How long does it take to hack an election?
About two minutes, according to a security expert.
Recently, at the DEF CON hacker conference in Las Vegas, Rachel Tobac, CEO of SocialProof Security demonstrated how a voting machine used in 18 states could be compromised in two minutes. She unplugged the card reader and booted up into the admin mode.
With access to the admin mode, hackers could easily install a different operating system or compromise the data for a preferred outcome in the midterm elections.
Last year at the same conference, experts warned that the machines could be hacked in 24 hours.
Fox News has reached out to the U.S. Election Assistance Commission with a request for comment on this story.
The security of U.S. election systems is firmly in the spotlight.
The main issue is that criminals and foreign operatives intent on disrupting the midterms have worked harder, faster, and with more intent than those trying to fend off the attacks. Hackers rely on automated processes -- apps, development tools and online databases on services like GitHub or Pastebin -- that make it easy to hack the machines used for tallying votes.
“Vulnerabilities on voting systems sometimes go unpatched for a long period of time and that’s the window of opportunity for an attacker to act and compromise them,” says Mounir Hahad, the head of the Juniper Threat Labs at Juniper Networks, speaking to Fox News.
“There is far greater interest in voting machine exploitation [than in 2016],” Brian Varner, a special projects researcher for cyber security services at Symantec, tells Fox News.
Varner says the hacks are not all that complicated. Modern voting machines are now more vulnerable than before, he says. Many have a USB port, so hackers could attach a wireless device to connect to them remotely. The operating system is not that secure, either. Some are stored on a removable chip. A hacker could remove the chip, change the operating system, then reinstall the chip long before the voting machine is ever used.
Another concern has to do with causing disruption. Varner says hackers wouldn't need to bother with voting machines at all. They could break into the voter registration records in each state, then obtain cell phone numbers for voters. They could send an “official” text message telling voters that the polls are now closed or the polling location has changed.
“If the goal is to delegitimize an election, a cyber threat actor can do this in four ways: change cast ballots, insert fake votes, eliminate legitimate votes or alter the tally of votes,” says Hahad. “If the goal is to just sow discord and confusion, they can also alter the systems used to report results, such as the secretary of state election results websites.”
One expert even warned that the damage has already been done.
It’s one thing to hack voting machines or the voter record but says Joseph Carson, chief security scientist at Thycotic, hacking the voter is even more devious.
“Cybercriminals have already targeted the midterm elections successfully months and even years ago by causing disruption at the core of the United States of America,” he says. “Creating a divide in the population and the continuous flow of propaganda into the U.S. citizens to make Americans fear their neighbors is right at the core of hacking of the elections. Rather than change the results of the voting systems, you control the mind of the voter.”