Hacking Can Win the Lottery: Can It Win an Election?
Politics is always a circus, but this year’s electoral cycle feels more like a discarded plotline from Mr. Robot or House of Cards than a solemn exercise in democracy.
This looks set to be the first year in which hacking will have a tangible impact on electoral campaigning, with virtually all of it having been directed at the Democratic party and the Hillary Clinton campaign.
Hacking and the 2016 U.S. Election
This election cycle has been dominated by a number of stories that are grounded in cyber-security, and probably the biggest story has been the Hillary Clinton email controversy.
Hillary Clinton and Her “Damn Emails”
Clinton is now the Democratic presidential nominee, but before then she was the Secretary of State. During this time, she used a private email server to conduct official State Department business rather than an email address provided, operated, and secured by the State Department.
This was controversial for a number of reasons . Transparency advocates were outraged as it put Clinton’s emails out of the reach of the FOIA (Freedom of Information Act), but also because the communications that went through this server were of a classified and deeply sensitive nature.
Because Clinton held a privileged position in the U.S. government, any data leakage would have been seriously damaging to American interests. The server itself suffered from a number of serious security vulnerabilities. And while it hasn’t been confirmed yet, FBI Director James Comey has stated “it’s possible” her system was hacked.
Comey later excoriated Clinton for being “extremely careless”. Despite that, he said the FBI will not recommend that Clinton be indicted. From a judicial perspective, this matter is closed — the same isn’t true on the campaign trail, and the email issue has continued to be a thorn in the side of Clinton.
WikiLeaks and the DNC Hack
The most recent hack happened at perhaps the worst time for the Democrats, during their all-important convention in Philadelphia where Hillary Clinton was crowned as nominee. This was a fraught time for the party and it was important for the Democratic Party to reconcile the Clinton camp with supporters of Senator Bernie Sanders, many of whom still have their reservations about Clinton.
Earlier this year, the email systems of the Democratic National Convention were attacked by a hacker using the alias Guccifer 2.0. This was an homage to Marcel Lahar, the original Guccifer, who was extradited to the United States earlier this year on charges of hacking email accounts belonging to those close to the Bush family.
During the hack, a cache of almost 20,000 emails and 8,000 attachments were stolen, which were then passed to WikiLeaks . Controversially, these contained the unredacted passport and green card information of overseas American citizens and permanent residents who had donated to the Clinton campaign.
Most of the emails were ordinary business communications. However, some emails raised questions about the neutrality and impartiality of the DNC executive committee, especially with respect to the Sanders campaign.
Hacked Voicemails and Further Surprises
In addition to the 20,000 emails, WikiLeaks also released a trove of stolen voicemails from the Democratic Campaign. These were a bit of a damp squib. Most were just routine business voicemails, and one was a conversation between a father and young boy who were visiting a zoo.
There were three voicemails that raised criticism of the ascendency of Bernie Sanders in the Democratic Party. All of these were anonymous. One woman who was featured on two recorded voicemails described herself as being “on a fixed income” and having donated $300 to the party. It’s impossible to tell wether the remaining voicemail was from a big-money donor, or just an ordinary Democratic Party supporter.
Julian Assange, the founder of WikiLeaks, has said that more is to come. He has even gone as far to say that a future leak will be the catalyst that sees Clinton indicted — whether that will come to pass remains to be seen. Nonetheless, senior Democratic officials are worried that a damaging leak in October could tip the election for Trump.
The DNC Hackers
According to research by CrowdStrike, the intrusion into the DNC network was the act of two groups called Fancy Bear and Cozy Bear, also known as APT 28 and APT 29, respectively. These two groups are believed by some analysts to be Russian in origin.
Cozy Bear’s modus operandi is to spear-phish individuals using emails weaponized with malware that is then used to download further malicious software, most of which is Remote Access Trojans (RATs). CrowdStrike noted that these RATs were sophisticated, and contained obfuscation measures that prevented the malware from being analyzed in virtual environments.
They have extensive checks for the various security software that is installed on the system and their specific configurations. When specific versions are discovered that may cause issues for the RAT, it promptly exits. These actions demonstrate a well-resourced adversary with a thorough implant-testing regime that is highly attuned to slight configuration issues that may result in their detection, and which would cause them to deploy a different tool instead.
It’s also believed by some that Guccifer 2.0 is a Russian effort to deflect blame for the hacking, even though Guccifer 2.0 himself has admitted to Motherboard that he is Romanian. But, according to ThreatConnect:
Although the proof is not conclusive, we assess Guccifer 2.0 most likely is a Russian denial and deception (D&D) effort that has been cast to sow doubt about the prevailing narrative of Russian perfidy.
However, ThreatConnect admitted that there’s a possibility that Guccifer 2.0 could be an independent actor.
The Problem of Electronic Voting Machines
Beyond international hackers, there’s an even bigger threat: that technology could hijack the upcoming election.
For years now, the United States has used electronic voting machines, despite the fact that they’re a terrible way to conduct elections. It’s just too difficult to guarantee the integrity of any votes cast. Computerphile explains why below:
Earlier this year, an Iowa man was convicted for rigging the random number generators used by various lotteries in order to earn big-figure jackpots for himself. This wasn’t theory. This wasn’t an academic exercise. This actually happened.
If someone could do that, it’s completely possible that someone could do the same with an electronic voting machine. Indeed, there are examples of voting machine irregularities swinging election outcomes. Perhaps the best example was in the 2000 general election where defective electronic voting machines were used in Democrat-leaning neighborhoods.
This meant that hundreds of cast votes weren’t counted. George W. Bush won that state by a margin of 537 votes and ultimately won the presidency.
Since then, the underlying technical and theoretical problems with electronic voting machines have not been solved. Blockchain-based solutions show promise , but the current systems are still opaque, unaudited, closed-source boxes. They do not guarantee anonymity or the integrity of a vote.
Has Our Democracy Been Hacked?
Absolutely. No matter what you think of Clinton, all of these issues are incredibly problematic.
However, it doesn’t appear to be working. As of this writing, Clinton has a 76% chance of winning the U.S. general election according to Nate Silver’s FiveThirtyEight.
That said, the race is still young. Who knows what Julian Assange will pull out of his hat in the coming months? Given the insanity that has been the past year, I’m not prepared to rule anything out.
How do you feel about the integrity of modern elections? Think about it and share your thoughts with us down in the comments!