elections don’t include interested parties with a vested interest in the outcome, whether it is a local election or a large national election with sweeping international implications, and the motivation to circumvent the law to achieve their objective.

Vote
The challenge with campaigns is sometimes referred to as the “weakest link” model

Hacking Election Campaigns

During the campaign season, candidates build huge databases of voters, run internal polls, vet and process policies, messaging, and positions, analyze potential voter feedback, and solicit and manage contributions.

Election campaigns are a goldmine of information for opposing candidates, nation states with a vested interest in election outcomes, hacktivists, and cybercriminals looking to access the personal information of financial supporters.

The challenge with campaigns is sometimes referred to as the “weakest link” model.

While a national campaign may have secured their headquarters (though news of breaches this US election cycle suggest that may not always be the case), local offices that share data with the national organization often do not have the IT staff or skills to ensure they don’t become a point of compromise.

Hackers don’t need to break in through the hardened front door when there are so many potentially soft back doors to choose from, as the hacks that have plagued the Democratic National Committee this year demonstrate.

Phishing attempts also spike around campaigns, especially highly polarizing ones. Since phishing attacks are a common entry point for breaking into networks, sending out clickbait emails about candidates is a great way to trick a user into clicking a link.

Hacking Voting Machines
Voter systems are ideal sources for this sort of nefarious data collection initiative

Hacking Voting Machines

For many countries, the election process itself is subject to a high degree of risk, whether it involves tampering with voting machines, unscrupulous vote counters, or simply hiding the vote tabulation process from oversight and public scrutiny.

But even in the most democratically advanced countries, many electronic voting systems are very outdated and lack even basic security controls.

Of course, this isn’t a new problem. We were talking about this in the US during last election, calling for a technology overhaul.

But even though researchers demonstrated that tampering with the software used by some voting machines is actually quite trivial, four years later nothing has been done.

One (fortunate) problem is that we didn’t see many breaches in the last elections. So like many companies, until there is a major breach or impact on the service, we will likely continue to do the bare minimum.

Of course, 75 percent of votes in the US are cast using paper ballots.

In addition, many electronic machines print a ballot so that there’s a paper trail to compare results against.

But in an alarming trend, five states (Georgia, Delaware, Louisiana, South Carolina and New Jersey) use electronic voting machines that provide no option for auditing results after a vote is concluded.

And the reality is that hiding malware in a voting machine software update is not necessarily a complex engineering challenge.

And as threats become more sophisticated, and always-connected electronic voting machines become more widely used, tampering with voting results is a risk that is pretty easy to predict will increase over time.

Imagine an algorithm that only changes enough votes from candidate A to candidate B to affect the outcome, without being so large as to raise suspicions.

Protecting election results from such advanced threats will require increasingly sophisticated security detection and mitigation technologies.

Part of the problem, of course, is the infrastructure itself.

Many of these connected voting systems are installed at schools, city halls, or other local government facilities that rarely have the budget or technical resources to implement the sort of sophisticated security needed to detect sophisticated threats.

Tampering directly with machines is only one challenge.

Hackers can also potentially intercept traffic between a polling site or electronic voting machine connected to the Internet and the database server aggregating votes, or as that data is forwarded on for live broadcast.

As voting software becomes more sophisticated, and performs such tasks as connecting directly to voter registry databases to automatically validate voters (a task currently done by hand in most locations), or requires a full-time WiFi connection, security challenges will quickly outpace local security measures.

And it’s not just voter fraud that’s a problem.

Many experts now claim that some governments are building massive databases on citizens of other countries.

This sort of intelligence can help them identify targets of interest, such as foreigners living in one country with families back in their country of origin.

The more information they can collect on such foreign nationals, the easier it is to do things like blackmail them or use family members to coerce them into doing things such as spying.

Voter systems are ideal sources for this sort of nefarious data collection initiative.

hacker
For a democracy, the risks have to outweigh issues like efficiency and expediency

Hacking Online Voting

The challenges outlined above are only compounded when you consider things like national online voting.

In addition to the sorts of challenges already discussed, you can add things like spoofing votes and voters, denial of service attacks, voter phishing sites, fraud, redirecting or intercepting votes, attacks on data centers, and even basic user error.

Given the online registration challenges with the Affordable Care Act (ObamaCare) in the US, creating a secure national online registration and voting system that adequately protects voters while ensuring a tamper-proof election process is still quite a ways away.

For a democracy, the risks have to outweigh issues like efficiency and expediency.

Unfortunately, security improvements are usually driven by breaches.

But this is a scenario where that kind of status quo process simply carries too high of a cost.

It’s time for government agencies and security professionals to get together to proactively establish policies and security standards that can be followed and enforced – because until that happens, we will continue to have a serious security problem.

What do you think? Has something like this been implemented where you live? How have security issues been addressed? We’d love to hear more.

Please send comments to admin@americansecuritytoday with ‘e-voting’ in subject line.

About the Anthony Giandomenico, Senior Security Strategist and Office of the CTO at Fortinet

Anthony Giandomenico
Anthony Giandomenico

Giandomenico is a cybersecurity expert with Fortinet’s FortiGuard Labs that brings over 15 years of experience to the table.

Giandomenico delivers knowledge, tools and methodologies to properly demonstrate advanced threat concept and defense strategy using a practical approach to security. He also works on threat collaboration projects between security operation center (SOC) teams across multiple verticals.

He has presented, trained and mentored on various security concepts and strategies at many conferences, trade shows and media outlets including a weekly appearance on KHON2-TV morning news “Tech Buzz” segment and Technology News Bytes on OC16, providing monthly security advice.