The phones in the Alaska Division of Elections may be ringing off the hook later this month — as soon as the public sees an upcoming HBO film that says Alaska’s election technology is penetrable by hackers.
Kill Chain: The Cyber War on America’s Elections promises to give viewers a deep dive into the vulnerabilities of today’s election technologies and posits that the cyber attacks it describes are part of a coordinated effort to reduce Americans’ confidence in their elections.
In the film, an India-based computer hacker who says he broke into Alaska’s election system claims he was able to compromise Alaska’s voting systems on the day of the 2016 Presidential Elections and could have changed any vote or deleted any candidate.
The account of the attempted break-in has just enough truth to sound plausible: In 2016, a hacker who went by the Twitter handle @CyberZeist did, in fact, post a screen shot on Twitter of what appeared to be a compromised Alaska Division of Elections reporting system.
The exploit has been roundly disputed by not only Alaska election officials, but the Department of Homeland Security.
Alaska was one of 21 states that the Department of Homeland Security said was targeted by Russian scanners looking for system vulnerabilities. But this attempted break in was a different matter.
According to the state information technology professionals, the hacker only proved he or she could get into a public area of the database that showed the GEMS election results.
“Our analysis of this event is that there was no compromise of classified information as election results are public data. With the PHP vulnerability patched and the SOP for elections reporting, I am confident we have this matter resolved,” according to a 2016 internal email in the Department of Administration.
“It is worth mentioning @CyberZeist did make a general threat to launch distributed denial of service attack(s) today. The threat is not specific to the State of Alaska, but if such an attack is launched against elections.alaska.gov we may be impacted which would result in delays and timeouts when people attempt to access the election results online at elections.alaska.gov,” the interoffice memo said.
In fact, the tabulation results form the elections in Alaska are handled by a different computer, and are hand carried one way from the tabulation system to the elections web server.
But the HBO film says that official accounts are wrong and claims “individuals and foreign states can employ a dizzying array of simple, low-cost techniques to gain access to voting systems at any stage – from voter registration databases to actual election results to malware that can be widely distributed and anonymously activated without detection at any point.
“News reports and government agencies have chronicled dozens of seemingly random, unrelated security breaches in the past, but Hursti asks us to consider them as potentially part of a coordinated “kill chain” – a military strategy that employs meticulous, long-game attacks. At the end of this kill chain: a breakdown in the public’s trust in elections and with that collapse, a loss of faith in the democratic process itself. While outlining the startling ease with which votes can be altered, KILL CHAIN points to the clear, easy-to-implement solutions available to protect us against sabotage.”
The film producer interviews various Democrat officials, such as U.S. Senators James Lankford (R-OK), Mark Warner (D-VA), Ron Wyden (D-OR) and Amy Klobuchar (D-MN), as well as cyber experts in the election security industry. Those include Jeff Moss, the founder of DEF CON, the world’s longest running and largest underground hacking conference; former United States Permanent Representative to NATO Douglas Lute, who was appointed to the post by President Barack Obama; former cyber analyst for the U.S. Air Force and now private security analyst Jake Stauffer; Marilyn Marks of the Coalition for Good Governance; Professor J. Alex Halderman of the University of Michigan; UC Berkeley Professor of Statistics Philip Stark; and the person who purports being the anonymous hacker who broke through Alaska’s election system barrier: CyberZeist.
As for Hursti, he hacked into a widely-used voting machine in Florida in 2005. Under test conditions done in cooperation with election officials in Leon County, where the state’s capital of Tallahassee is located, he was able to prove that that he had compromised the results of test election, which asked participants the question: “Can the votes on this Diebold system be hacked using the memory card?”
Hursti says the same Diebold machine will be used in many states in the 2020 election.