X

Don’t let Election Day rumors of hacked voting machines keep you from the polls

You’re going to hear a lot of noise about voter hacks. Be skeptical.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
5 min read
A hacker at Defcon takes a close look at the software on a Diebold voting machine.

Hackers at Defcon took a close look at the software on a Diebold voting machine.

Alfred Ng/ CNET

If you see an alarming post on Twitter or Facebook claiming that a voting machine was hacked on Election Day, take a deep breath.

US officials are expecting a wave of disinformation on social media as foreign actors seek to sow distrust in the electoral process. That includes lying about voting machines, which Russian trolls did during the 2016 presidential election.

Social media has become a hotbed of disinformation leading up to Tuesday's midterm elections, with hoaxes touching on issues like immigration and voting. In the case of hoaxes about hacked voting machines, the goal is to discourage people from even showing up on Election Day.

"As we saw in 2016, foreign adversaries may be looking to amplify alleged voting problems to further divide us and diminish confidence in our elections," said David Becker, executive director of the Center for Election Innovation and Research.  

It's easy to believe that a voting machine could be hacked. Security researchers at the hacking conference Defcon found that many are outdated and vulnerable to cyberattacks, and half of the US is using voting machines with a known vulnerability.

But keep this in mind: The existence of a vulnerability doesn't mean the machines have actually been hacked.

Watch this: Be wary of posts claiming voting machines are hacked

Viral videos have purported to show "hacked" machines -- but the problems turned out to be a software error or human mistake. In late October, for instance, voters in Texas complained that their machines were switching their votes, but it was because of a software bug.

On Election Day in 2016, a Russian Twitter account received more than 29,000 retweets for a video claiming that a voting machine was broken, even though the reality was that the person in the video was just using the machine the wrong way.

Those short videos don't show that kind of nuance, but they are great for foreign actors to parade on social media to discourage voting. Secretary of Homeland Security Kirstjen Nielsen noted that disinformation on social media is more of an issue for her than the possibility of machines getting hacked.

"My biggest concern is that a foreign entity will take the opportunity after the election, or the night of the election, to attempt to sow discord through social media by suggesting that something's not working as it should in a particular area," Nielsen said Friday.

Election Day updates

By 3 p.m. ET on Election Day, DHS officials said they had seen limited disinformation across social media, most of which was unintentional. One example: automated text messages urging people to "vote tomorrow" that were accidentally sent out the morning of. 
On the intentional hoaxes, the DHS said platforms like Facebook and Twitter were proactively removing those posts. 
Meanwhile, on social media, voters have posted frustrating experiences about broken machines and long waits. Touchscreen issues were already reported in South Carolina, while potential voters reportedly left after waiting hours in Georgia, according to the Atlanta-Journal Constitution.
DHS officials said that these technical malfunctions were not signs of an attack on election infrastructure. In one Georgia precinct, NBC News reported the machines weren't running because election officials did not provide power cords.  
The DHS has been receiving updates from local election officials in 20 states, searching for connections between issues slowing down voters. By Tuesday afternoon, nothing extreme had popped up, despite frustration mounting on social media. 
"The reports that we've received are sporadic in nature and folks are still able to vote," a DHS official said. 
The agency did spot scanning activity -- when an attacker looks for vulnerabilities -- but that happens on a daily basis.

Stay skeptical

Here's something that should be a red flag for you: someone claiming a machine has been hacked but not providing any evidence.

If you didn't believe it when disgraced politician Anthony Weiner said a hacker posted his lewd photos to Twitter or when NBA star Kevin Durant said he was hacked after he tweeted a smoking selfie, you shouldn't immediately trust posts about hacked voting machines, either.

If you see a post claiming there's been a voting machine hack, the first thing you should look for is evidence. A video showing a machine malfunctioning should not be enough to convince people that there's been a cyberattack.

"That could easily be attributed to a touchscreen error," said Jake Williams, founder of Rendition Security. Proper evidence would only come after a qualified security firm or researcher performs a forensic analysis on the voting machine and the computers used to count the votes, he added.

Look to see if an election official has confirmed any details about a cyberattack. Also keep in mind that a cyberattack can take a long time to verify and attribute.

When Brian Kemp -- Georgia's secretary of state and a candidate for governor -- accused the Obama administration of attempting to hack into the state's computers, it took more than six months for investigators to prove him wrong.

Kemp made another accusation on Sunday against the Georgia Democratic party, alleging it attempted to hack the state's voter registration system, again without any evidence.

"It's important to remember that just because a device is shown to be vulnerable to a particular attack, that doesn't mean that the device will be hacked," Williams said. "Most attacks against e-voting machines require specific conditions to be successful, and those conditions may or may not be available to a potential attack."

US officials know about voting machines with security flaws but aren't as concerned about hacked hardware as they are about disinformation.

"At this time we have no indication of compromise of our nation's election infrastructure that would prevent voting, change vote counts, or disrupt the ability to tally votes," said a joint statement Monday night from Nielsen, Attorney General Jeff Sessions, Director of National Intelligence Dan Coats and FBI Director Christopher Wray. "But Americans should be aware that foreign actors – and Russia in particular – continue to try to influence public sentiment and voter perceptions through actions intended to sow discord."

On the propaganda front, foreign adversaries know they don't have to actually hack a machine for people to lose trust.

Around Election Day in 2016, Russian operatives from the Internet Research Agency tweeted about hacked voting machines more than 100 times, and also using the hashtag "#RiggedElection" 61 times. There's no evidence of any machines that were hacked during the 2016 presidential election.

These disinformation campaigns have shown that it's easy to spread lies about a cyberattack on social media. But you should remain skeptical of what you're seeing. Voting machines are vulnerable and in dire need of updates, but until you see solid  evidence of a cyberattack, it could also just be a glitch.

"Even if you have concerns about the e-voting machines, you should still vote," Williams said.

Originally published at 5:01 a.m. PT. 
Updated at 1:15 p.m. PT: To include remarks from DHS officials tracking Election Day activity.

Election security: Everything you need to know about election security in the 2018 US midterms.

Blockchain and the ballot: No, blockchain isn't the answer to our voting system woes.