The question on the mind of many voting security experts is not whether hackers could disrupt a U.S. election. Instead, they wonder how likely an election hack might be and how it might happen.
The good news is a hack that changes the outcome of a U.S. presidential election would be difficult, although not impossible. First of all, there are technology challenges -- more than 20 voting technologies are used across the country, including a half dozen electronic voting machine models and several optical scanners, in addition to hand-counted paper ballots.
但黑客选举的主要困难是不到组织一个技术挑战,黑客需要进行编组和管理,把它关闭所需的资源,选举安全专家说。和条件的极少数需要落入地方选举的黑客工作。
许多美国投票系统仍然存在漏洞,许多州使用统计不健全选举审计实务,乔Kiniry,经过较长时间的选举安全研究员说。
"With enough money and resources, I don't think [hacking the election] is actually a technical challenge," said Kiniry, now CEO and chief scientist at Free and Fair, an election technology developer. "It’s a social, a political, and an infrastructural challenge because you'd have a medium-sized conspiracy to achieve such a goal. Technically, it’s not rocket science."
Kiniry, in an今年早些时候采访, called the U.S. voting system "ripe for manipulation," fueled by a divided nation. "The state of the infrastructure is terrible, and we have a terrible political climate and a lot of money sloshing around," he said.
+Read Network World's package of stories on hacking an election+
不过,几个条件would need to be in place for hackers to change the outcome of a U.S. presidential election.
First, hackers would need a tight national election其中,黑客的一个或两个摇摆州的结果可能改变结果。
Remember, the U.S. president isn't elected by the national popular vote, but through the Electoral College, where each state gets a number of votes based on its population.
坏消息是,目前的总统竞选被塑造是一个紧张的比赛,共和党唐纳德·特朗普和民主党人希拉里·克林顿并驾齐驱,在颈部在十几状态为9月下旬。
This year's race may mirror the razor-thin 2000 and 2004 victories by Republican George W. Bush. In 2000, Democrat Al Gore won the popular vote, but Bush won Florida’s 29 Electoral College votes in a squeaker, leading to an Electoral College victory of 271 to 267.
In 2004, had Democrat John Kerry won Florida or Ohio, he would've been elected president instead of Bush.
The good news is that there's still time for one candidate to pull away and allay fears of a hacked election. And many recent elections haven't been close enough to raise concerns.
美国总统奥巴马在选举人团赢得了良好的利润率在2008年和2012年的1972年,1980年,1984年,1988年,1992年,和1996年的总统选举也分别在选举团相对井喷。
需要被攻击的竞选第二个条件是可用的攻击向量。Unfortunately, most election security experts don’t have a hard time imagining one.
Fifteen states still use outdated electronic voting machines without attached printers, which can be used to audit their internal vote counts. More than half of the states are still using these direct-recording electronic machines or DREs, with or without attached printers, and many voting security experts say both types of DREs have vulnerabilities.
Among the states using DREs without paper trails are potential swing states Pennsylvania, Virginia, and Florida. Those states don't use DREs statewide, so hackers would have to research the jurisdictions where DREs are still being used.
俄亥俄州,内华达州,威斯康星州和北卡罗莱纳州:使用与销毁去除率在一些连接的打印机或所有司法管辖区的潜力摇摆州。
美国有超过5000个投票管辖范围,指出道格拉斯·琼斯,在美国爱荷华大学的计算机科学教授。“有些跑得很紧的船舶,但有些草率,”他说,通过电子邮件。“因为他们都至少有一点不同,你需要选择一个司法管辖区是脆弱的,在那里你可以窃取选票的数量足够有所作为。”
Finally, hackers would need the resources to pull off a major election system breach.They would probably need a small to medium-size team, significant funding, and the organizational discipline to keep the hack secret. A leak of a hacked election could lead to criminal charges and would almost certainly turn public opinion against the winning presidential candidate. News of a hacked election could damage the winning candidate’s political party for decades.
"A medium-sized conspiracy might be able to hack one or two swing states," said Jones, who hasresearched voting-machine security。“挥动关闭状态,这可能是足够的摆动只是一个中型或大型的县。”
With the number of voting jurisdictions in the U.S., "it is quite likely that you'll need a small team to hack each jurisdiction you select even if they run the same voting machines, because of the differences in election administration," he added. "So the size of your conspiracy -- and your risk of exposure -- grows with the number of counties you attack."
Still, there’s been evidence this year of outside hackers, like Russian teams, trying to raise doubts about the U.S. election. "If you're a state-level player with national-scale resources, you can set up multiple teams," Jones said.
如果这些条件都在地方,这里有三个黑客的场景:
依赖于物理访问的销毁去除率1的攻击in the weeks leading up to the election.
这种攻击将涉及黑客实际上选举浸润团队或会根据周围的投票机体质较差的安全性。在随后几年中2000年大选的DRE仓促,许多投票的安全专家发现,在很大程度上取决于对机器的物理访问漏洞的主机。
This is a potential attack vector that would likely involve a fairly large number of sneaky conspirators who don’t get caught.
考虑到所有这些潜在的问题,这种攻击可能是不太可能的。这是一个“不成熟版”选举黑客,自由和公正的Kiniry说。
在软件更新过程上的销毁去除率2的攻击。这比1号虽然不应该销毁去除率在大选中被连接到互联网的更可能的情况,很多型号DRE打通网络连接的软件更新。
缺乏在选举日的互联网连接不作销毁去除率“免疫网络黑客”,因为他们的选举管理系统[EMSes]中,琼斯说。A“聪明的黑客”可以用来装载选票和其他选举配置信息的过程中注入恶意软件到销毁去除率,他说。
在许多国家的基本大选前检查可能无法找到恶意软件,他补充说。“恶意软件可以做的是,在偶数年只在第一个星期二的触发器十一月第一个星期一之后,”他说。“恶意软件可以以触发方式作出,如果调查是开放的时间超过6小时。恶意软件可能只如果机器使用超过25名选民触发进行。”
Unplugging DREs from the internet is a "red herring," Kiniry added. "The threat vectors on DREs and similar equipment -- as shown many times by security researchers -- are manifold," he said. "Installing malware in an EMS over the 'Net and then having that EMS infect a ballot definition file written on a USB stick or DVD is totally a thing."
3.最后,一些黑客的目标可能是令人怀疑about the election results, instead of swinging the election for one candidate. This is is the scariest potential attack because the hackers would need to compromise just one election system in one jurisdiction, and it wouldn't need to be in a swing state or affect the outcome of the election.
With recent attacks on the Democratic National Committee, some U.S. law enforcement authorities have accused Russian hackers of trying to influence the election. Republican Trump has suggested that ifhe loses in November,the election will be "rigged."
A close election is needed for hackers "only if you are looking to actually change the outcome," Kiniry said. "If all you want to do is cast doubt on the outcome, it doesn't matter if it is a landslide for Clinton or a squeaker for Trump, you just do a hack or two and reveal it to the media after-the-fact."
黑客还可以用选报名表发问乱动,Jones补充。或者,他们可以释放伪造的电子邮件,使其出现在选举遭到黑客攻击。
“如果我是普京还是在朝鲜的那种人,我不会真的关心谁赢得选举,我会想要做的是非法化的选举,”他补充说。“要做到这一点,你并不需要成功地破解它,你只需要创建普遍印象是,它已经被黑客入侵。”
