CompSci Prof raises ballot hacking fears over strange pro-Trump voting patterns

Calls for audit of votes in key swing states just to make sure nothing went awry


Donald Trump's surprise win in the United States' presidential election could conceivably be attributed to illegal hacking and needs to be investigated, according to a security expert.

A statistical analysis by J Alex Halderman, professor of computer science at the University of Michigan's Center for Computer Security and Society, has shown that in three states there were worrying downturns in votes for Democratic Party candidate Hillary Clinton. Halderman feels voting patterns were particularly odd in counties that use electronic voting machines and which don't use a paper receipt to record votes.

In some cases such counties showed a seven per cent swing against Clinton, compared to votes predicted by polls. That swing was enough to tip the election Trump's way, as he took some states - and their electoral college votes - by a few tens of thousands of votes.

"I believe the most likely explanation is that the polls were systematically wrong, rather than that the election was hacked. But I don’t believe that either one of these seemingly unlikely explanations is overwhelmingly more likely than the other," Halderman writes.

"The only way to know whether a cyberattack changed the result is to closely examine the available physical evidence  - paper ballots and voting equipment in critical states like Wisconsin, Michigan, and Pennsylvania. Unfortunately, nobody is ever going to examine that evidence unless candidates in those states act now, in the next several days, to petition for recounts."

That electronic voting machines are not designed with security in mind and are easy to hack is well documented. For more than a decade security experts have warned that the machines are susceptible to easy hacks.

That hacking aimed at exposing secret information played a part in the US election is without doubt. A series of leaked emails from the Democratic National Congress that were a key issue for voters, and several election boards had their systems attacked by hackers.

Attacks aimed at influencing elections are not uncommon. Costa Rica investigated such claims, and the Ukrainian government claimed to have found sophisticated election machine hacking code in 2014 that could have altered the course of the vote.

Halderman is clear; the only secure form of voting is on paper, with a viable audit trail. This works well in the UK and Australia, where election nights are busy times as officials index paper ballots on camera. But the US moved early on electronic voting and many machines don’t provide a paper receipt for auditing.

At this stage, the problem is largely moot. The deadline for a legal challenge to the results is very close and there is little appetite for such a fight. Let's not forget, too, that president-elect Donald Trump never ruled out he would not accept losing the election if he felt any fraud was involved. A late recount and allegations of digital deviousness has the potential to turn things ugly stateside. ®

Similar topics


Other stories you might like

  • Apple strays from the path of locking down parts with its Series 7 Watch

    Component swaps still a thing... for now

    Apple's seventh-gen Watch has managed to maintain its iFixit repairability rating on a par with the last model – unlike its smartphone sibling.

    The iFixit team found the slightly larger display of the latest Apple Watch a boon for removal via heat and a suction handle. Where the previous generation required a pair of flex folds in its display, the new version turned out to be simpler, with just the one flex.

    Things are also slightly different within the watch itself. Apple's diagnostic port has gone and the battery is larger. That equates to a slight increase in power (1.094Wh from 1.024Wh between 40mm S6 and 41mm S7) which, when paired with the slightly hungrier display, means battery life is pretty much unchanged.

    Continue reading
  • Better late than never: Microsoft rolls out a public preview of E2EE in Teams calls

    Only for one-to-one voice and video, mind

    Microsoft has finally kicked off the rollout of end-to-end-encryption (E2EE) in its Teams collaboration platform with a public preview of E2EE for one-to-one calls.

    It has been a while coming. The company made the promise of E2EE for some one-to-one Teams calls at its virtual Ignite shindig in March this year (https://www.theregister.com/2021/03/03/microsoft_ups_security/) and as 2021 nears its end appears to have delivered, in preview form at least.

    The company's rival in the conference calling space, Zoom, added E2EE for all a year ago, making Microsoft rather late to the privacy party. COO at Matrix-based communications and collaboration app Element, Amandine Le Pape, told The Register that the preview, although welcome, was "long overdue."

    Continue reading
  • Recycled Cobalt Strike key pairs show many crooks are using same cloned installation

    Researcher spots RSA tell-tale lurking in plain sight on VirusTotal

    Around 1,500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the malware repository.

    The discovery could make blue teams' lives easier by giving them a clue about whether or not Cobalt Strike traffic across their networks is a real threat or an action by an authorised red team carrying out a penetration test.

    Didier Stevens, the researcher with Belgian infosec firm NVISO who discovered that private Cobalt Strike keys are being widely reused by criminals, told The Register: "While fingerprinting Cobalt Strike servers on the internet, we noticed that some public keys appeared often. The fact that there is a reuse of public keys means that there is a reuse of private keys too: a public key and a private key are linked to each other."

    Continue reading

Biting the hand that feeds IT © 1998–2021