Democracy Tree: Yes, Russians can hack U.S. elections

“So, when you’re talking about an advanced attacker, like a nation-state, unfortunately mere disconnection of the voting machines themselves from the internet isn’t enough to stop them.” — J. Alex Halderman, expert on election security, on the oft-repeated myth that our voting machines are safe from hacking.

putin eyes

Something Wicked This Way Comes

I read with mild alarm this week when one of my favorite columnists admonished his readers to put on their big boy pants and accept the election results or risk looking like “irrational birthers.”

This opinion piece appeared as new revelations of Russian interference, potential for blackmail, and unholy alliances with the Trump administration came to light in a damning piece of journalism published by the New York Times. While, hovering menacingly off the eastern seaboard is a Russian spy ship as a backdrop for these precarious times.

We are instructed by some to largely disregard foreign influence in our electoral process and instead adopt pragmatic solutions for moving forward by gaining a better understanding of the nation’s internal campaign landscape. Attempts to assuage voters on the integrity of the election continue to miss the mark.

Trump and his flying monkeys regularly gin-up public unrest over imaginary voter fraud. It’s doubtful there was any of that in the 2016 cycle. Neither did hacking play a role in the result. Yet, the potential for election hacking in future contests is very real, and the Russians are certainly working to that end. Midterms are right over the horizon.

Denial of the threat frequently employs two arguments. First, each state has its own unique patchwork of voting machines, in theory rendering a widespread successful hack impossible. And second, naysayers claim that because the machines are not connected to the internet they are inviolate.

The first argument is just plain silly. Hackers would only need to identify those key states and districts where they could potentially throw an election. They don’t need to hack every last machine.

But it’s the second claim that is a dangerously naive assumption about how actual hacking occurs. Professor J. Alex Halderman — a University of Michigan computer science and engineering expert who specializes in the security of election systems, knows all too well the folly of this belief.

The “Air Gap Connection” Hack

Halderman appeared on C-SPAN last October to explain the easy mechanism by which a foreign or domestic entity could stealthily alter election results even with no internet connectivity of voting machines. It’s called an “air gap connection” hack. Earning its name from plumbing terminology, air-gapped computer networks are physically isolated from other systems, the internet and wifi. This is the case with our voting machines, except there’s a simple way to get around the air gap. And American spies perfected it.

Readers may recall Stuxnet from several years ago, when the United States teamed up with Israel to hack and disable Iran’s nuclear enrichment program. The Iranian computer network was air-gapped, except for one key vulnerability. Malware was introduced via a USB flash drive that had been used on an internet connected computer and then on their protected system. These devices are needed to transfer data from one network to another — in this case it was through a contractor updating the programming of the closed system. The worm did its damage then erased itself, leaving the Iranians clueless as to what occurred.

American voting machines have the same susceptibility, but with much less vigilance protecting their integrity — if any effort is put forth at all. They require flash drives or memory cards to transfer data from unprotected municipal computers to the air-gapped machines. That’s how our voting machines are programmed prior to an election. Halderman warned of the very real threat:

“The voting machines have to receive the data about the ballot design, about the software that’s running on them from somewhere, and they get that data from central systems in the counties or states. These are called Election Management Systems… And, because the voting machines are receiving the data and sending back data to these central systems, it doesn’t go over the internet — but it goes over what we might call a ‘sneakernet’, which is basically memory cards.

So, when you’re talking about an advanced attacker, like a nation-state, unfortunately mere disconnection of the voting machines themselves from the internet isn’t enough to stop them.”

Whistling past the graveyard, the chair of the U.S. Election Assistance Commission, Thomas Hicks, asserted in a September 2016 C-SPAN interview that “there’s no way to hack into those machines using the internet.” True, but by that flawed logic, we should all be relieved to also learn that we can’t catch the Zika virus from a toilet seat.

It gets worse. Hackers may not even need to transfer the malware via a flash drive or memory card. Wired magazine reports that technology exists that uses radio waves through cell phones to attack air-gapped systems. Multiple avenues of technology exist to break into seemingly isolated systems.

How real is the threat?

Very.

Last month we learned that municipal computers in Grand Traverse County in Northern Michigan were the subject of a 2014 foreign-based hack. The FBI has been monitoring the situation since that time. Paul Knific, of Epic Technology Solutions, the county’s IT consultant, advised that the hack put all the computers on that network at risk. The breach appeared to have been a preliminary test of the system. Knific described it: “It was kind of like, ‘Hey we’re here.’”

And so they are.

6 Comments

    • Editor

      Always have to refer to the former president by his middle name. I’m sure there’s a reason, and I don’t believe it’s anything but an intend to portray him incorrectly as a Muslim. He’s done now. Please stop.

  1. Robert M Traxler

    “Trump and his flying monkeys regularly gin-up public unrest over imaginary voter fraud.”
    Are you referring to the over 400,000 African Americans who voted for President Trump as flying monkeys? Please think it over, take off your blinders and think of what you would say if Ranger Rick or I had made the exact same comment. You would say what a degrading racist comment and they are idiots and bigots.
    I do agree with you that foreign interference in elections is just not good, but President Obama and Secretary Clinton interfered in elections in the Ukraine, Israel and Great Britain to name a few. Oops the truth is indeed inconvenient.
    Glad to see the media now notes the Russian submarines off the American coast in international waters as a problem, they have been off shore on and off for the last 62 years.
    Nothing wrong with making the election process more secure, we agree on that.

  2. John Wilkins

    I am not portraying him anything more than what his Mother named him. I call former President George W Bush, does this make you think of an Evangelical Christian? Wow lighten up!

    • Editor

      I don’t believe you. You are very aware that the name Hussein has connotations and you choose to take advantage of it. Your insincerity and denial is troubling. I had my issues with former President, but I don’t keep beating a dead horse.

      • John Wilkins

        “don’t keep beating a dead horse”
        The libs are still blaming George W Bush, talk about beating a dead horse. In addition it’s OK for you to have a “This is not a “fair and balanced” story” however not good for anyone else? Interesting. Classic example of do as i say not as I do. I will now digress.
        Cheers!

Leave a Reply