Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.


Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence


Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
News18 » Tech
3-min read

Clinton vs Trump: Here's How Symantec Simulated a Cyberattack on US Presidential Election

Symantec simulated a cyberattack on the upcoming Clinton versus Trump US Presidential Election by just spending around $500, primary with a $15 Raspberry Pi-like device.


Updated:October 18, 2016, 2:43 PM IST
Clinton vs Trump: Here's How Symantec Simulated a Cyberattack on US Presidential Election
Republican presidential nominee Donald Trump (L) shakes hands with Democratic presidential nominee former Secretary of State Hillary Clinton during the town hall debate at Washington University on October 9, 2016 in St Louis, Missouri. (Photo:AP)

Can the upcoming US Presidential Election be hacked? According to cybersecurity firm Symantec, it is quite possible. Symantec simulated a cyberattack on the upcoming Clinton versus Trump election by just spending around $500, primary with a $15 Raspberry Pi-like device.

“To get started, we purchased actual direct-recording electronic (DRE) voting machines off an online auction site and other equipment to simulate a real-world voting system,” said Symantec.

The company claims that their research revealed “three easy ways an attacker with the right level of intelligence and motivation could erode the trust that American citizens have in their election process.”

This is how Symantec simulated the election hack.

The Hint

Voters entering polling stations that use electronic voting machines are handed a chip card what they use to cast their vote. Once someone has voted, they turn the card back into the polling station volunteer and it gets re-used by the next voter.

“Just like credit cards, these cards are essentially a computer with its own RAM, CPU and operating system. Which means they can be exploited like any computing device,” it said.

Any catch?

In examining the election process for vulnerabilities, Symantec discovered that there’s an opportunity for a hacker to modify the code put on a voter’s chip card.

“Anyone who knows how to program a chip card and purchases a simple $15 Raspberry Pi-like device, could secretly reactivate their voter card while inside the privacy of a voting booth. We found a card reader that fits neatly into the palm of our hand and used it to reset our fake voter chip cards two different ways,” Symantec claimed.

The Possibilities

In one scenario, Symantec had reset the card to allow someone to vote multiple times using the same chip card. “Our second method programmed the card to allow that card to cast multiple votes. In both approaches, that attacker is stuffing the digital ballot box and casting doubt in the validity of the results from that polling station,” it explained.

Easy gateway

Symantec claimed to have discovered that there was no form of encryption on the internal hard drive of the voting machines that it had purchased. Also, they were running an outdated operating system to display the ballots and record votes.

These types of hard drives are similar to those used in digital cameras. The lack of full disk encryption on the internal hard drive (as well as the external cartridges) presents opportunities for hackers to reprogram and alter ballots, according to the company.

“Potential hackers would also be unhindered by the voting machine’s lack of internet connectivity. Some types of malware, such as Stuxnet, can take advantage of air-gapped networks and vector through physical access to a machine. The lack of full-disk encryption on the DRE machine makes it easily exploitable, requiring only a simple device to reprogram the compact hard drive,” the company stressed.

Now what?

The firm said that a voting machine is only one vehicle for election cyber fraud. The behind-the-scenes data tabulation presents an even greater opportunity for attack.

“Votes are typically collected on the machine in a simple storage cartridge and physically transferred to a central database for tabulation,” it added.

How can voting data be compromised?

Symantec explained the following.

Manipulation of cartridges – The storage cartridge functions like a USB drive, in which it stores data in plain text with no embedded encryption. A hacker could easily rewrite vote information or add false votes onto the cartridge to alter the outcome.

Manipulation of the voting database – Based on their findings, Symantec believed that it’s possible for hackers to compromise storage cartridges by uploading malware to alter the database or wipe it completely, causing recounts in numerous precincts.

Why worry?

This year, 43 states will use electronic voting machines that are at least 10 years old. It’s reasonable to suspect some tabulation computers and software have been left unpatched or unsupported, opening the doors to other means of infiltration. By propagating misinformation, a hacktivist or attacker could cause voter distrust of election results.

In the simulated election, Symantec had broadcasted the results “live” on YouTube. The research found that it’s plausible for hackers to hijack means of communication and spread false results on YouTube, broadcast media, social media and other channels.

If voters were to follow the poll leader, they might not choose to go through the trouble of voting in an election if it looked like they were in for a landslide victory.

Also, voters can be reached via other means of influence. Hacker Andrés Sepúlveda allegedly engineered election results in South America using an army of fake Twitter accounts, spreading false information using email campaigns, altering candidates’ websites and more.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

Subscribe to Moneycontrol Pro and gain access to curated markets data, trading recommendations, equity analysis, investment ideas, insights from market gurus and much more. Get Moneycontrol PRO for 1 year at price of 3 months. Use code FREEDOM.

| Edited by: Debashis Sarkar
Read full article
Next Story
Next Story

Also Watch


Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results