Russian hackers reportedly hit voting systems in as many as 39 states last fall and last week Department of Homeland Security (DHS) officials confirmed that they identified 21 states as potential targets of hacking. Yet Homeland Security officials have yet to examine any voting machines used in 2016 to determine if they were breached. In fact, they still have no plans to do so, writes TPM’s Sam Thielman:
Asked about the decision, a DHS official told TPM: “In a September 2016 Intelligence Assessment, DHS and our partners determined that there was no indication that adversaries were planning cyber activity that would change the outcome of the coming US election.”
Today, DHS stands by that assessment and, therefore, why go to the trouble of spot checking voting machines in the 21 states they identified to see if their determination actually holds up?
Meanwhile, some computer scientists are dismayed at the agency’s inaction.
“They have performed computer forensics on no election equipment whatsoever,” said J. Alex Halderman, who testified before the Senate Intelligence Committee last week about the vulnerability of election systems. “That would be one of the most direct ways of establishing in the equipment whether it’s been penetrated by attackers. We have not taken every step we could.”
Voting machines, especially the electronic machines still used in several states, are so insecure that an attack on them is likely to be successful, according to a report from NYU’s Brennan Center for Justice out Thursday morning. David Dill, a voting systems expert and professor of computer science at Stanford University quoted in the report, said hackers can easily breach election systems regardless of whether they’re able to coordinate widely enough to alter a general election result.
“I don’t know why they wouldn’t try to hack voting machines and I don’t know what would stop them,” Dill told TPM. “Any statement that says ‘We haven’t see evidence of X’ also means ‘We haven’t lifted a finger to investigate.’”
To justify their inaction, Homeland Security officials continue to fall back on the talking point that the local election systems are diverse and the voting machines themselves aren’t connected to the internet. But many voting systems experts have flat-out rejected the idea that these facts inherently protect individual voting machines from being breached.
In fact, one thing that became clear in the leaked NSA document detailing a Russian spear-phishing effort targeting one vendor is that how successful the hackers were at penetrating the email accounts of 122 local elections officials is largely “unknown.”
It is unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data from the victim could have been exfiltrated.
That report focused on an attempt to access voter rolls not vote tallies. But the point is that even the NSA continues to be largely in the dark about what hackers actually accomplished.
Wouldn’t we be better off knowing whether any voting machines were breached? Can’t imagine what a Department of Homeland Security under the direction of Trump-appointed Sec. John Kelly is afraid of.