Skip to content

September 14, 2017

Voter registration websites make some records vulnerable

by John_A

Those government websites that allow you to change voter registration details might seem convenient, but they also make you vulnerable to ID theft and could be used to manipulate elections. That’s what a team of Harvard researchers found when they took a closer look at those types of websites that 35 states and Washington, DC provided to their residents during the 2016 Presidential elections. They determined that the websites give attackers an easy way to mess with election proceedings, similar to what might have happened in Riverside County, California.

If you’ll recall, a number of voters in Riverside found themselves unable to cast a ballot during primary day because their details were inexplicably changed. Time’s follow-up report published this year said Russian hackers might have used the county as some kind of a test bed for their next attacks designed to rig election results in the US. With these registration websites in place, attackers can replicate what happened in Riverside en masse.

They’ll be able to easily change your address, assign you to a different precinct or change your party affiliation. How? The study’s co-author, Latanya Sweeney, used Delaware as an example. She told IEEE:

“With Delaware, you have a choice. You can either provide the person’s name, date of birth, and zip code; or you can provide the person’s driver license number and date of birth. If you were playing the role of the attacker, the question is where could you get a Delaware voter’s zip code. And the answer is the Delaware voter list.”

Hackers can easily buy that list for $10. And if they need your name, date of birth and other details, they can also scour the dark web and buy packages of data from information brokers for a few bucks. Considering how much info we give various companies and how many cyberattacks happened these past years — one voting machine supplier recently leaked 1.8 million voter records, for instance — hackers will definitely be able to gather enough info to access a lot of people’s registration details.

Sweeney says one of the few things preventing widescale attacks on voter registration systems is Captcha, though the technology is also becoming easier to crack. Also, 10 of the 35 states at least keep a record of web access and change logs, so officials can switch back to the old copies of records that show tampering. To ensure that these websites won’t cause problems in the future, the researchers are holding a workshop for state officials and their IT departments. Team member Ji Su Yoo explained that they’re not trying to get rid of voter registration websites. They simply want to “push everybody to have a good and productive conversation about how to implement them in a way that is really secure.”

Via: IEEE Spectrum

Source: Technology Science

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: