Saturday, September 18, 2021
Sept. 18, 2021

Linkedin Pinterest

Experts say voting system breach poses high risk

Copies of Dominion software were distributed at South Dakota event organized by MyPillow CEO Mike Lindell

By
Published:
3 Photos
FILE - In this Jan. 4, 2021, file photo a worker passes a Dominion Voting ballot scanner while setting up a polling location at an elementary school in Gwinnett County, Ga., outside of Atlanta. Republican efforts to question the results of the 2020 election have led to two significant breaches of voting software that have alarmed election security experts who say they have increased the risk to elections in jurisdictions that use the equipment.
FILE - In this Jan. 4, 2021, file photo a worker passes a Dominion Voting ballot scanner while setting up a polling location at an elementary school in Gwinnett County, Ga., outside of Atlanta. Republican efforts to question the results of the 2020 election have led to two significant breaches of voting software that have alarmed election security experts who say they have increased the risk to elections in jurisdictions that use the equipment. (AP Photo/Ben Gray, File) Photo Gallery

ATLANTA — Republican efforts questioning the outcome of the 2020 presidential race have led to voting system breaches that election security experts say pose a heightened risk to future elections.

Copies of the Dominion Voting Systems software used to manage elections — from designing ballots to configuring voting machines and tallying results — were distributed at an event this month in South Dakota organized by MyPillow CEO Mike Lindell, an ally of former President Donald Trump who has made unsubstantiated claims about last year’s election.

“It’s a game-changer in that the environment we have talked about existing now is a reality,” said Matt Masterson, a former top election security official in the Trump administration. “We told election officials, essentially, that you should assume this information is already out there. Now we know it is, and we don’t know what they are going to do with it.”

The software copies came from voting equipment in Mesa County, Colo., and Antrim County, Mich., where Trump allies had sued unsuccessfully challenging the results from last fall. The Dominion software is used in some 30 states, including counties in California, Georgia and Michigan.

Election security pioneer Harri Hursti was at the South Dakota event and said he and other researchers in attendance were provided three separate copies of election-management systems that run on the Dominion software. The data indicated they were from Antrim and Mesa counties. While it’s not clear how the copies came to be released at the event, they were posted online and made available for public download.

The release gives hackers a “practice environment” to probe for vulnerabilities they could exploit and a road map to avoid defenses, Hursti said. All the hackers would need is physical access to the systems because they are not supposed to be connected to the internet.

“The door is now wide open,” Hursti said. “The only question is, how do you sneak in the door?”

A Dominion representative declined comment, citing an investigation.

U.S. election technology is dominated by just three vendors comprising 90 percent of the market, meaning election officials cannot easily swap out their existing technology. Release of the software copies essentially provides a blueprint for those trying to interfere with how elections are run. They could sabotage the system, alter the ballot design or even try to change results, said election technology expert Kevin Skoglund.

“This disclosure increases both the likelihood that something happens and the impact of what would happen if it does,” he said.

The effort by Republicans to examine voting equipment began soon after the November presidential election as Trump challenged the results and blamed his loss on widespread fraud, even though there has been no evidence of it.

Judges appointed by both Democrats and Republicans, election officials of both parties, and Trump’s own attorney general have dismissed the claims. A coalition of federal and state election officials called the 2020 election the “most secure” in U.S. history.

Self-fulfilling prophecy

Geoff Hale, who leads the election security effort at the U.S. Cybersecurity and Infrastructure Security Agency, said his agency has always operated on the assumption that system vulnerabilities are known by malicious actors. Election officials are focused instead on ways they can reduce risk, such as using ballots with a paper record that can be verified by the voter and rigorous post-election audits, Hale said.

He said having Dominion’s software exposed publicly doesn’t change the agency’s guidance.

Security researcher Jack Cable said he assumes U.S. adversaries already had access to the software. He said he is more concerned that the release would fan distrust among the growing number of people not inclined to believe in the security of U.S. elections.

“It is a concern that people, in the pursuit of trying to show the system is insecure, are actually making it more insecure,” he said.

Loading...