MIAMI (CBSMiami) – First, the Democratic National Committee was hacked. Now, tech experts say it’s possible for hackers to swing the U.S. election.
“I think a hacked U.S. election could tip the balance to one candidate or another,” said CrowdStrike CEO George Kurtz.
Over the last few months, hacking and politics have become a dangerous combination – with the DNC and Hillary Clinton campaign getting hacked.
The Black Hat conference in Las Vegas is where the best hackers in the world get together to talk security.
While there’s no indication an election or the voting process has ever been hacked, CNNMoney Senior Tech Correspondent Laurie Segall decided to ask if it were even possible.
“You guys were pulled in to help the DNC figure out whether or not they were hacked. You did figure out that they had in fact been hacked. And all signs point to Russia. What are the implications of this?” Segall asked Kurtz.
“I think this is really a bit of a watershed event. Forty years ago we had Watergate, right? And that’s where you had a couple of boxes of files that were stolen,” he explained. “Now we’re talking about 20 thousand, 30 thousand files that are being dumped on the internet.”
“Do you worry that there are other state actors sitting in on some very important internal conversations pertaining to the US election?” Segall followed up.
“It’s 100 percent certainty. There’s not even a doubt in my mind that there’s other actors out there that have yet to be found. It’s too big of an opportunity for them, it’s too easy to get in,” Kurtz replied.
But it goes beyond the campaigns being vulnerable – what about the actual machines we use to vote?
A security firm called Symantec actually purchased a couple of electronic voting machines on eBay to see how secure they really are.
Now you have to remember that there’s a ton of different types of voting machines out there. And each U.S. county uses what they feel works, including electronic and optical scanning devices. Plus, about 75 percent of the country makes their choice on plain ole paper.
In this particular case, they say they found some major issues.
“So what we’re seeing is what a voter would be presented with when they go into a precinct. When you get your voter identification card, which is a smart card, and you would insert it into the machine, and then go ahead and start your voting process,” Symantec Senior Researcher Brian Varner said. “With the smart cards running small little computer systems on there, a device as tiny as this could be used to manipulate the smart card to allow you to vote multiple times.”
“So the idea behind this – anyone who is able to get their hands on the cards that are going to be used, if they have the technical skills, they can essentially build what you just built, which allowed them to go cast their vote as many times as possible,” Segall said.
“I can probably put about 400 votes in myself in less than a couple minutes and the poll workers would be none the wiser,” Varner responded.
Segall wanted to know more.
“Take us through what happens after you submit your vote. What are other ways that this could be vulnerable?”
“These devices have to communicate with some sort of database system. We don’t know what the transport network looks like between this machine and the actual database server,” Varner said. “So anywhere along that path, if a hacker was to have something installed then the communications could be intercepted.”
Given all this research, Varner says he plans to vote old school.
“I can tell you this year I will be voting via paper with a mail-in ballot,” he said.
And while thinking about “a compromised election” keeps Varner up at night, he doesn’t believe we’re that close to one yet.
However, he does want to raise awareness of these types of vulnerabilities. Even if just one voting machine is perceived as compromised, that has broad implications in how the American public will view the political process.