Election Day presents a tantalizing target for a malicious hacker.
The complex, multifaceted US voting system is rife with technological weak spots, from problems with the electronic voting machines in use in some states to vulnerabilities in the websites government officials use to disseminate information.
In an era where public trust in American institutions is at an ebb, and conspiracy theories threaten to metastasize online, public safety officials and cybersecurity experts say they have to be careful how they talk about the vulnerabilities.
“If the people do not trust that it’s a fair system, then the whole thing is going to fall apart,” said Cris Thomas, a well-known hacker who often goes by the name “Space Rogue” and now works in security at IBM.
But many hope that sounding a louder alarm will spur action to strengthen the system.
“The only way we’re going to change that is by identifying vulnerabilities and then fixing them. That’s what’s going to make the public have confidence,” said Jake Braun, the director of the Cyber Policy Initiative at the University of Chicago.
Here are several scenarios in which hackers could affect the integrity of an election — and what experts say should be done to fix them.
Hackers manipulate voter registration or check-in lists
Imagine showing up to your polling place, only to have workers there say you’re not on the list — or that you’ve already voted.
There are several ways that hackers could pull this off. An attacker who breaches a state’s voter registration database could remove eligible people from the rolls, change their precincts, or potentially throw the election into chaos by corrupting the entire file.
In some states, poll workers also use tablets or other electronic devices to verify who is registered to vote where. (In Massachusetts, e-pollbooks can only be used for early voting.)
When those devices are connected to the Internet or other outside networks, they can be vulnerable to intruders who falsify or alter records — leading to Election Day confusion and, potentially, disenfranchisement. Generally, polling places keep provisional ballots on hand in case of a dispute over a voter’s eligibility, but these can slow the process of voting.
In Durham, N.C., pollbook problems in the 2016 general election led to lengthy delays for voters. Though local officials say that the issue was not caused by a cyberattack, “almost anything that can happen by accident can also be caused by a bad actor,” said Lawrence Norden, deputy director of the democracy program at the Brennan Center for Justice.
What can be done: Many states have removed their registration databases from all connections to the Internet or other computer networks, making them hard for hackers to reach. Experts also say states should have secure backup copies of the master voter registration list.
Security advocates say electronic pollbooks should be loaded with a precinct’s voter list in a secure location, and then disconnected from the Internet and other devices while checking voters in. Polling places should have more than enough provisional ballots on hand, just in case.
Someone tampers with the voting machines
This November, 15 states — none of them in New England — will use at least some electronic voting machines that leave no paper trail, according to the Verified Voting Foundation.
Without a paper record, election officials can’t review the results to ensure that the final count reflects the actual votes cast.
And though most voting machines are not connected to the Internet, some can be accessed remotely by other computers, increasing the chances that somebody could tamper with their software.
What can be done: Jurisdictions can either replace their all-electronic machines or retrofit them to generate a paper trail, according to the Defending Digital Democracy Project at Harvard’s Belfer Center for Science and International Affairs.
But researchers cautioned that any piece of electronic voting equipment should have software that is up-to-date, be disconnected from the Internet and other computers, and be regularly tested for vulnerabilities.
A rogue vendor compromises voting equipment
Public officials aren’t the only ones who have access to the sensitive aspects of the voting process. State and local governments rely heavily on contractors to furnish equipment and services, from the production of the ballots to the maintenance of tabulation systems.
Eric Rosenbach, who leads the Defending Digital Democracy Project, said governments could be unaware of vendors’ security issues. A person with direct access to voting equipment could insert bad code or even physically harm devices.
“There are a very small number of vendors who have a lot of control over this space,” said Rosenbach, whose team has issued detailed reports about what the elections system should do to prepare. “They have almost zero incentive to have any type of transparency about the code that could be hacked and the processes they put in place to ensure that their systems are secure.”
What can be done: The Belfer Center says governments should take a serious look at the security of their vendors, make sure their employees are trained in cybersecurity practices, and ascertain that vendors have plans to fix any vulnerabilities they discover.
Hackers infiltrate government websites or social accounts
State and local elections websites and social media accounts are a crucial repository of information on where to vote, how to register, and any unexpected changes in plans. On election night, they become a primary conduit for voters and news organizations to learn the results as they come in.
If hackers penetrated these websites, they could create major confusion on Election Day, potentially sending voters to the wrong precincts or misleading them about polling hours. The release of inaccurate preliminary voting results could also create doubt about the legitimacy of the election — even if the final tally is accurate.
Because these sites are on the Internet, they are especially vulnerable to interference from anywhere in the world.
What can be done: The Belfer Center said it is crucial that governments put their websites through testing ahead of the election to discover how hackers might penetrate their security.
They should also have backup plans for publicizing election information, including results, in the event that they lose their primary means of communication.
Also, public officials should have strong passwords and use two-factor authentication to log into accounts including public-facing social media. That means users should have a physical object, like a cellular phone or a digital key, in order to gain access to their accounts. This prevents others from logging in if they were to gain access to a password.
Campaigns or political parties are compromised
Perhaps the most visible interference in the 2016 presidential election was the intrusion that led to the release of e-mails sent to and from Hillary Clinton’s campaign chairman, John Podesta.
Bad actors have plenty of options for attacking campaigns, however. Candidates can be hit with viruses or ransomware or even have their accounts hijacked to release misleading or compromising information. A hacker could also disrupt campaign communications — complicating time-sensitive get-out-the vote efforts — or take down a candidate’s website during a critical fund-raising period.
What can be done: Robby Mook, who was Clinton’s campaign manager and is now a senior fellow at the Belfer Center, said campaigns can reduce many risks by making sure that everyone involved takes some basic security measures.
He recommends more tightly controlling staffers’ access to sensitive information, improving network security, creating strong passwords, and using two-factor authentication to prevent unauthorized logins. The center also says campaign workers and their families should use the same security practices for their personal accounts. Mook said Podesta’s information came from his personal account.
“Every campaign and every organization needs to think about what data is out there that you don’t necessarily control, but could potentially be weaponized against you and could become your problem,” he said.
A malicious group disrupts Election Day
A bomb threat closes a bridge that many voters in a key precinct use to get home. Someone hacks into the system that controls traffic lights, snarling traffic throughout the city. A propaganda operation unfolds on social media, feeding voters inaccurate information about changes to the election schedule.
Attacks on the environment in which the election takes place could be just as disruptive as hacks of the election system.
A group of cybersecurity researchers, elections officials, and public safety leaders met recently at the office of Boston cybersecurity startup Cybereason to game out how they would handle such a scenario. A “red team,” playing hackers intent on disrupting the election, threw imaginary attacks at a “blue team” of law enforcement.
At the end of the day, everybody was grateful it was only a game.
“If this were to happen today, I would say the red team would have the upper hand for a period of time,” said Sean P. Maloney, a state trooper assigned to the FBI’s Boston office. But he said practice events are a start in helping authorities imagine what they might face.
What can be done: Maloney said it will be crucial for the authorities who are in charge of overseeing the election to communicate with the public about what is happening.
“It falls upon civilian leadership to come out with a clear and unified message that the attackers are not going to win this one,” he said. “They may win a round or two, but democracy will prevail.”Andy Rosen can be reached at firstname.lastname@example.org. Follow him on Twitter @andyrosen.