Posted on Leave a comment

Is the US election system a prime target for a 2012 hack attack?

image thumb1631

Vote buttonAccording to security experts, the electronic voting process is ripe for attack in 2012. Nation-state attacks have increased, voter databases are increasingly interconnected, and electronic voting systems are plagued with vulnerabilities creating a situation where the 2012 election process is a prime target for a hacker attack.

Security analyst Stephen Cobb told Dark Reading:

“If big, Internet-based companies like Yahoo, LinkedIn, or Sony can fall to hackers, then, yeah, big government databases and local authorities who actually administer the election process can be hacked. I’m somewhat surprised it hasn’t happened yet.”

Voter databases are increasingly vulnerable with many sitting in less-than-secure local government facilities. Although these databases do not contain much sensitive information, a hacker changing or destroying the data within these databases could wreak havoc on the voting process.  In addition, states such as Washington, Maryland, and Virginia are introducing online voting systems and most states provide the means for the US military overseas troops to vote electronically.  In Virginia, voters will cast ballots on machines that use wireless technology.  Any time a system in connected to the Internet, the data becomes vulnerable to attack.

What would be the ramifications of such an attack?

“Interestingly, the wrong person winning is not the worst thing that can happen. The real worst case is a hacker proving that the vote was compromised and ultimately undermining the entire voting process. It would impact the stock market and erode confidence in the entire system, which is a real motivator for organizations that want to attack critical infrastructure.”

The Open Source Vulnerability Database lists over 200 unpatched vulnerabilities in various electronic voting systems – and this is just the known vulnerabilities.

Sources: Dark Reading, CNN, NBC
Leave a Reply

Your email address will not be published. Required fields are marked *