Using 'Password' As A Password, Ransomware And Other Threats That Undermine Election Security

Oct 26, 2020

Not long after Northern Kentucky University computer science professor James Walden's presentation on election security issues Wednesday, Iran was accused of accessing election information and sending emails to Florida voters. Walden lays out the most serious threats and has some advice on how to make elections more secure.

The Most Recent Hack

U.S. Director of National Intelligence John Ratcliffe was not surprised Iran was allegedly behind the hack. "This data can be used by foreign actors to attempt to communicate false information to registered voters that they hope will cause confusion, sew chaos and undermine your confidence in American democracy."

Ratcliffe says Russia also gained access but it didn't contact voters in this most recent hack however, "We are aware that they have attained some voter information, just as they did in 2016."

The U.S. Must Identify Weak Links

In the Oct. 21 Zoom presentation, Walden said it's kind of easy to hack into election data. "By examining election systems from an attacker's viewpoint, we will identify weak links in security and points of high leverage for altering election outcomes in this unique election year."

At the hacker's convention DefCon, attendees try to gain access to election software every year. "They never found a voting machine they couldn't penetrate in some way," says Walden. "The easiest way they got in were default passwords, which were in some cases the word 'password.' "

More worrisome for Walden is ransomware. He sees at least one local government get caught up in that every week. Ransomeware encrypts data and demands payment in cryptocurrency like bitcoin.

What if this happens on Election Day? "There will be tremendous pressure to pay even though the demands could be in the millions of dollars," Walden says. "Of course a lot of jurisdictions might not be able to come up with enough bitcoin in time to pay."

He has another thought about if a hacker were to go into the election booth. "There are these popular USB devices called rubber duckies that are designed for just that purpose. When you plug it in it types in a lot of hacking attempts."

What About Solutions?

Waldon has recommendations to increase voter security. They include adequate resources so everyone can vote in a reasonable amount of time, making sure humanly readable paper ballots exist no matter how people vote and doing what Waldon calls risk-limiting audits. The NKU professor says the U.S. House has passed a measure that includes these. The Senate has not yet taken it up.