Hacking & U.S. electionsVulnerability flaws in some voting machines

Cris Thomas, a strategist for Maryland-based Tenable Network Security, told CNBC’s “On the Money” that security researchers have found vulnerabilities in the machines some voters will be using Tuesday to vote.

DHS confirmed that hackers have already attacked the voter-rolls databases of twenty-three states, and that the department has been asked by forty-six states to help provide “cyber hygiene” for these states’ voting systems.

Experts say it would not be too difficult for knowledgeable hackers to do damage.

“The machines themselves physically have been shown to be very vulnerable,” Thomas said.

NBC News reports that this is especially the case since some machines rely on outdated technology.

“The fact is we’ve been voting on old technology, old Windows 2000 based operating systems… The voting machines themselves are archaic, having been around for 10-15 years,” said Congressman Hank Johnson (D-Georgia) Democrat who has sponsored legislation on the issue.

Researchers at Symantec tested voting machines used in the 2012t election, and found many security flaws.

“It literally took a couple of days…we were able to then reverse engineer all the stuff on that system. What was fascinating is the last election’s information was still on those hard drives,” Samir Kapuria, a senior vice president of cybersecurity for Symantec, which makes Norton Internet Security, told NBC News.

One machine, for example, gives voters a card to insert and use to cast their ballot, and the card is reused by multiple voters. Symantec would not reveal the manufacturer of those machines, but said they are still in use.

That card could be reprogrammed to make it appear as if the same person cast a ballot multiple times.

Even worse, Kapuria said, there is no paper trail.

“There isn’t a recourse. That’s why it’s such a risk…It could create fear, uncertainty, or doubt in the whole election process,” Kapuria said.

What would make any attempt by hackers to engage in voting-machine hacking on a large scale is the fact that there are many different types of voting systems across the country. “Right now we have over 9,000 jurisdictions all with different types of equipment and that sort of helps promote the resilience of our electoral system,” Thomas told CNBC. Also, most voting systems are not connected to the Internet during voting, reducing the possibility of a Web-based attack. Some of these machines, however, are connected to the Internet during maintenance and upgrades – or use USB drives for maintenance and upgrades – so hackers can insert malware at least into some of the machines.

“The fact that these machines require physical access to cause harm helps to limit the possibility that there is any nefarious activity going on,” Thomas said.

Experts thus believe that one machine could be compromised, but that wide spread hacking is unlikely.

DHS is not resting easy, though.

Johnson sponsored the Election Infrastructure and Security Promotion Act of 2016 (H.R. 6073), which would classify voting systems critical infrastructure. The bill is currently in subcommittee.

“There are some minimum standards that are in place, but they have not been adjusted for quite a long time,” Johnson told CNBC. “There is always a need for the federal government to continue analyzing, modifying, and putting in place new processes and procedures and standards that will keep up with the changing technology.”

“We have confidence in the overall integrity of our electoral systems. …Nevertheless, we must face the reality that cyber intrusions and attacks in this country are increasingly sophisticated,” DHS Secretary Jeh Johnson, said in a recent statement.

Voting security surface in every election round, but this time there is an additional worry: Russia’s hacking campaign in the run-up to Election Day has added a new dimension to the more traditional security worries. Russia’s goal was not only to undermine the Hillary Clinton campaign and help Donald Trump—but more importantly, Russia’s long-term goal has been to discredit U.S. political institutions and sow confusion and anxiety.

Experts say now is the time to take decisive action to protect the U.S. election system.

“Starting on November 9, we really need to have a strong national conversation about what we’re going to do with our voting systems so that the next election we don’t have this same issue” Thomas told NBC News.