Breach, Threat Management, Threat Intelligence, Data Security, Threat Management

Noting voting anomalies, data scientists urge Clinton to ask for recount in three states

As Hillary Clinton's lead in the popular vote tops two million, a group of computer scientists, noting anomalies in voting results in three states could potentially indicate hacking, called for further investigation and urged her campaign to ask for a recount.

J. Alex Halderman, director of the University of Michigan Center for Computer Security and Society, and others have met with Clinton campaign officials to advocate for an audit of results in Wisconsin, Michigan and Pennsylvania after noting deviations. In Wisconsin, for example, Halderman found that Clinton picked up seven percent fewer votes in counties that used electronic voting machines than she did in those that relied on paper ballots and optical scanners, New York magazine reported.

In a Wednesday blog on Medium, Halderman noted that deviations between pre-election polls and actual voting results were likely the result of the polls being “systematically wrong.” But in those close states, where oddities have been observed, he wrote that  “the only way to know whether a cyberattack changed the result is to closely examine the available physical evidence — paper ballots and voting equipment in critical states like Wisconsin, Michigan, and Pennsylvania.”

But, he said, that won't happen unless one of the campaign's calls for it. “Nobody is ever going to examine that evidence unless candidates in those states act now, in the next several days, to petition for recounts,” said Halderman.

Cris Thomas (AKA Space Rogue), strategist at Tenable Network Security, said the “allegations of voting impropriety by high-profile voting right attorneys and computer scientists is alarming.”  But, he noted, in comments emailed to SC Media, that “so far no actual evidence of voting computer hacking” has been offered up.

In fact, the “only detail that has been disclosed is that there there are irregularities in the voting results from certain areas of three states that used DRE (direct-recording electronic) voting machines,” Thomas said, which could be “completely normal” and likely don't “indicate that the voting computers were tampered with in any way.” 

While determining whether voting was tampered with in those states without scrutinizing actual data, Thomas noted that “the people involved in this group are highly respected computer scientists and experts in voting security forensics.”  

Haldeman's group, which includes John Bonifaz, a noted voting rights attorney, has promised to release its report Monday, which Thomas said gives “everyone a long holiday weekend to fret over what their data shows or doesn't show.”

But Travis Farral, director of security strategy at Anomali, remained doubtful that the voting machines were hacked because such a ploy would require a well-coordinated and well-planned effort.

“The attackers would have had to obtain several different models of voting machines to account for the affected areas in order to understand how they work, reverse engineer them and then create malicious code,” he told SC Media in emailed comments. “Then they would have to devise elaborate plans to get this malicious code onto all the various machines in the locations in question.”

Because the systems don't have Internet access, hackers “would have to coordinate attacks on voting machine technicians' systems far enough in advance to ensure that the malicious code would be deployed at the time when technicians connected to the systems directly,” Farral said. “The code would also have to be smart enough to avoid detection during vote testing. This would all take a phenomenal amount of resources, coordination, and luck to pull off.”

Election authorities likely have vulnerability management systems in place, as well as, other security measures such as “file integrity monitoring to detect unauthorized changes, and monitoring tools to detect unusual activity,” he said. “We're seeing more organizations every day share threat intelligence through ‘crowd-sourced' security awareness, which is also a practice election authorities may be involved in.”

That the voting machines in this country “have serious cybersecurity problems,” is no secret, Halderman wrote. He and others have urged that they be addressed for years. “It doesn't matter whether the voting machines are connected to the Internet. Shortly before each election, poll workers copy the ballot design from a regular desktop computer in a government office, and use removable media (like the memory card from a digital camera) to load the ballot onto each machine,” he said. “That initial computer is almost certainly not well secured, and if an attacker infects it, vote-stealing malware can hitch a ride to every voting machine in the area. There's no question that this is possible for technically sophisticated attackers.” 

Regardless of what Halderman's findings show on Monday, it's time for “a serious conversation about how the United States will conduct future election,” Thomas said. “Having doubt cast on the results even if unfounded can be detrimental to the future of our democracy”

He suggested focusing in the short term on Voter Verified Paper Audit Trails (VVPATs). But the longer view requires the development of “design procedures and protocols for voting computer security that can be trusted enough that no doubt can be cast on the results.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.