
How to Hack an Election - newscasta
http://www.bloomberg.com/features/2016-how-to-hack-an-election/
======
hackuser
This shouldn't be a surprise: I think most HN members know that it's possible;
we know that the rewards (incredible power, status, and everything you can get
with them includig the spoils of office) are worth the investment (only $600K
for this solution!); we know that there are many people, including
politicians, unsavory enough to do it.

The question is, why do we pretend it's not happening until there's a smoking
gun?

Consider the U.S. presidential election: The outcome is worth billions each to
very many parties worldwide; it's existential to some foreign governments and
actors; many in the U.S. have very powerful ideological motives. How much
would it cost to hack voting machines? It seems very likely to me that it's
happening, though I don't know where or to what extent.

I know I'm not the first to point out this risk, but why should we assume that
the reported vote count represents the actual vote? Becasue there is no
smoking gun yet? That's like assuming your critical network hasn't been
hacked, and doing nothing to protect it, because you haven't seen evidence of
an attack yet.

~~~
burkaman
A few reasons I can think of:

1) Hacking voting machines to a significant extent would require a team of
people, not just one guy, which dramatically increases the risk of exposure.

2) The reported vote count is usually very close to the predicted vote count,
and always very close to exit polling results. The hacked results would need
to be very close to the real results, or be combined with control over a huge
number of people in the polling industry. Campaigns also run internal polls,
so opponent campaigns might become suspicious if their own polls were not
matching the results.

3) Recounts are possible and somewhat common. Therefore hacking could not be
used to create a very close result that could trigger a recount, or it would
need to be combined with actual ballot theft, or control over the officials
doing the recount.

These are not theoretical concerns. See Bush v. Gore in Florida for what might
happen if someone tried to hack a close election.

It seems to me that hacking an election would only be feasible in an already
close race, would require the cooperation of a number of people with huge
risks of exposure, and could still be caught by one of the many safeguards
that exist.

Obviously I am only talking about hacking voting machines. It would not
surprise me if the tactics in this article were common; using Twitter bots,
spying on other campaigns, etc.

~~~
logfromblammo
None of this squares with what I have previously been told about US elections.

1\. I have seen video demonstrations wherein one person with opportunistic
unsupervised access to a voting machine can hack it to affect every issue on
the ballot within five minutes. Given the security at many polling places in
the US, this easily extrapolates to one person able to hack all machines at a
given polling place prior to election day, and possibly repeat the effort at
several other nearby polling places within counties using the same type of
machine.

Other hacks target the central tabulators, and don't require touching the
voting machines at all. Opportunistic timing to enjoy unsupervised access
between the election and results certification is a bit more critical to
these.

2\. Exit polls have frequently been "adjusted" in the US to more closely match
the actual elections results. In the UK, this is called the Shy Tory Factor[0]
or Shy Labour Factor, and has existed since 1992. The US has had the Tom
Bradley Effect[1] since 1982.

This is usually explained by presuming that the exit polling result is
inaccurate. It is never seriously considered in public that vote fraud may be
becoming more severe. Yet I saw a statistical analysis of actual voting
results, differentiated by the model of voting machine, that showed a clear,
obvious bias towards certain choices of specific issues. The poll adjustment
factor can easily be explained by the hypothesis that people remain as honest
as ever in exit polls, but the voting process itself has become less honest.

3\. Recounts will not uncover fraud if the records necessary for the recount
are subject to the same controls as the records used for the first official
count. If the voting machine does not leave a non-electronic record that can
be verified by the voter while they are still at the polling place, a recount
will just be run on whatever records exist, which may be falsified.

4\. Thanks to the winner-take-all elections in the US, and the availability of
previous census and elections data, it is possible to identify specific
counties as keystones, wherein efforts to sway the vote locally will have
disproportionately effective results.

For instance, you examine the "battleground counties" in the "swing states",
and hack the central tabulator in that county to give your favorite candidate
a 3% advantage by switching an opposing vote 1.5% of the time. You don't tell
your party you're doing it. You don't even tell your _dog_ that you're doing
it. You just do it. If your guy loses, well, you tried.

Multiply by dozens of technically competent yet unconnected and independent
supporters, and you get a significant extent that does not require any team.

[0]
[https://en.wikipedia.org/wiki/Shy_Tory_Factor](https://en.wikipedia.org/wiki/Shy_Tory_Factor)

[1]
[https://en.wikipedia.org/wiki/Bradley_effect](https://en.wikipedia.org/wiki/Bradley_effect)

~~~
nosuchthing
I still find it odd that we can receive carbon copies of time cards and
receipts for ATM visits (..on thermal paper which decays rapidly), yet when it
comes to voting for our state elections we have no record of our vote and
everything is handed off to 3rd parties with seemingly no provable
accountability or transparency.

    
    
      "It's not the votes that count, it's who counts the votes."

~~~
twoodfin
Eliminating the ultimate privacy of the voting booth has potentially serious
negative consequences, like attempts to influence elections via intimidation
or bribery ("Show us your vote for Smith and it's worth $100 to you. If you
don't, remember we know where you live...") There are a variety of clever
schemes that work around this, but none of them are as simple as you getting
to bring home a certified copy of your ballot.

~~~
elif
I would sooner welcome a president distributing $6.5 billion dollars ($100 *
winning vote count 2012) to normal people than have to suspend rationality and
instead have faith in every actor capable of manipulating votes (of which I
feel there are many).

If you honestly believe there is nothing any candidate can offer you which is
worth more than $100, I propose you should be allowed to take that deal.

( Of course, completely open source hardware and software is the real
solution. )

EDIT: I am a little bitter because I'm in a state using machines which don't
even keep a paper trail to begin with.
[https://www.verifiedvoting.org/verifier/](https://www.verifiedvoting.org/verifier/)

------
danso
> _He also splurged on the very best fake Twitter profiles; they’d been
> maintained for at least a year, giving them a patina of believability._

> _Sepúlveda managed thousands of such fake profiles and used the accounts to
> shape discussion around topics such as Peña Nieto’s plan to end drug
> violence, priming the social media pump with views that real users would
> mimic. For less nuanced work, he had a larger army of 30,000 Twitter bots,
> automatic posters that could create trends. One conversation he started
> stoked fear that the more López Obrador rose in the polls, the lower the
> peso would sink. Sepúlveda knew the currency issue was a major
> vulnerability; he’d read it in the candidate’s own internal staff memos._

I've been wondering when more sophisticated Twitter sockpuppetry would start
having an impact. The media seems generally unprepared for a coordinated
campaign of fake tweets from accounts that don't have eggs as their avatar or
#freeiphones in their profiles...I don't mean just the trend of "Hey 3 people
said something on Twitter so it's a story", but that there's also not enough
skepticism paired with efficient ways for sniffing out fakery on social media.
I hadn't thought about the problem of a mass army of bots suddenly creating a
trending tag.

It reminds me of "The Agency", a story published last year investigating how
Russian operatives allegedly used human-controlled Twitter spamming to try to
publicize a fake story of a Louisiana chemical plant explosion:

[http://www.nytimes.com/2015/06/07/magazine/the-
agency.html?_...](http://www.nytimes.com/2015/06/07/magazine/the-
agency.html?_r=0)

But as sophisticated as that sockpuppet campaign was...it was obviously
destined to fail by the fact that an exploding chemical plant is fairly easy
to confirm as true or false in real life. Trending opinions about politics
don't offer such binary ways of filtering.

~~~
rm_-rf_slash
Propaganda takes time. Often the most effective stuff happens when you aren't
even aware of it. You progress through your regular life and encounter regular
things. People bitch on the internet about stupid stuff with the occasional
decent argument, and nothing looks out of the ordinary. You see laughable
arguments about politicians with hints of truth, or intrude, but maybe you
ignore it.

After a while you see more arguments along the same line of reasoning, but
with more data and less vitriol. You find yourself agreeing more, even if you
like the person being disparaged. You may even come around to accept a side of
an argument you didn't think much about before.

This is how minds are turned. First the trolls and bots do as they do. Some
people catch a whiff and continue the trend. Sometimes as a joke, other times
seriously. Even those who pretend to be joking will not long be
indistinguishable from the fools who think they are in good company.

Propaganda is not a tidal wave that comes crashing down on established
opinions, it is a steady stream that eats at solid rock until it creates a
deep gorge you could not have imagined structured in any other way.

~~~
_greim_
The world is neck deep in dearly-held beliefs that would quickly die out if
people en-masse embraced the kind of systematic, relentless skepticism
required to combat this. Society protects these beliefs by stigmatizing
skepticism, but in doing so effectively makes itself vulnerable to exploit.

~~~
rm_-rf_slash
I myself am skeptical about that.

Edward Bernays, who really pioneered propaganda, argued that people put
elements of identity in "logic-proof compartments" because to be one thing by
definition means not being another thing, and people often would rather shut
out thoughts than seriously question themselves.

Are you an "entrepreneur?" What about "talented?" Or "Democrat?" Or even,
"Liberal?" "Conservative?"

Public opinion is as much an influence on propagandists as they are on public
opinion.

------
justinlardinois
> with a shaved head, goatee, and a tattoo of a QR code containing an
> encryption key on the back of his head. On his nape are the words “</head>”
> and “<body>” stacked atop each other, dark riffs on coding.

Jesus, this guy sounds like he walked straight out of a bad cyberpunk story.

On the serious side, this gets to me:

> Sepúlveda says many of the candidates he helped might not even have known
> about his role; he says he met only a few.

It never occurred to me, but it's a novel concept: people campaigning for high
office may be unaware of corruption in their own campaign. The idea of a well-
intentioned politician with no idea corruption propelled them into office is
scarier to me than a knowingly corrupt politician.

~~~
guessbest
It is just plausible dependability for the candidate. This is traditionally
how organized crime works.

~~~
huherto
I believe it is called "plausible deniability". ;)

~~~
guessbest
Yay! I'm not the only one old enough to have seen that movie on HN.

------
natrius
Capitalism makes centralized democracy untenable, and capitalism is here to
stay.

So much power is controlled by infrequent elections, so influencing those
elections is always worthwhile. Capitalism is an evolutionary force that
selects for the most profitable business practices. People who figure out how
to profit from influencing our democracies will outcompete those who don't. We
can pass new laws, but that's like inventing a new antibiotic: it works for a
while until evolution finds a way.

We must decentralize governance to be free. But how? We can use trade to
individually enforce rules. Consider ISIS. ISIS controls territory by paying
people to control territory. The money ISIS pays is worthless paper. You and I
give that paper value because we accept it for our work. If you want to reduce
ISIS's power without anyone's permission, all you have to do is stop accepting
any money they've traded for your work.

We now have the ability to build decentralized ledgers of trade that you can
consult to do this. Instead of relying on political parties to pursue your
policy goals, you'll install an app that cuts people off from your economy
when they break your rules. If this is a power that people desire, they must
stop accepting anonymous money and only accept money through their policy
wallet apps.

We're using bad technology to organize our society and it's giving us
political corruption, terrorism, and global warming. It's imperative that we
decentralize democracy so we can rid the world of this unnecessary damage.

~~~
anonymousDan
As an alternative, what about moving away from representative democracy (i.e.
where you periodically elect someone to make decisions for you by proxy), to a
system where you can optionally choose to cast your own vote for particular
issues. If we had more lightweight mechanisms for performing trustworthy
elections then maybe this would be feasible. I imagine by default though most
people wouldn't be bothered to put in the effort to make knowledgeable
decisions, and hence why you want to still have representatives.

~~~
natrius
"Liquid democracy" is very cool, and it seems strictly superior to our current
system. However, it will still be captured by capitalism. The most popular
representatives will attract the most funding, and their actions will be as
biased toward their funders as they can be without losing too much support.
The big threat there is regulatory capture: promoting laws to clamp down on
profitable industries, but in ways that give incumbents huge advantages
because the laws are hard to comply with.

The only way to get money out of politics is to make sure the people can
control money.

~~~
anonymousDan
Sure but at least it reduces, albeit doesn't eliminate, the ability of
politicians to say one thing at election time and then do the opposite once
they've been elected.

------
theophrastus
Computers are flexible mutable controllable interconnected facile adaptable
devices - it's why we use them and love them so. What is it we hope for as the
basic property to vote collection and reporting? It's essentially the opposite
of the computer's character set. So if you insist on the convenience advances
to the voting process, ("I wanna be able to vote via smart-phone!") then
you'll inevitably be giving up the basic property that you really do want:
veracity. So, to the first approximation: primitive paper ballots are some of
the most stubborn and costly to hack.

~~~
lazaroclapp
Keep in mind that you can give up anonymity instead, via cryptographically
verifiable voting with confirmation receipts ;) Of course, that opens its own
can of worms...

------
huherto
oh please. He didn't hack an election. They tried to influence public
sentiment using social media. They hacked some phones and emails. But they
didn't rigged the election.

Just so you know. The Mexican electoral system looks like it was built by
paranoiac maniac. It has many locks. Everything is done manually, votes are
counted by multiple citizens, they use transparent poll boxes, special
election photo ids are issued for every citizen, even the voting lists have
photos, people get their thumb marked with ink, the parties are allowed to
have representatives at every place, results at every place are signed, they
are published at the voting place and also electronically, etc, etc. One
million people participate on the election.

------
deepnet
Clint Curtis testified before congress that he did just this.

It remains an unproven allegation.

[https://www.youtube.com/watch?v=3YKpvTBmdCI](https://www.youtube.com/watch?v=3YKpvTBmdCI)

[https://en.wikipedia.org/wiki/Clint_Curtis](https://en.wikipedia.org/wiki/Clint_Curtis)

------
andresmh
Somewhat related story: During the Mexican presidential election mentioned in
the article, a PhD student at one of the top Computer Science departments in
the U.S. got in touch with me (through a shared friend) because he saw I was
doing research on Mexican civic tech.

He mentioned that while he was teaching a workshop at his university, two of
the workshop participants, who were employees of a powerful Mexican TV
network, asked him to help them discredit or deflect the student movement
described in the article (the movement was called the "Mexican spring" at the
time for their use of social media).

This sounded shady to the student, and he wanted to tell someone, but didn't
know who. Ultimately he just avoided the TV folks for the rest of the
workshop.

Weeks later, The Guardian published some leaked documents that showed
nefarious ties between said TV network and the then candidate.

The student connected with the press then, but the story never came out.
Perhaps he got cold feet, or maybe the journalists didn't think it was
interesting enough.

------
rossdavidh
Ugh. I don't know if the particular people involved here are telling the
truth, but I basically know that something like this must be happening, given
the incentives involved. Dispiriting, I have to say, since it would be hard to
beat this sort of thing without becoming what you're fighting against.

~~~
rossdavidh
Also, at the end there when they implied that HRC is hiring Rendon for the
general election, did anyone else find themselves thinking that this whole
story could be a manipulative plant of the very sort they were discussing? Not
that I think HRC is above this sort of thing.

~~~
doodlebugging
I wonder if the implication was that the candidate from Texas was the
interested party instead of HRC.

I know she is a "leading candidate" and no party affiliation was mentioned but
the hacker has in the past supported right-wing candidates and Ted Cruz is
also closer to being the annointed one than he was a month ago. It might not
be a coincidence that dirty tricks reminiscent of past elections are just
starting.

It certainly appears that he is already on someone's payroll. Trump? Maybe,
though it would be denied of course. Maybe this is Trump's answer to Cruz's
manager.

It appears though that Cruz already has a slimer helping him according to a
story I read a few weeks ago.

Maybe it is HRC and she's just trying to gear up for the mud-fest that will
surely start once the real campaign kicks off.

[Behind Ted Cruz's Campaign Manager, Scorched Earth and Election Victories -
NYTimes]([http://www.nytimes.com/2016/02/24/us/politics/ted-cruz-
campa...](http://www.nytimes.com/2016/02/24/us/politics/ted-cruz-campaign-
manager-jeff-roe.html?_r=0))

~~~
clarkmoody
It was Rendón, not Sepúlveda (the hacker, in prison), who was allegedly
helping Trump.

    
    
      > But Rendón says he’s in talks with another leading 
      U.S. presidential campaign—he wouldn’t say which—to
      begin working for it once the primaries wrap up and the 
      general election begins.

~~~
doodlebugging
That's right.

I didn't keep the two of them clearly separated in my mind since they had
operated as a team for so long.

I wonder though if part of his access to computers while locked up allows him
opportunity to carry on the same sort of operations as before, this time only
for "approved" clients.

Elections aren't what they used to be. Maybe they never were.

------
ape4
No open <head> and no close </body> ... I don't trust this guy.

------
haddr
This is scary. Although we believe that an intelligent person would probably
distinguish most social media manipulations, I think that we fall into the
trap of deceptions more than we think we do. I wonder if there is some sort of
study on how often significan social media manipulations occure in elections
on the west.

------
Gustomaximus
Reminds me of a meeting I sat some years back with someone whose role was to
run 'dirty tricks' campaigns for Microsoft in the early Apple vs. Microsoft
days. He talked about stuff like ways they used to undermine Apple dev
conferences so no-one would be interested to go the following year and
generally white-anting their community, especially education environment. It
was a bit of an eye opener.

I also suspect this guy is underselling his service. The article calls
$20k/mth expensive. If your going to significantly affect an election I
suspect there could be another zero or more there. And I wonder if he's ever
worked for 2 sides simultaneously? Given the ethics involved this wouldn't be
a stretch.

------
dutchjourno
Hi guys, I'm a journalist from the Netherlands and I'm working on this story.
Basically in a way that you comment on it, asking myself the question what
this story means for more adult democracies. So my question for you is: do you
think it's likely that political campaigns have hackers on a payroll to spy on
opponents agenda's and manipulate social media? I'd like to hear from you. You
can email me as well on anne.sachtleven@volkskrant.nl

------
germinalphrase
There are many comments here pointing out the (quite reasonable) fact that
hacking voting machines on a large scale is likely to be discovered and thus
unsuccessful in stealing a U.S. Presidential election.

Even so, the average voter is quite protective of the idea that American
elections are structurally fair (a sentiment that is actively inflamed to
imposed voter disenfranchisement schemes, like ID requirements).

If the goal is to expose the fundamentally insecure nature of electronic
voting in the US (and potential for truly fraudulent election results in tight
districts) a complete invalidation of voter ballots [i.e. Big splashy,
obviously fraudulent election results] would surely draw enough attention to
force some public discussion of investing in secure, auditable voting
machines.

------
girkyturkey
I found this article very interesting. I do always wonder why we pretend this
isn't happening though? That's not ignorance, that's just plain stupid.

------
ArtDev
Fixing the results 49% to 51%, is a way for them to seem plausible.

American Election Hacker Testifies
[https://www.youtube.com/watch?v=DzBI33kOiKc](https://www.youtube.com/watch?v=DzBI33kOiKc)

------
insulanian
Am I the only one who misread this as "How to Hack an Elect_r_on"? :)

------
scotty79
More interesting for me is why hacker decided to share it all with press
agency. Is this information in the article? I might have missed it. Seems like
a good way to get yourself kidnapped and tortured indefinitely.

------
jakeogh
Why Electronic Voting is a BAD Idea - Computerphile:
[https://www.youtube.com/watch?v=w3_0x6oaDmI](https://www.youtube.com/watch?v=w3_0x6oaDmI)

------
wakkadakka
A 600k budget to fix or change the results of an election for a country with a
GDP of 1.2 trillion?

That's a ridiculously good use of money for a corrupt politician.

------
thadd
Exceptionally interesting.

Also, First HN article I've also seen on Drudge. Worlds collide.

