U.S. security experts now believe Russia was behind a recent hack of the Democratic National Committee’s email servers. The cache, first published by WikiLeaks, shed light on the committee’s attempts to sabotage Sen. Bernie Sanders’ campaign – and ultimately led to the resignation of committee Chairwoman Debbie Wasserman Schultz.
Donald Trump then upped the ante by suggesting that Russia go a step further. “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” he said Tuesday, referring to the investigation into Hillary Clinton’s emails. He also took the battle to Twitter:
https://twitter.com/realDonaldTrump/status/758335147183788032
The hack didn’t just create chaos for both parties. It also shows what another country can do if it wants to mess with our elections. If a foreign power could gain access to one party’s email servers, how easily might it influence the voting process itself?
The answer, according to cybersecurity experts, is very easily.
A key vulnerability is internet voting, which has gained popularity in recent years with promises to increase convenience and turnout. Despite a steady stream of warnings, more and more states are allowing citizens to cast their ballots online. Alaska, Arizona, North Dakota, Missouri and Alabama employ internet portals, and 20 others allow email or fax, according to Verified Voting, a nonprofit that promotes election transparency. But experts say it’s essentially impossible to safeguard votes cast over email because there are so many different points of vulnerability along the way.
To make matters worse, election officials might not recognize fraud, even if it’s sitting right in front of them.
“The systems that support voting are very low-budget and in general run by people who are not that technically sophisticated,” said Bruce McConnell, the Department of Homeland Security’s former deputy under secretary for cybersecurity. “They’re much more vulnerable by nature than systems run by banks or big retailers.”
In March, Utah’s Republican Party launched the U.S.’s first-ever internet primary, despite warnings from a state-appointed advisory committee that the “benefits are not yet proven and are susceptible to risk.” The Washington Post reported that many voters encountered technical problems – and that nearly a quarter of those who applied to vote online were rejected. Meanwhile, some privacy experts maintain that there’s no way to know for sure whether the votes that made it through were compromised.
Internet voting in the U.S. is relatively new, but other countries have been at it for years. No nation is more reliant on internet voting than Estonia, which has far more security procedures (including government-issued ID cards) than the U.S. Yet a recent security analysis conducted by a team from the University of Michigan found “serious architectural limitations and procedural gaps that could potentially jeopardize the integrity of elections” in the country.
When the team recommended, in 2014, that Estonia discontinue its use of internet voting, the country’s president replied aggressively, hinting that the researchers had been bought off by a rival political party. Some politicians in the country have also called for an end to the system.
Estonia could serve as a warning to the U.S. In April 2007, it suffered a massive, multi-pronged digital attack on its government, media and banks – an offensive Wired nicknamed “Web War one.” Estonian officials accused Russia of launching the attack as retaliation for the removal of a Soviet-era statue in the nation’s capital. The Kremlin, for its part, denied the charge.
“There’s a lot of interest and a lot more to be gained – particularly by state actors in disrupting elections,” McConnell said. The attack on the Democratic National Committee’s email servers – and, more recently, on its voicemail inboxes – could have been a warning shot of sorts.
The real cannon blasts could come in November.
“While the DNC hack was not a hack of a voting system,” McConnell said via email, “the attack reminds us that almost all systems connected to the internet are vulnerable to a skillful attacker. Voting systems are too important, and too poorly protected, to connect them directly to the internet at this time.”
Byard Duncan can be reached at bduncan@cironline.org. Follow him on Twitter: @ByardDuncan.
Republish this article
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
Republish Our Content
Thanks for your interest in republishing a story from Reveal. As a nonprofit newsroom, we want to share our work with as many people as possible. You are free to embed our audio and video content and republish any written story for free under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license and will indemnify our content as long as you strictly follow these guidelines:
-
Do not change the story. Do not edit our material, except only to reflect changes in time and location. (For example, “yesterday” can be changed to “last week,” and “Portland, Ore.” to “Portland” or “here.”)
-
Please credit us early in the coverage. Our reporter(s) must be bylined. We prefer the following format: By Will Evans, Reveal.
-
If republishing our stories, please also include this language at the end of the story: “This story was produced by Reveal from The Center for Investigative Reporting, a nonprofit news organization. Learn more at revealnews.org and subscribe to the Reveal podcast, produced with PRX, at revealnews.org/podcast.”
-
Include all links from the story, and please link to us at https://www.revealnews.org.
PHOTOS
-
You can republish Reveal photos only if you run them in or alongside the stories with which they originally appeared and do not change them.
-
If you want to run a photo apart from that story, please request specific permission to license by contacting Digital Engagement Producer Sarah Mirk, smirk@revealnews.org. Reveal often uses photos we purchase from Getty and The Associated Press; those are not available for republication.
DATA
-
If you want to republish Reveal graphics or data, please contact Data Editor Soo Oh, soh@revealnews.org.
IN GENERAL
-
We do not compensate anyone who republishes our work. You also cannot sell our material separately or syndicate it.
-
You can’t republish our material wholesale, or automatically; you need to select stories to be republished individually. To inquire about syndication or licensing opportunities, please contact Sarah Mirk, smirk@revealnews.org.
-
If you plan to republish our content, you must notify us republish@revealnews.org or email Sarah Mirk, smirk@revealnews.org.
-
If we send you a request to remove our content from your website, you must agree to do so immediately.
-
Please note, we will not provide indemnification if you are located or publishing outside the United States, but you may contact us to obtain a license and indemnification on a case-by-case basis.
If you have any other questions, please contact us at republish@revealnews.org.