Could a Cyber-attack on e-voting systems affect the upcoming US elections?

Could a Cyber-attack on e-voting systems affect the upcoming US elections?

Yes it can. With the US elections just around the corner, we thought this would be a good opportunity to talk about cybersecurity risks of election processes, as more and more elections around the world, are turning into electronic voting (or e-voting) systems.

The first electronic voting systems for electorates were introduced in the 1960s, with the debut of the punched card systems. E-voting systems have evolved over time as technology advanced, and nowadays include Direct Recording Electronic voting machines, optical scanners, ballot marking devices, electronic poll books and online voting over the Internet.

As with all things digital, e-voting systems are too, exposed to hacking and cyber-attacks. Unfortunately, a successful interference with electronic voting, can jeopardize the democratic process and impact a nation’s fate. In this post we review the different cyber risks to be addressed when running, or considering, electronic voting processes.

From exploiting vulnerabilities to taking advantage of unsecured systems

If the e-voting systems have vulnerabilities that can be exploited or if they are unsecured and exposed, malicious actors have what to gain. Hackers can launch cyber-attacks that could compromise the systems’ networks, perform supply chain attacks, place remote access software and modems on the specific e-voting system, which could provide attackers with a port of entry to the system, and more.

While exploring different systems from different vendors, we were able to establish some commonalities in the issues affecting these systems. Many of the vulnerabilities found involved exposed and unsecure ports that could be leveraged by physical attackers; the use of old, outdated and vulnerable software; some vulnerabilities pertained to the use of storage cards and disks that could allow attackers to infect the e-voting systems with malware; and finally, several vulnerabilities exploited cryptographic weaknesses.

Evaluating the risk of e-voting systems providers should be a high priority before elections.

Voters Database – the fraud and identity theft jackpot

Another significant risk of e-voting systems is through their access to voters’ databases. A vulnerable or unsecure system can become a gateway to a voters’ database. In addition, if the voters’ database resides in an unsecure location, attackers can gain access to that database using various attack methods. The motivation for this type of fraud and identity theft, can either be in context of the election, to influence results, or in general for other cybercriminal activities.

Our analysts have identified multiple examples of discussions and demand for different voters’ databases on the Dark Web. Access to this type of cyber threat intelligence that indicates such risk to your voters’ database in advance, can help prepare and prevent potential attacks.

Post sharing North Carolina database. Source: Verint LUMINAR

Vendors’ Employees Database – an entrance to tampering?

In addition to vulnerabilities in the e-voting systems, election results can be affected if malicious actors gain access to an exposed or unsecure database of employees’ accounts. In such a case, hackers can use the employees’ accounts to gain access to the vendor’s internal network. With that kind of access, if the vendor is also responsible for creating ballot-definition programming files, malicious actors could interfere with how the e-voting machines apportion votes based on the voter’s selection on the touchscreen or mark on the ballot for some of its customers.

Insider Threat – when an election employee goes rogue

The concept of insider threat is not new. We have seen cyber incidents caused by a frustrated employee or an ex-employee seeking revenge. When it comes to employees with access to e-voting systems, there are additional, political motivations involved. During our investigations on the Dark Web, we see discussions about e-voting systems and we have recently come across a specific case, where a poll worker was discussing the technical details of the voting device used at his polling station, mentioning a flaw affecting the device.

Insiders with access to the e-voting systems and the technical knowledge of how these systems work or where they are vulnerable, can become a risk that should be addressed. Monitoring the Dark Web and other threat intelligence activities, can reveal insider threat.

Technical flaw in Dominion ImageCast machine discussed on Telegram by election inspector. Source: Verint LUMINAR

What can we learn from past cyber-attacks against e-voting systems?

Two recent e-voting cyber incidents were the attack supposedly conducted against Russian Blockchain-based online voting systems in June 2020, and the attack against the American vendor VR Systems, ahead of the 2016 US presidential election.

According to reports, Russia’s Blockchain-based voting system was attacked amidst the voting process on the proposed constitutional amendments that took place between June 25, 2020, and June 30, 2020. On June 27, 2020, an attempt to attack the online voting system through an election observer’s node was detected. The reports did not reveal how the attack was carried out. However, although government officials confirmed the reports, they have stressed out that the attack did not result in system malfunction, and that all votes recorded on the Blockchain were valid. In addition, voters reported about other issues during the voting period.

In the case of the 2016 US presidential elections, Russian threat actors were accused of hacking the systems of VR Systems, the US voting systems and software vendor, whose e-voting products are used in eight US states. These are the same Russian threat actors that were accused of hacking the computers of the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and the email accounts of employees involved in Hilary Clinton’s campaign. In mid-2017, a classified report prepared by the US National Security Agency (NSA), about a lasting cyber-attack campaign that targeted elements involved in the US 2016 elections, including the voting infrastructure provided by VR systems, was disclosed to the media.

To conclude, there are multiple types of threats and threat actors devoted to gaining from cyber-attacks involving e-voting systems and e-voting systems vendors. From insiders with access to such systems, through cybercriminals who trade in voter databases, to nation-state hacker groups that employ creative means to influence the democratic process of elections.

Given the fact that many of the e-voting systems are often not regularly updated and risk having vulnerabilities, these systems present a clear cybersecurity risk worldwide. Accurate, targeted cyber threat intelligence has a significant impact, when it comes to preventing e-voting systems cyber threats.

For more information, click here to learn more about LUMINAR.


Author: Verint Cyber Threat Intelligence Research Team

Verint’s Cyber Threat Intelligence (CTI) research team (formerly SenseCy) is comprised of handpicked expert analysts, many of whom are ex-military intelligence, with years of experience in cyber threat intelligence and analysis. Our research team monitors, analyzes and validates threat actors’ malicious activities on platforms such as social networks, mobile applications, Deep Web sites, Dark Web marketplaces, hacker forums, IRC channels, global CVEs and external threat intelligence generated by leading security providers. The Research team regularly produces threat alerts and intelligence reports based on region, industry and organization-specific threats, including in-depth analysis, actionable recommendations, IoCs and more, to proactively identify and mitigate threats before they materialize, to enhance resilience and prevent future attacks