View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
June 1, 2018updated 03 Jun 2018 12:19pm

Election Systems Worldwide Vulnerable to Attack: FireEye

Election systems around the world are highly vulnerable to cyber attacks, warns FireEye

By Umar Hassan

Election systems across the world are vulnerable to attack by malicious cyber actors, cyber intelligence company FireEye warned in a new report released today.

The report comes weeks after the UK’s National Cyber Security Centre (NCSC) warned that some areas of the British electoral system were also vulnerable to cyber attack, despite the country’s heavily paper-based ballot system.

“There are central vote tabulating machines that may be connected to an Intranet or the public Internet. It may be possible for remote adversaries to attack those machines”, FireEye said. It admitted, however, that it has not observed attacks against elections infrastructure, and that the US’s decentralised and unstandardised voting system, “a nation-wide coordinated attack on voting machines would require high technical sophistication, lengthy planning, and extensive resources.”

The California-based company highlighted weaknesses in electronic voter registration, DDoS against state elections websites, attacks against voting machines, and attacks against election management systems.

DDoS or website defacement is popular with cyber actors to prevent voters from locating and accessing their local polling station location.

During the 2015 Russian local elections, cyber threat actors conducted low-impact DDoS attacks against eight websites, including the country’s President, Central Commission and four opposition news websites. FireEye suggested the actors involved were trying to disrupt the political process in Russia.

The United States uses 57 types of voting machines, sold by 17 different vendors. US voting machines are not required to be connected to an external or public network.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

“We identified key themes in their security flaws, namely that voting machines are particularly vulnerable to malware introduced through removable hardware. This
is due to the generally weak security on the voting machines themselves, as well as similar basic security flaws and challenges as many Industrial Control Systems,” the report’s authors said.

It pointed to election management systems as a particular weakness, saying that while they are run on specially configured PCs, these often run on older operating systems such as Windows 98 or Windows XP, or outdated versions of Linux.

Preventing these situations can be mitigated by enforcing strict password security, ensuring voting machines are up-to-date, and asking individual voters to check their belongings to prevent physical tampering, the company concluded.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU