Hackers Could Purchase Enough Personal Information To Alter Voter Registration Files In 35 States

A vulnerability in voter registration websites could be exploited to disenfranchise voters in key states and precincts.

Harvard researchers have discovered a vulnerability on government websites that may let hackers and other malicious actors change your voter registration information and potentially cause chaos on election day.

The fear is that this vulnerability could be used either to undermine confidence in elections and depress voter turnout, or even to swing the results in favor of a specific candidate.

“If the goal is to undermine any belief in the electoral system, then they might very well want to target a particular community at large…[because] that could cause a kind of hysteria,” Sweeney said. “People will say what kind of system is this? We didn’t get a chance to vote, our whole community didn’t get a chance to vote.”

The California secretary of state and Riverside County District Attorney Mike Hestrin launched an investigation, but because the state’s system hadn’t recorded the IP addresses of the computers that made the changes, there was no way to figure out the identity of the hackers. It’s unclear to what extent tampering actually prevented voters from casting ballots, but “[t]he lingering mystery of the voter registration changes bred doubt among members of both parties,” Time reported.

Looking back at the events in Riverside County in June 2016, federal officials began to speculate that it may have been a “test run” for future attacks by Russian hackers. One former cybersecurity official who looked into the case told Time that the Riverside County hack “looked like a cyberattacker testing what kind of chaos they could unleash on Election Day.”

The study found that the information needed to impersonate voters on all 36 voter registration websites could be acquired relatively cheaply from government offices, data brokers, the deep web, or darknet markets. For just $1,002, a hacker could purchase two datasets — one believed to have come from a massive data breach of credit bureau Experian — that contained the names, address, dates of birth, gender, and Social Security numbers of most American adults.

Using that information, cyberattackers could theoretically access and alter the voter registration files of thousands of Americans. In some states, the study found, it would cost as little as $1 to change one percent of voter records. In the 2016 election, “there were several states where the margin of victory was within one or two or five percent,” Sweeney noted.

The study authors pointed out that most states have safeguards in place to prevent widescale attacks on voter registration systems. For example, many states use Captcha systems to ward off attacks using automated scripts. However, as Sweeney noted, most Captchas are behind the times and are becoming easier to crack. Python scripts and other codes that can defeat most Captchas are available online, and services officered through work order sites like Amazon’s Mechanical Turk could help hackers breach uncompromised systems.

Some states have additional security — such as requiring officials to review and confirm address changes — that could halt an attack before major damage is done. Also, 10 of the 35 state voter registration sites at least keep a record of web access and change logs, so officials can switch back to the old copies of records if tampering is suspected.

Still, the authors are urging states to take additional steps to protect against potential attacks. “A human may notice if a larger than usual number of changes appear,” Sweeney said, “but what if the number is only a few more a day?”

The ultimate question is how the government can ensure it’s actually dealing with citizens when it conducts business online. While commercial fraud is obviously a problem, the stakes are far higher for the government.

“If a commercial site is compromised, the downsides are not the same,” Sweeney said, “because it doesn’t compromise our entire democratic process.”

Related posts:

Lembro-me da minha infância. Dos passeios que fazia com a minha avó e mãe em São Tomé das Letras, uma cidadezinha do interior de minas. A cidade não dava nem 6.000 de habitantes direito, pelo menos…

New Era Network offers access to IDO in a safe and secure manner and service package for new project on different blockchain. In August 2021, we launched New Era Network, a decentralized…

Morning routines help with time management and maintaining healthy daily habits. These tips will help to create a healthy morning routine.