In September 2010, the District of Columbia unveiled a pilot project to enable overseas residents and people serving in the military to vote over the Internet, and invited users to test the system. Within 36 hours, University of Michigan computer scientist J. Alex Halderman and his team were able to hack into it, flipping votes to candidates named after famous computers, like HAL 9000 from 2001: A Space Odyssey, and playing the Michigan fight song, “The Victors,” after every recorded vote. Amazingly, it took two days for election officials in DC to notice the hack and take the system down. The pilot project was eventually scrapped.
Though online voting remains a distant prospect in American politics, this wasn’t the first election system that Halderman hacked. On June 21, 2017, he testified before the Senate Select Intelligence Committee in a hearing on “Russian Interference in the 2016 U.S. Elections.” “My conclusion,” Halderman told the committee, “is that our highly computerized election infrastructure is vulnerable to sabotage, and even to cyber-attacks that could change votes.”
“Dr. Halderman, you’re pretty good at hacking voting machines, by your testimony,” Senator Angus King of Maine observed. “Do you think the Russians are as good as you?”
“The Russians have the resources of a nation-state,” Halderman replied. “I would say their capabilities would significantly exceed mine.”
It is now clear that Russian interference in the 2016 elections went far beyond hacking Democratic National Committee e-mails; it struck at the heart of America’s democratic process. “As of right now, we have evidence of election-related systems in 21 states that were targeted,” Jeanette Manfra, the chief cyber-security official at the Department of Homeland Security, testified at the Senate hearing.
Only two of those states have been publicly named: Illinois, where hackers stole 90,000 voter-registration records, including driver’s-license and Social Security numbers; and Arizona, where the voter-registration list was breached via a county-level infiltration. On June 13, Bloomberg reported that “Russian hackers hit systems in a total of 39 states.” And The Intercept, citing a leaked National Security Agency report, stated that “Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election.”
“This was a well-planned, well-coordinated, multi-faceted attack on our election process and democ-racy,” said Bill Priestap, assistant director of the FBI’s counter-intelligence division, at the Senate hearing.