In September 2017, the Department of Homeland Security (DHS) warned at least 21 states that Russian hackers targeted their voter registration databases a year prior.
In late February 2017, a report stated that voter registration databases were penetrated in seven states. The report was quickly denied by DHS.
Why hack voter registration databases, though?
How could hacking a voter registration database be part of hacking an election?
The most obvious answer is disenfranchisement. If voters are deleted, they may not be listed in the poll books when they try to vote. The same is true if their addresses or identifying information are changed. At that point, they may cast a provisional ballot, or simply walk away confused without casting a vote.
An article in the Christian Science Monitor highlights this potential danger.
But the article continues. There is another, even more ominous, way that a hacked registration database could contribute to election hacking.
When most people think of “election hacking,” they think of vote totals being changed. But as with any sophisticated crime, there is a second part. The cover-up.
Anyone changing vote totals needs also to make us think nothing really happened. They need us to feel like there is a reason for the results. Disgruntled voters? Changing demographics? A poor campaign? Nothing to see here. Please move along.
Any semi-plausible explanation that will keep us from rethinking our election systems and ending the game for good will suffice.
We rely on voter registration data to give us information about voters. We use this data to answer questions like:
> How many voters are registered in each precinct?
> Are they Democrats? Republicans? Not affiliated with either major party?
> How many voters went to the polls?
> Was there low turnout in some areas? Higher turnout in others?
The answers to these questions create explanations for election outcomes, particularly when an outcome is surprising. In the case of the 2016 presidential election, researchers and journalists turned to registration data to make sense of the unexpected outcome.
The Vulnerabilities Nobody Talks About
But what if the voter registration data itself has been altered? What if the data that seem to show shifting political landscape are false? What if “zombie” voters were added to the voter rolls to alter apparent demographics? In order to explain an outcome that was almost unbelievable?
Control the registration system. Control the voters, control the votes, control the narrative.
When we talk about hacking a voter registration database, what does that mean? In a nutshell it means getting access to the data, and stealing it.
Or worse. Changing it.
This can be done several ways.
There is SQL injection, for instance, where a hacker takes advantage of code vulnerabilities to alter a database by sending code through a form input or even through the URL.
During the 2016 campaign season, Russia (we now know) gained access to the Illinois registration system via SQL injection. At least one report indicates that some registration records were altered during the breach.
The Illinois attack has been well documented and examined. A timeline provided by the state gives a substantial amount of detail on the attack and the response to it. The attackers compromised the database by accessing, and possibly altering an unknown number of records. In a response memo written after the DHS report, Wisconsin noted that either the same SQL injection vulnerability or a similar one was present in their systems. They insisted, however, that they addressed it during upgrades conducted in January 2016.
Other Ways to Penetrate Election Systems
But there are other ways to penetrate these systems beyond an obvious “hack” like those detected by DHS.
For instance, an employee or contractor working on one of these systems via a built-in “backdoor” in the code could compromise a voter registration system. A small snippet of malicious code could be hidden in systems that allow privileged users to add, update, or access data in these databases. This code could be used to steal passwords or to allow remote database access for selected outside users.
Finally, a voter registration database could be altered maliciously by any member of the public via the “Change Your Registration” form on the websites of many states. A study published in September by Harvard researchers shows how easy it would be to manipulate voter data using these forms.
Manipulating Voter Registration Data
The researchers found that many states allow you to purchase enough information about voters that anyone can impersonate that a voter and change information. Using these online forms, everything from address to party preference or names can be changed.
We quickly found one state where we could easily manipulate voter data this way. Though, we made no actual changes because that would be a felony. We looked at Pennsylvania, where Trump edged out Clinton by less than 45,000 votes, or 0.73%. Where the smallest hiccup in the electoral process could have affected this thin margin.
Pennsylvania Voter Registration Data
We purchased a snapshot of the Pennsylvania voter registration data for $20. Over 8.5 million records. Names, addresses, dates of birth, political affiliation, voting history. A wealth of data. These data sets are available to the public, here.
Armed with this information, we went to the “Change your Registration” page of the Pennsylvania Department of State website. The information marked with red is mandatory. Everything else is optional. Our $20 investment gives us all we need to impersonate a voter, or many voters.
According to the instructions, we can use this form to change party, name, and address.
So, using this form we could move a number of voters to different polling places. We could outright prevent these voters from voting, by moving them away from their local precincts. Or we could look through the data for voters with no recent history of voting, perhaps the very elderly. By changing the addresses and perhaps the political parties of voters who are unlikely to actually show up at the polls, we could change the apparent demographics of a precinct without ever being detected.
In this article, Jonathan Albright documents some Python scripts posted to the code-sharing website GitHub by an employee of Cambridge Analytica. One of the scripts finds the geographic coordinates for a given address. Oddly, this script specifically mentions “VoterID”.
This script is capable of creating valid, new addresses to assign our voters to. Using this script and the information from our purchased data set, voters could be moved to new precincts. A simple browser plugin can read a list of voters and desired addresses and automatically fill out the Pennsylvania “change in registration.”
But how do we know which addresses are assigned to which polling places? We use this nifty online polling place locator interface, brought to you by the ever-helpful state of Pennsylvania:
This convenient public-facing voter registration hacking API is well-documented. Even a non-Russian could probably figure it out!
Finally, a phishing email could be sent to a county clerk or election systems vendor. If successful, the perpetrator could attempt to steal the login credentials of someone who has access to state databases. We know of at least one such cyber-attack. The attack was against employees and clients of the election technology company VR Systems.
If any logins were compromised in the attack, the entire database of any state serviced by this vendor would have been open to manipulation.
Despite the obvious vulnerabilities, journalists, politicians, and DHS insist that voter registrations weren’t changed. But how do they know that for sure?
Written by Unhackthevote
Read More Commentary about Voter Registration Databases:
Illinois. Now this is Full-On Hacking.
Pennsylvania Rabbit Hole Part I
How to Control an Election by Hacking a Voter Registration Database
Cambridge Analytica — Did They Target Voter Registration Files?