Skip to content
Naked Security Naked Security

From Russia with grudge: hackers accused of trying to sway US election

Somebody is hacking away at the systems behind the 2016 US Presidential election - but why?

Are shadowy Russian computer experts really trying to ‘hack’ the 2016 US Presidential election?

Is such a thing even possible?

Democrat congressman Adam Schiff is the latest US politician who believes it is, telling last weekend’s This Week TV show on ABC that he thought a pro-Russian link was clear. “I have no doubt, and I don’t think the administration has any doubt.”

Schiff didn’t offer any evidence as to how this might be happening, but several prominent officials have gone on the record with their own views, starting with none other than FBI Director James Comey himself.

Citing attempts to access voter registration databases in up to 20 states, Comey recently told the House Judiciary Committee that “there have been a variety of scanning activities, which is a preamble for potential intrusion activities.”

“There’s no doubt that some bad actors have been poking around,” he added, though he didn’t point a finger at anyone.

To be clear, the suggestion here is not that Russian hackers have attempted to undermine the online state voting system – Comey described that as “very, very hard for someone to hack into because it’s so clunky and dispersed” – but to access the registration databases that hold information on the electorate.

The accusations flying around in 2016 will remind some of what happened in the weeks after Google’s public announcement in January 2010 that its Gmail system had been hit by a cyberattack originating in China.

Within days, numerous other big US firms were added to the victim list by researchers working for security vendors. Fingers were quickly pointed at Chinese hackers and, by extension, the Chinese government itself.

US politicians, including then Secretary of State Hillary Clinton, added their voices to the chorus of outrage.

The term ‘Advanced Persistent Threat’ (APT) entered the cyberlexicon, and hacking became a geopolitical issue.

Paranoiacs anonymous

In the 2016 incidents, things appear even less clear cut.

The simplest explanation is that hackers are after the voter registration databases because that’s what cybercriminals do these days.

If a database is vulnerable, crooks go after it, because it’s likely to be worth something; US voter databases are no different.

Looking at it this way, it could be argued that it’d be more extraordinary if cybercriminals weren’t going after such databases.

On the other hand, a clutch of US research firms claims that the same hackers have also targeted organizations such as the Democratic National Committee (DNC), which suffered an embarrassing email leak last year after two of its servers were compromised.

So, another way to interpret these attacks is to see them as part of a propaganda war meant not so much to steal information as to instil uncertainty and confusion.

Attacking voter registration systems and political parties might undermine the confidence of ordinary voters, for example, and that might in turn perturb the forthcoming election.

What do you think? Cunning political conspiracy, or outright cybercrime?


Paper is safer. Paper voting is done at numerous polling stations. Any party intent on fraud would have to do so under the eyes of many people in many places.

Even if a party intent on fraud concentrated on marginal seats, they would still have to fiddle the count under the eyes of people watching.

And those watchers would be all the more watchful precisely because a seat is marginal.

With an electronic system, everything is concentrated in one place. Hack that and you have cracked it and the vote is yours.

You have only to look at the hacks against government departments and banks to know that even they can be hacked.

And it is not even that the code has to be hacked. Hackers have fooled site admins into giving up credentials, and admins and other employees have walked out with the code on a thumb drive.

We know it’s possible and we know it’s been done.

Given that, how can a system that gives the vote to the many and controls the count by the few, ever be considered democratic and worth the risk?


I agree with you absolutely! With paper votes, you don’t get hacked. In the eyes of absolute security, this should be the gold standard across the board. In the age of information computers can make things more faster and efficient, but this is not one of them.


Paper is no better. In Minnesota, it is routine that if an election is really close, a “lost” box of ballots will turn up in some polling station.


But when it’s coming to digital, it’s just a stream of a few electrons to fuck up the nation. At least with the paper ballots there is a hope in hell that literal paper trail can be had. The bottom line is that the whole method of voting needs to be overhauled in the eyes of scrutiny from all candidates. As in other words, there needs to be a representative from each candidate present for the entire voting process. Banks and financial institutions do this very efficiently, why not the voting system?


Why bother to attempt to influence the election when with the information in the voter registration database you can do identity theft on a massive scale.

Download the voter registration files, and, depending on the state in question, you would have name, address, date of birth, mother’s maiden name, social security number, drivers license number, skin color, and possibly even a photo.


Third world countries do it in a much better fashion by having their thumbprint put in with blue ink on their thumb that last about a week. This way they can’t vote twice. Who needs the I voted today sticker when you have the Blue Thumb that is tell tale.


If you consider how little politicians know about computer and internet security, the likelihood of hacking the election process looks possible. That’s not the only problem however. In the US voter registration files are public records. If you get the list and call registered voters from the opposing party and tell them their polling place has changed, you may be able to alter the outcome.


The military industrial complex wants a new cold war. IMHO Russia is not as stupid but FEAR will make people stupid.


What exactly is the “voter database”? There is a huge difference between digital voting through electronic (pardon the archaic term) processes and machines, and the human digital (paper plus punches/dots) voting that still exists in many locations. If the issue is voting, then go back to paper only. If the issue is voter databases accumulated in a hundred different ways by state, county and other local agencies, then that is a different story. See something about a guy named Snowden.

Want to prevent “voter databases” from being hacked? Then stop putting voter info into those databases. Go back to the old method; hand counting, hand managing, and hand filing the votes. That way only the locally corrupt agencies will be able to futz up an election.

That’s a lot better than a bunch of Ukrainian/Iranian/Russian/Chinese/lone wolf actors throwing the veritable wrench into our so-called free elections.


Well, the “database” stems from the basic requirement (in every state I’ve ever lived in) that you have to register before you can vote. In some states the registration period closes, e.g., 30 days before the election. When you go to vote, you identify (don’t ask how, that’s another quagmire) to the election judge who looks up your name in a big paper registry before you can vote.

That big paper registry is a printout of the “database” for that particular precinct. It’s an outgrowth of the pre-registration requirement. And it’s a public record. You can purchase a copy from the state. That’s how the candidates know who to mail literature to.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!