Princeton Professor Shows How Easy It Is To Hack An Election in 7 minutes
A professor from Princeton University and a graduate student just proved electronic voting machines in the U.S. remain astonishingly vulnerable to hackers — and they did it in under eight minutes.
In fact, Professor Andrew Appel and grad student Alex Halderman took just seven minutes to break into the authentic Sequoia AVC Advantage electronic voting machine Appel purchased for $82 online — one of the oldest models, but still in use Louisiana, Pennsylvania, New Jersey, and Virginia, Politico reported.
After Halderman picked the hulking, 250-pound machine’s lock in seven seconds flat, Appel wrested its four ROM chips from a circuit board — an easy feat, considering the chips weren’t soldered in placeOnce freed, Appel could facilely replace the ROM chips with his own version “of modified firmware that could throw off the machine’s results, subtly altering the tally of votes, never to betray a hint to the voter,” Politico’s Ben Wofford explained.
Appel and a team of other so-called cyber-academics have hacked into various models of electronic voting machines in order to prove to the public the equipment is ridiculously bereft of security. Together with Ed Felten, Appel and a group of Princeton students “relentlessly hacked one voting machine after another … reprogramming one popular machine to play Pac-Man; infecting popular models with self-duplicating malware; [and] discovering keys to voting machine locks that could be ordered on eBay.”
Their efforts have gone largely ignored for 15 years.
But now, thanks to the explosion of controversy from revealing documents hacked from the DNC — and as-yet unproven accusations of Russian involvement — Appel and his colleagues’ persistence has finally garnered the attention it deserves.
If primaries were successfully rigged through corporate media collusion and behind-the-scenes coordination between the Democratic National Committee and Hillary Clinton’s campaign, voters will certainly wonder what’s in store when they cast ballots using deeply-vulnerable electronic voting machines.
Perhaps that lack of security prompted the Department of Homeland Security to declare electronic voting machines part of U.S. “critical infrastructure” this week — a designation generally reserved for 16 sectors, including transportation systems, dams, and utilities, among other things — deemed “so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
Now that attention has been given to the ease with which a number of popular, still-employed voting machines can be compromised, officials and voters alike have expressed grave concerns about the upcoming election.
“This isn’t a crazy hypothetical anymore,” Dan Wallach, a computer science professor at Rice and veteran of the team of Princeton ‘hackers,’ noted. “Once you bring nation states’ cyber activity into the game?” he hinted of potential Russian connections to the DNC hack and possible implications of foreign meddling in the national election. “These machines, they barely work in a friendly environment.”
Thirty-one prominent security experts with the Aspen Institute Homeland Security Group issued a statement in response to the DNC hack at the end of July, imploring precautions be taken because “[o]ur electoral process could be a target for reckless foreign governments and terrorist groups.”
“Look, we could see 15 years ago that this would be perfectly possible,” Appel told Wofford. “It’s well within the capabilities of a country as sophisticated as Russia.”
He added ominously, “Actually, it’s well within the capabilities of much less well-funded and sophisticated attackers.”
Electronic voting machines hit the U.S. electoral process in full force following the ‘hanging chad’ controversy in the Bush-Gore race in 2000, in which ballots had to be hand-counted. Ludicrous pictures inundated the news, showing elections officials assiduously examining paper ballots to determine if partially-punched choices equated actual votes in the tight race — a scene officials hoped electronic voting machines would avoid repeating.
But those machines presented notorious problems of their own.
As Wofford explained:
The Princeton group has a simple message: That the machines that Americans use at the polls are less secure than the iPhones they use to navigate their way there. They’ve see the skeletons of code inside electronic voting’s digital closet, and they’ve mastered the equipment’s vulnerabilities perhaps better than anyone (a contention the voting machine companies contest, of course). They insist the elections could be vulnerable at myriad strike points, among them the software that aggregates the precinct vote totals, and the voter registration rolls that are increasingly digitized. But the threat, the cyber experts say, starts with the machines that tally the votes and crucially keep a record of them — or, in some cases, don’t.
Because this electronic equipment is now horribly outdated — some machines’ manufacturers no longer offer tech support — and considered, in large part, a ‘failed experiment,’ much has been phased out for better options. But not completely — and those better options still can be easily tampered with, according to Appel and his team.
Indeed, the issues with electronic voting methods are too voluminous to recount in a single article, though Wofford does provide a thorough, albeit lengthy, summary here.
As voters prepare to putatively choose the next American president in November, tales of rigged elections — from the primaries to the presidency — continue to top headlines across the country. With the sheer mountain of political funny business already evidenced this year, electronic voting machines don’t offer anywhere near the sound comfort of retribution the voting public craves.