A computer scientist says the only way to know if the U.S. election was targeted by a cyber attack is to check the paper trail.
Paper ballots and voting equipment should be examined in critical states where the vote between candidates Donald Trump and Hillary Clinton was close such as Wisconsin, Michigan, and Pennsylvania, writes J. Alex Halderman, a professor of computer science at the University of Michigan, in a post to Medium. Only a few days remain to ask for a recount or the opportunity to examine the evidence could be lost.
“America’s voting machines have serious cyber security problems,” he writes. “It’s been documented beyond a doubt over the last decade in numerous peer-reviewed papers and state-sponsored studies by me and by other computer security experts.”
Despite not being connected to the Internet, a vulnerability in the machines is created when poll workers copy a ballot design from a desktop computer to removable media to the machine. This could be exploited to install malware by infecting the desktop computer with the payload. “If my Ph.D. students and I were criminals, I’m sure we could pull it off,” Halderman writes.
How the machines might behave when infected with malware is demonstrated in this lab video:
In the 2006 video, Princeton University shows show a Diebold machine could report altered vote tallies if it’s injected with malicious software and that it would be hard to detect after the fact. It features a Diebold machine infected with malware that passes logic tests, including accuracy tests conducted with test votes. When the “real election” phase starts with the machine, it records four votes for one candidate (George Washington in this test) and one vote for Bendedict Arnold. Yet when the results are printed out, the results show Benedict Arnold is the winner, three votes to two. The same result is recorded on the memory card.
“Our software was able to steal votes without being detected,” the narrating researcher says. “The software deletes itself from the machine when the election is over… no evidence remains the machine was hijacked, no evidence remains that the vote was stolen.”
For these reasons and more, Halderman advocates for paper ballots as the best available technology for casting votes. “Paper creates a record of the vote that can’t be later modified by any bugs, misconfiguration, or malicious software that might have infected the machines,” he writes.
Yes, it looks like voting for the President is one area where a paperless society might be a bad idea.