Original article. Please note the source. This is not a source (Fake News) I usually post, but this seems to be accurate so far. NBC does not provide for embedding the videos in this article, so please watch them via the “Original article” link.
Jan. 10, 2020, 4:36 PM MST
A team of election security experts used a “Google for servers” to challenge claims that voting machines do not connect to the internet and found some did.
It was an assurance designed to bolster public confidence in the way America votes: Voting machines “are not connected to the internet.”
Then Acting Undersecretary for Cybersecurity and Communications at the Department of Homeland Security Jeanette Manfra said those words in 2017, testifying before Congress while she was responsible for the security of the nation’s voting system.
So many government officials like Manfra have said the same thing over the last few years that it is commonly accepted as gospel by most Americans. Behind it is the notion that if voting systems are not online, hackers will have a harder time compromising them.
But that is an overstatement, according to a team of 10 independent cybersecurity experts who specialize in voting systems and elections. While the voting machines themselves are not designed to be online, the larger voting systems in many states end up there, putting the voting process at risk.
That team of election security experts say that last summer, they discovered some systems are, in fact, online.
“We found over 35 [voting systems] had been left online and we’re still continuing to find more,” Kevin Skoglund, a senior technical advisor at the election security advocacy group National Election Defense Coalition, told NBC News.
“We kept hearing from election officials that voting machines were never on the internet,” he said. “And we knew that wasn’t true. And so we set out to try and find the voting machines to see if we could find them on the internet, and especially the back-end systems that voting machines in the precinct were connecting to to report their results.”
Skoglund and his team developed a tool that scoured the internet to see if the central computers that program voting machines and run the entire election process at the precinct level were online. Once they had identified such systems, they contacted the relevant election officials and also provided the information to reporter Kim Zetter, who published the findings in Vice’s Motherboard in August.
The three largest voting manufacturing companies — Election Systems &Software, Dominion Voting Systems and Hart InterCivic — have acknowledged they all put modems in some of their tabulators and scanners. The reason? So that unofficial election results can more quickly be relayed to the public. Those modems connect to cell phone networks, which, in turn, are connected to the internet.
The largest manufacturer of voting machines, ES&S, told NBC News their systems are protected by firewalls and are not on the “public internet.” But both Skoglund and Andrew Appel, a Princeton computer science professor and expert on elections, said such firewalls can and have been breached.
“AT&T and Verizon and so on try and protect as best they can the security of their phone network from the rest of the internet, but it’s still part of the internet,” Appel explained. “There can still be security holes that allow hackers to get into the phone network.”
The 35 systems Skoglund’s team found represent a fraction of total voting systems nationwide, though he believes they only captured a portion of the systems that are or have been online. Earlier this week, Skoglund showed NBC three election systems were still online even after officials had been told they were vulnerable.
For election systems to be online, even momentarily, presents a serious problem, according to Appel.
“Once a hacker starts talking to the voting machine through the modem, the hacker cannot just change these unofficial election results, they can hack the software in the voting machine and make it cheat in future elections,” he said.
The National Institute of Standards and Technology, which provides cybersecurity frameworks for state and local governments and other organizations, recommends that voting systems should not have wireless network connections.
Skoglund said that they identified only one company among the systems they detected on line, ES&S. ES&S confirmed they had sold scanners with wireless modems to at least 11 states. Skoglund says those include the battleground states of Michigan, Wisconsin and Florida.
While the company’s website states that “zero” of its voting tabulators are connected to the internet, ES&S told NBC News 14,000 of their DS200 tabulators with online modems are currently in use around the country.
NBC News asked the two other major manufacturers how many of their tabulators with modems were currently in use. Hart said that it has approximately 1,600 such tabulators in use in 11 counties in Michigan. Dominion did not respond to numerous requests from NBC News for their sales numbers.
‘Vulnerable to hacking’
With the 2020 presidential election only ten months away, Appel and Skoglund believe all modems can and should be removed from election systems.
“Modems in voting machines are a bad idea,” said Appel. “Those modems that ES&S [and other manufacturers] are putting in their voting machines are network connections, and that leaves them vulnerable to hacking by anybody who can connect to that network.”
** End **