Organizers and participants at the DEF CON Voting Village found cyber vulnerabilities in everything from voting machines to e-poll books, but there is no time before the November elections to fully implement their findings.

  • WolfLink
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    3 months ago

    a small hacking group years in advance to plan and execute a voting machine manipulation without anyone noticing

    This is actually incredibly difficult. Finding vulnerabilities isn’t easy, and exploiting them often isn’t easy either. Sometimes a vulnerability requires the user of the device to do something specific, and sometimes it requires direct access to the device. This comes back to social engineering, as a hacker may have to trick a poll worker into triggering the vulnerability. Also some vulnerabilities might be less impactful than others, e.g. leaking some information rather than allowing a hacker to manipulate votes. Finally, vulnerabilities are discovered and patched all the time. The problems discovered at this year’s DefCon, maybe not all of them will be patched before the election. But planning an attack years in advance? That’s not happening.

    What about a 150 million or more country, what would be easier, manipulation of paper votes across the country involving a lot, and I mean a lot, of people using ballot stuffing and count rigging

    So here’s a list of actual vote manipulation techniques that are commonly used in this country:

    • gerrymandering
    • laws that make it harder for certain people to vote (e.g. laws where your huge city is only allowed one polling booth and you have to take a day off work to vote and there’s strict time requirements and you aren’t allowed water while in the long line)
    • people intimidating people they don’t think will “vote correctly” to stay away from polls

    Here’s a list of vote manipulation techniques that were attempted but failed:

    • bringing a fake set of electors to declare votes that didn’t match with what the people voted for
    • interrupting the official counting and certification of the voting process
    • potentially the killing of government officials in charge of the vote certification process (this didn’t happen, but the mob raiding the capital had constructed a gallows…)

    I really, deeply think that some unspecified electronic vulnerabilities are the least of our concerns for this upcoming election.