It doesn’t take much to hack a nation-wide election in the United States. This is one of two Central messages of J. Alex Halderman to the 35. Chaos Communication Congress in Leipzig (35C3).
two years Ago, the expert choice computer of the University of Michigan was already on the Hacker Congress of the guest, shortly after the US presidential election. The was known to be almost in favor of Donald Trump. So close to that of the 137 million votes cast, only to 27,500 in selected States would have had to be manipulated to a draw.
Halderman belonged to those who wanted to enforce in several States Neuauszählungen. In a sample he had found irregularities, he also knew the technical weaknesses of the different used in the United States election computer. The Neuauszählungen took place, evidence of Hacks and manipulations were not found. Halder Mans former conclusion was still: Up to the next election, the US must do to better prepare for cyber-attacks.
Software part, since 2005, no longer updated
The sentence still applies, which is its second Central message of this year. The congressional elections of 2018, do not be downright “scary quiet”, “but, because we had secured our election infrastructure so much better. But not to press because our opponent has decided to make the deduction”.
Because of the biggest problems has changed the view of Halderman little:
Still used in 18 States, choice of computer type AccuVote TS-X, with a Software that hasn’t been updated since 2005. Already in 2007, it was published a long list of vulnerabilities of these machines and the Software. Your complete replacement across the country would cost between 130 and 420 million dollars. The computers are massively hackable, even without direct access. Their main functions are controlled via memory cards, and, in turn, are often prepared centrally by small firms, with the aid of old Windows PCs, says Halderman. Anyone who compromised this Computer, you can manipulate the memory cards and then the actual choice of computer. Many of the machines used from no by the voters controllable paper printout of the votes were later in the day counting. Georgia has also made the System for the registration of voters as outlandishly bad backed out a few days before the election. The strongly recommended manual Review of the computers to output results based on a statistically safe sample does not take place often. Across the country it would cost about $ 25 million per year. A supposed strength of the US system, Halderman’s more a weakness: There are no nationwide guidelines for the use of voting computers, which is why many different models are in use. Halderman argues, an attacker could choose already in advance those areas in which the devices are particularly vulnerable. A law that would have many of these issues addressed and a lot of encouragement from both parties got, is for the time being failed due to the resistance from the White house.
“so Far,” says Halderman, “is the confidence in the US electoral system on the Belief in the technology and the System as a Whole. But the voters deserve more, you deserve the evidence for the safety of the technology.”
The next presidential elections will be held in 22 months. If the government and Congress do not act soon, Halderman keep 37C3 the same lecture for the third Time.