The Standards Blog

The Hacking of the 2016 Election – Did I Write the Script?

Cybersecurity

One of the big political stories this week is that experts believe that Russia has hacked the Democratic National Committee’s servers in an effort to help Trump win the presidential election. Today, security expert Bruce Schneier went further, in an editorial in the Washington Post, suggesting that Putin’s next move may be to exploit the woefully inadequate security of US voting machines to hack the election itself.

That’s a warning worth heeding, because the possibility is all too real. So far, though, no one has focused on another vulnerability that may have already been exploited as the first step towards stealing the election. That’s surprising, because the hack is so obvious.

Why obvious? Because Trump is such an unlikely candidate that no one took him seriously in the beginning. What changed everything? Well, the polls, of course, and now you can guess where I’m headed.

If you wanted to devise a strategy to hack an election so that a specific person would win, your first concern would be that the votes would need to at least roughly match the polls, or people would suspect that someone had tampered with the voting. So your first step would be to hack the pollsters – and especially if you wanted someone as implausible as Donald Trump to win the election.

How would you go about doing that? Well, as it happens I wrote a technically accurate book that takes you through that process from pre-primary through election, and guess what? The current polls, primaries and conventions are following the plot line step by step. Moreover, some specific current events lend additional credibility to the possibility that someone (in this case, the Russians) is in fact following the same plot.

Here’s an example: Trump won every single voting district in Maryland after doing poorly for the previous two weeks. How often does a candidate, especially a candidate running against so many other candidates, run the table? Not very often, if ever. As I noted in my book, someone hacking an election would find it easier in some states than others, because of the kind of voting machines a particular state was using. In this case, the hacker may have gone too far, at the risk of tipping his hand.

So why hack the DNC? Same reason. If Russia plans to hack the election in November, they have the same problem at the back end that they did at the front: keeping the polls in line with the final result. And hence the reason to expose the DNC for treating Bernie Sanders unfairly.

How hard would it be to hack the pollsters? Certainly no more difficult than to compromise the average small to medium business, which is to say not hard at all. Many companies, even very large companies, that are clear targets for hackers have woefully inadequate security. A pollster has no high value data to steal, and thus little reason to focus on security.

How hard technically? Well, I’m a lawyer and I came up with a hack that experts have confirmed as being feasible and effective.How about the voting machines themselves? Well, I lay that out in detail in my book, too, using another layman-designed hack that has been vetted by professionals. Here’s how Bruce Schneier summed it up in his op/ed piece:

[W]hile computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified. 

We no longer have time for that. We must ignore the machine manufacturers’ spurious claims of security, create tiger teams to test the machines’ and systems’ resistance to attack, drastically increase their cyber-defenses and take them offline if we can’t guarantee their security online.

I heartily concur. I wrote the particular book I did to show how easy it would be to steal a presidential election. I hadn’t hoped that it might happen as soon as this.

Even if it should prove that every vote that Donald Trump received in the primaries, and every vote he receives in November, turns out to be valid, it’s time we get the message: unless we fail-safe our voting infrastructure, it’s only a matter of time before someone steals an election.  Assuming, of course, they haven’t already.

An here’s a final fun fact: with one exception, almost no one has signed up for my writer’s blog over the last month. The exception? Over 1,000 people in the Russian Federation have.

I have no idea why. But I have to wonder.

If you’d like to read what may be the script for the hacking of this year’s election, you can find it here: The Lafayette Campaign, a Tale of Elections and Deception.

The-Lafayette-Campaign-3D-BookCover-transparent_background