Actually $26, according to a study conducted by Argonne National Laboratory in Illinois, which was able to hack a Diebold voting machine with “about $26 and an 8th-grade science education.” In light of the rapidly approaching 2012 U.S. Presidential Election, it seems there may be a need to give serious attention to securing our election technology. Several years ago while attending a RedHat Summit, I watched the keynote speaker demo an election machine hack, an older piece of hardware that mistakenly ended up on eBay, and eventually was dissected by researchers.
These days, the U.S. elections garner staggering amounts of financial contributions, running into the billions of dollars, as there’s that much at stake (or so the contributors become convinced). During his last election, President Obama was able to leverage social media and other viral efforts, which significantly helped his campaign, and similar technologies will have even greater effect during the next election cycle. But is the temptation too much for less-scrupulous aspiring politicians to play it straight?
To be fair, voting machines’ security measures are progressing steadily, but not enough to counter the amazingly large prize for tampering – the stakes are too high. It would be an easy temptation for unscrupulous well-heeled bad actors to rent a room full of hackers (in the down economy they might be garnered at bargain basement prices, especially if they become politically motivated), netting potentially massive results swinging elections. By using proxy organizations for the scam, the acts might be more difficult to trace for attribution.
Are all electronic voting machines, used by around 25% of the voting citizenry, vulnerable? Roger Johnston, leader of the assessment team for Argonne National Labs, thinks so: “We think we can do similar things on pretty much every electronic voting machine.” He also advised controlling physical access, “Spend an extra four bucks and get a better lock.”
Security vendors, voting machine manufacturers and oversight organizations still have (very little) time to propose a workable set of alternatives, restoring voter confidence. With sagging voter turnout in recent elections, this would be a nail in the confidence coffin. In attempts to woo more voters to participate in elections, they’d have to be convinced their vote couldn’t be “accidentally” cast for candidate they virulently oppose.
Are we to return to paper and pencil for elections next year? Well, that’s for the industry to decide. After that, there will be a long road to convince would-be voters that the voting and communication systems are hacker proof. No small task, with recent consumer trust in large “secure” organizations waning in light of the string of data breaches paraded about in the headlines.
Author Cameron Camp, ESET