The main point I’m trying to make is that compromising voting machines is not the hard part of rigging an election. It would require a conspiracy so complicated, that I’m not convinced there’s any group on earth that could successfully pull it off. Set aside cybersec arguments for a moment:
Let’s assume the worst case for security, that there is one machine per state that you can easily compromise to alter election results. This alone is doing a lot of lifting for this example.
Now, you have to cross your fingers and hope that the election is close enough that you can fudge the overall result without raising suspicion
Prior to the election, you have to plan which states to compromise, and what districts you will target for altering votes. You can only really do this in swing states and swing districts. It is usually not clear until very close to the election which places will be optimal.
Because you are at the mercy of RNGesus as for where you can compromise, you have to compromise a lot of extra states ahead of time to eliminate risk that you didn’t get enough swingable ones to pull of your plan. This increases head count and creates more liability.
If you swing any given district too far, you can raise suspicion and trigger a recount. If one district raises the alarm, the rest will follow. If you only compromised central machines and not the voting machines and ballots themselves, you fail.
If you can’t find enough districts to subtly alter, you fail.
Let’s assume you prepared for point 4 and compromised voting machines themselves. This requires massively more people involved, and if only one person gets caught, you fail.
To extend 6. every person involved in your conspiracy is a liability. A single double agent gets in your ranks? Fail. Somebody flakes? Fail. Somebody grows a conscious or gets busted and rats you out? Fail.
While yes, theoretically you could overcome all those obstacles, you’d have to get miraculously lucky and you’d need to not get busted for quite a long time after the election. Why even bother when you can just pay a few bucks to the right people and get news channels to convince the voters to put your guy in charge without committing any voter fraud at all?
Now all that said, I absolutely support improved election security. If nothing else, it will make it much harder to spread FUD about election integrity.
Guaranteeing that a certain candidate is a very difficult job, I recognize that. However, promoting a specific candidate to have increased chances may be a worth while en devour for certain actors. Additionally, this thought process has one major flaw. This line of thought only focuses primarily on only one way that these voting machines could get breached and does not follow any major security model used by the industry. This does not follow the principles of defense in depth (https://csrc.nist.gov/glossary/term/defense_in_depth), nor does it use other industry standards like the assumption of breach (basically act as if a hacker has already broken in, and you need to weed them out while still keeping other hackers out. See https://www.linkedin.com/pulse/assumption-breach-theory-steve-king.).
What we have been describing, is what is called a threat vector (one method of hacking someone). Specifically we are talking about breaching the central computers using a rubber ducky. There are a million and one other threat vectors out there. What if a supply chain attack is used to poison the machines at the factory.
We have seen this occur in the wild, just look at the solar winds attack carried out by Russia (https://www.cisecurity.org/solarwinds). tldr; russia implanted malware on software that was used by government I.T. personnel, giving them access to a large number of government networks. The extent of this breach was not made fully public but it can be assumed that Russia was able to break into sensitive parts of our military and intelligence agencies.
What if Russian state actors, breached the cards that transport votes. What if a staff member at these voting companies had a political bias and modified a large number of machines. What if I wanted to win a regional election (such as voting for mayor or school board) and breached one or two voting machines. What if an attacker made USB transmittable malware (such as what was seen in the Stuxnet cyber attacks carried out against Iran’s nuclear program) that would carry a payload back to the central voting system. What if there is another attack vector we haven’t thought of? Do these computers stay up to date, as to make it more difficult for hackers to deploy that USB malware as described earlier or other software exploits that are known? Do they take measures to ensure that people who have temporary access (Such as a voter or poll worker) to these systems, are unable to access the admin interfaces of voting machines? Do these voting machines have auto lock out if a built in IPS (Intrustion Protection System) detects that someone may be trying to tamper with votes?
The basic rule of cyber security is this, you can’t know everything. It the reason Microsoft keeps pushing out those silly little update, it’s because they made a mistake that would allow hackers to gain access to any windows system in the world and their trying to patch their mistake before any hacker can figure it out and use it to hack you. There is always a setting that someone mis-configured. There is always the poll worker who may be less attentive. It is information security 101, to use multiple layers of security (such that if a hacker breaks through one layer, they have to break through a second or third layer of protection).
Regardless; if this doesn’t convince you, than we’ll probably have to agree to disagree on the likely hood of a cyber attack. I think what we can agree on, is that these systems need to have better security measures in place. Because the lack of many basic security measures (encryption, hashing, regular updating, security monitoring, security awareness training, etc) is unacceptable, and they should at least be able to keep up with the security measures used with the modern cell phone market. I shouldn’t have to take a mega corporations word, that they have secured my vote. I should be able to audit the code myself (if it seems crazy, look at linux and how capable linux has been security wise despite having open source code). Security by obscurity is not a valid security model.
The main point I’m trying to make is that compromising voting machines is not the hard part of rigging an election. It would require a conspiracy so complicated, that I’m not convinced there’s any group on earth that could successfully pull it off. Set aside cybersec arguments for a moment:
Let’s assume the worst case for security, that there is one machine per state that you can easily compromise to alter election results. This alone is doing a lot of lifting for this example.
Now, you have to cross your fingers and hope that the election is close enough that you can fudge the overall result without raising suspicion
Prior to the election, you have to plan which states to compromise, and what districts you will target for altering votes. You can only really do this in swing states and swing districts. It is usually not clear until very close to the election which places will be optimal.
Because you are at the mercy of RNGesus as for where you can compromise, you have to compromise a lot of extra states ahead of time to eliminate risk that you didn’t get enough swingable ones to pull of your plan. This increases head count and creates more liability.
If you swing any given district too far, you can raise suspicion and trigger a recount. If one district raises the alarm, the rest will follow. If you only compromised central machines and not the voting machines and ballots themselves, you fail.
If you can’t find enough districts to subtly alter, you fail.
Let’s assume you prepared for point 4 and compromised voting machines themselves. This requires massively more people involved, and if only one person gets caught, you fail.
To extend 6. every person involved in your conspiracy is a liability. A single double agent gets in your ranks? Fail. Somebody flakes? Fail. Somebody grows a conscious or gets busted and rats you out? Fail.
While yes, theoretically you could overcome all those obstacles, you’d have to get miraculously lucky and you’d need to not get busted for quite a long time after the election. Why even bother when you can just pay a few bucks to the right people and get news channels to convince the voters to put your guy in charge without committing any voter fraud at all?
Now all that said, I absolutely support improved election security. If nothing else, it will make it much harder to spread FUD about election integrity.
Guaranteeing that a certain candidate is a very difficult job, I recognize that. However, promoting a specific candidate to have increased chances may be a worth while en devour for certain actors. Additionally, this thought process has one major flaw. This line of thought only focuses primarily on only one way that these voting machines could get breached and does not follow any major security model used by the industry. This does not follow the principles of defense in depth (https://csrc.nist.gov/glossary/term/defense_in_depth), nor does it use other industry standards like the assumption of breach (basically act as if a hacker has already broken in, and you need to weed them out while still keeping other hackers out. See https://www.linkedin.com/pulse/assumption-breach-theory-steve-king.).
What we have been describing, is what is called a threat vector (one method of hacking someone). Specifically we are talking about breaching the central computers using a rubber ducky. There are a million and one other threat vectors out there. What if a supply chain attack is used to poison the machines at the factory.
We have seen this occur in the wild, just look at the solar winds attack carried out by Russia (https://www.cisecurity.org/solarwinds). tldr; russia implanted malware on software that was used by government I.T. personnel, giving them access to a large number of government networks. The extent of this breach was not made fully public but it can be assumed that Russia was able to break into sensitive parts of our military and intelligence agencies.
What if Russian state actors, breached the cards that transport votes. What if a staff member at these voting companies had a political bias and modified a large number of machines. What if I wanted to win a regional election (such as voting for mayor or school board) and breached one or two voting machines. What if an attacker made USB transmittable malware (such as what was seen in the Stuxnet cyber attacks carried out against Iran’s nuclear program) that would carry a payload back to the central voting system. What if there is another attack vector we haven’t thought of? Do these computers stay up to date, as to make it more difficult for hackers to deploy that USB malware as described earlier or other software exploits that are known? Do they take measures to ensure that people who have temporary access (Such as a voter or poll worker) to these systems, are unable to access the admin interfaces of voting machines? Do these voting machines have auto lock out if a built in IPS (Intrustion Protection System) detects that someone may be trying to tamper with votes?
The basic rule of cyber security is this, you can’t know everything. It the reason Microsoft keeps pushing out those silly little update, it’s because they made a mistake that would allow hackers to gain access to any windows system in the world and their trying to patch their mistake before any hacker can figure it out and use it to hack you. There is always a setting that someone mis-configured. There is always the poll worker who may be less attentive. It is information security 101, to use multiple layers of security (such that if a hacker breaks through one layer, they have to break through a second or third layer of protection).
Regardless; if this doesn’t convince you, than we’ll probably have to agree to disagree on the likely hood of a cyber attack. I think what we can agree on, is that these systems need to have better security measures in place. Because the lack of many basic security measures (encryption, hashing, regular updating, security monitoring, security awareness training, etc) is unacceptable, and they should at least be able to keep up with the security measures used with the modern cell phone market. I shouldn’t have to take a mega corporations word, that they have secured my vote. I should be able to audit the code myself (if it seems crazy, look at linux and how capable linux has been security wise despite having open source code). Security by obscurity is not a valid security model.