1(630)802-8605 Ravi.das@bn-inc.net

Here in the United  States, one of the fundamental rights that is guaranteed by our Constitution is the right to vote.  Whether we choose to or not to vote, it is a right that not many people around the world have.  So with this in mind, we  will be having our mid term elections coming up this November.  Yes, we all are hoping and praying that the Republicans get thrown out of the Congress, and that the Democrats will eventually take over.

But even if this were to happen, the political chaos that already exists in DC is only going to get worse.  It all comes down to Trump and Democrats get along?  NEVER.  Whatever legislation Trump wants to introduce will never get passed, and the Democrats will find every way to make his life a living hell starting with potential impeachment hearings.  So yes, it could get ugly.

But whatever happens  on the Hill, one of  the main methods by which we vote for our political leaders is through the use of e-voting, or electronic voting.  This  type of voting method obviously has many advantages  over the traditional paper ballot votes.  For example, we can cast our ballot from anywhere at anytime we want to, provided that we have a safe and reliable Internet connection.

But with the recent inquiries by Richard Mueller and his team about the Russian collusion in the 2016 elections, the worries of Cyber attacks on the e-voting infrastructure has come under serious limelight.  I have seen many headlines in the last few weeks where every body wants to spend more money to upgrade the systems, but it’s going to take a lot more than that.

This is best  exemplified at this year’s 26th DEFCON.  At this event, 47 kids participated in the election hacking contest organized by the Voting Machine Hacking Village.  There were replica e-voting sites that were developed by by Wickr and the Wall of Sheep Village.  When the kids were allowed to have at it, it took just a matter of 10 minutes for 11-year-old Emmett from Austin, Texas to hack into the Florida Secretary of State replica site and alter election results.

This was done by launching a simple SQL Injection Attack into the e-voting database.  In his own words, “It’s actually kind of scary . . . People can easily hack into websites like these and they can probably do way more harmful things to these types of websites.”  (SOURCE:  https://cyware.com/news/11-year-old-hacker-altered-election-results-in-a-replica-us-voting-system-in-just-10-minutes-ddd407b6).

But, this incident has also resulted in the butting of the heads between the Voting Village and the National Association of Secretaries of State (NASS).  With the latter, their claim is that the replica websites that are built for the purposes of  hacking “ . . . a pseudo environment  . . .  in no way replicates state election systems, networks or physical security  . . . [it] does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day.”  (SOURCE:  https://cyware.com/news/11-year-old-hacker-altered-election-results-in-a-replica-us-voting-system-in-just-10-minutes-ddd407b6).

With the former, they came back with their rebuke by stating that “ . . . It’s only through scrutiny that we’re going to have confidence in elections . . . we know these systems are wildly insecure, and there’s been precious little evidence of these vulnerabilities so far being exploited in real elections.”  (SOURCE:  https://cyware.com/news/11-year-old-hacker-altered-election-results-in-a-replica-us-voting-system-in-just-10-minutes-ddd407b6).

So as we can see here, we have a battle brewing here between the group of people whom are clearly demonstrating the vulnerabilities and weaknesses that are posed by an e-voting system, and another group of people whom are trying to save face by stating that that that the mockups of the e-voting sites represent outdated voting methods.  Where do I stand on this?  Of course, I stand with 11 year Emmett and his crowd of hacker friends. In fact, I applaud them that they have the ability to recreate these e-voting websites and conduct various Pen Testing exercises to demonstrate where the true holes are at.

The NASS personnel deep down I am sure know that their e-voting systems are flawed, but they just don’t want to admit in order to publicly admit that yes, there are serious security flaws that are involved.  So my advice to them is to listen to these young kids, they actually do know what they are talking about.  And, if you still don’t believe them, then hire an actual Pen Testing team to really scope out your so called real e-voting systems.

I am sure that they will find weaknesses and vulnerabilities at a far deeper level than what these youngsters can show (after all, they don’t have all of the sophisticated equipment on hand either).  To be honest, the e-voting system and the technologies that support this infrastructure has barely changed in the last 20 years so. I should know, because I wrote an entire chapter on this subject in my second book:

https://www.crcpress.com/Adopting-Biometric-Technology-Challenges-and-Solutions/Das/p/book/9781498717441

So rather than money  being spent carelessly and haphazardly on trying to throw bandage solutions out, spend that money, get some real  Pen Testers to find out every weakness and hole in the US e-voting system.   Heck, mid term elections are only three months away, so there is still time to cover all of the tracks that are possible. Obviously, not every hole will be filled, but something is better than nothing.

In fact, the security teams at Microsoft have even found solid evidence of Russian hackers gearing up to interfere with these mid term elections.  The link for this can be seen here:

http://fortune.com/2018/07/19/microsoft-russia-hack-2018-election-campaigns/

The bottom line is that yes, it is scary that an innocent, 11 year old kid could hack into an e-voting site with a simple SQL command. Now, imagine the real thing, say, when the Cyber attacker group behind the SamSam Ransomware attacks interfered with the midterm elections?  These guys are super sophisticated hackers, and can cause damage to the likes that the US political system has never seen yet.