Hacker News new | past | comments | ask | show | jobs | submit login
How to Hack an Election (bloomberg.com)
305 points by newscasta on Mar 31, 2016 | hide | past | web | favorite | 94 comments

This shouldn't be a surprise: I think most HN members know that it's possible; we know that the rewards (incredible power, status, and everything you can get with them includig the spoils of office) are worth the investment (only $600K for this solution!); we know that there are many people, including politicians, unsavory enough to do it.

The question is, why do we pretend it's not happening until there's a smoking gun?

Consider the U.S. presidential election: The outcome is worth billions each to very many parties worldwide; it's existential to some foreign governments and actors; many in the U.S. have very powerful ideological motives. How much would it cost to hack voting machines? It seems very likely to me that it's happening, though I don't know where or to what extent.

I know I'm not the first to point out this risk, but why should we assume that the reported vote count represents the actual vote? Becasue there is no smoking gun yet? That's like assuming your critical network hasn't been hacked, and doing nothing to protect it, because you haven't seen evidence of an attack yet.

A few reasons I can think of:

1) Hacking voting machines to a significant extent would require a team of people, not just one guy, which dramatically increases the risk of exposure.

2) The reported vote count is usually very close to the predicted vote count, and always very close to exit polling results. The hacked results would need to be very close to the real results, or be combined with control over a huge number of people in the polling industry. Campaigns also run internal polls, so opponent campaigns might become suspicious if their own polls were not matching the results.

3) Recounts are possible and somewhat common. Therefore hacking could not be used to create a very close result that could trigger a recount, or it would need to be combined with actual ballot theft, or control over the officials doing the recount.

These are not theoretical concerns. See Bush v. Gore in Florida for what might happen if someone tried to hack a close election.

It seems to me that hacking an election would only be feasible in an already close race, would require the cooperation of a number of people with huge risks of exposure, and could still be caught by one of the many safeguards that exist.

Obviously I am only talking about hacking voting machines. It would not surprise me if the tactics in this article were common; using Twitter bots, spying on other campaigns, etc.

You'd be surprised. Tight presidential elections can come down to a handful of districts. What you'd think would require a nationwide conspiracy can really be brought down to a group of 7 or 8 people.

It boils down to the fact that most states are red or blue. They are going one way or the other and nothing is going to change that. In the contested states, there are tight votes and there are ones that are "in the bag". in the states with tight elections, it will boil down to a few geographic regions within those states that carry enough weight to swing the entire state one way or the other.

I agree that elections can come down to a handful of districts, but I don't agree that anyone can know what those districts are in advance. Polling just isn't that good. You can fairly precisely target areas, but not exactly. You would either need to do fairly widespread hacking, or hack a few districts and hope for the best, which I think is an absurd proposition. Nobody would hack a couple districts "just in case", that's a massive risk with probably no gain. You either ensure victory, or do nothing.

> The reported vote count is usually very close to the predicted vote count, and always very close to exit polling results.

Not always. In the 2004 election, Kerry won in exit polls but lost in the official count. The discrepancy was especially large in Ohio--which, had it gone as predicted by exit polls, would have resulted in President Kerry.

A few days ago there were big gaps between official and exit poll results in Arizona, favoring Clinton over Sanders.

I wouldn't normally link to Democratic Underground, but this post has a great summary of exit poll discrepancies, voter suppression, and the evidence for election fraud both in the 2004 presidential election and in the current Democratic primary.


This is a very urgent problem that I think the tech community can help fix. We need open source, auditable voting machines and professionally run elections. Election fraud, or even just the appearance of fraud, is toxic to democracy.

Here is the senate testimony of a programmer describing how he was paid to write software that would rig the Ohio election in 2000. https://www.youtube.com/watch?v=YcxGGnmRQAs

Brazil use machines that can be very easily hacked.

Also, the deviation in the last elections from the mathematically expected was about 4%...

But the end results was 51% vs 49% meaning that if the result went as expected, the 49% candidate would have won (with 53%).

So, in some situations is not that hard to cheat.

EDIT: also even when there is blatant cheating going on, nothing much can be done about it...

Example, during elections for a minor office in one of the smallest Brazillian states (Acre), the number of invalid votes, intentionally blank votes, and voters that didn't show was exact the same, and the total number of votes was higher than the number of voters.

The losing candidate sued, the government argued that "the computer counts, and thus a recount is not a valid request", and FINED the guy that sued.

And the whole argument stopped there.

Yes, I do not mean to say that hacking an election is impossible, or that it's never happened. My only point, which is quite narrow, is that it would be difficult to hack a US presidential election by means of literally hacking voting machines. I do not know the Brazilian election system, but I believe it would be quite difficult to steal a US election in this way.

It's true that a 49/51 split makes it easier to cheat undetected. But it also means the public was almost equally in favor of both candidates. When 98% of the electorate get their wish either way, it doesn't seem quite so important who wins.

I think you mean 49%, not 98%.

> Hacking voting machines to a significant extent would require a team of people, not just one guy, which dramatically increases the risk of exposure

As someone else points out, you don't need to hack the whole country, just some key locations. Also, you could hack the source; many firewalls from a major vendor had (have?) security holes because someone checked the necessary code into their revision control system. How secure is Diebold or whoever makes the machines?

> The reported vote count is usually very close to the predicted vote count

Suprise results, where the outcome doesn't match the polls, are not that rare. Recently Sanders' win in Michigan is an example. In the UK, in the last parliamentary election, I believe the conservatives did much better than polls predicted.

> always very close to exit polling results

If true, this is a useful check.

> hacking could not be used to create a very close result that could trigger a recount, or it would need to be combined with actual ballot theft

That assumes there are ballots to steal; many voting machines are electronic.

Diebold-like machines are not used very much anymore, I think because of all the controversy over how easily they can be hacked. Most of the country uses paper ballots that are counted by machine.

Yes, polls can be wrong, but I think exit polls are rarely wrong. Another comment pointed out these can be wrong too though, so this might not be a useful point.

Yes, as I mentioned in another comment, if you want to hack a real election you need to take a long-term view and make electronic voting widespread.

> Most of the country uses paper ballots that are counted by machine.

This machine then is the target, no?

Of course, but then it's much harder to secretly hack a machine when there are paper records to back it up. You need to tamper with the paper records, or be careful to only hack the machine in such a way that the paper records would not obviously prove fraud.

> Most of the country uses paper ballots that are counted by machine.

I'm not aware of this. Are you sure? Do you have any point of reference?

No, I'm not completely sure. Here's a potential reference: https://ballotpedia.org/Voting_equipment_by_state

I will try to do more research tomorrow, because this is quite interesting to me. I voted with a paper ballot that I fed into a machine, and at the time I assumed this was the standard. Now I'm not sure.

Local elections where I live (central USA) went from mechanical voting machines to electronic and recently back to paper ballots.

Seems like if you're able to poke at the idea in as much detail as you're providing that you might be able to draft your own. Have any ideas on how to do it?

That said, appears like given your points that I agree a better use of the idea would be to insure an election and reduce costs too. Meaning run a real campaign, stay behind, but close enough to not draw attention, which I'm guessing would reduce costs more than enough to cover the added costs of hacking.

None of my points have anything to do with cost, I'm (realistically) assuming a campaign with huge amounts of cash. The problem, as with most conspiracy theories, is the number of people that need to cooperate and stay silent, and the number of independent safeguards that already exist. Spending more money actually hurts you, because it makes it harder to hide where that money is going, especially with all of the campaign finance regulations.

I can't think of a low-risk way to literally hack an election in the US at the moment. You would need a long-term plan to change election laws, homogenize voting machines and methods across the country, and then hack some centralized database.

There is no way to get around the polling issue in a country with an even semi-free press, so you still need a pretty strong candidate that you just boost a little.

Anybody in the real world who needed to rig an election would use indirect methods. Spying, spreading misinformation, ignoring campaign finance laws, gerrymandering, etc. All things that have happened and will continue to happen.

> The problem, as with most conspiracy theories, is the number of people that need to cooperate and stay silent, and the number of independent safeguards that already exist.

It didn't seem like a problem for Diebold. The 2000 general election had a lot of awfully-convenient-for-Republicans scandals with their voting machines in place.

Yes, I agree that there were many issues with the 2000 presidential election. That's part of my point. Diebold sold their voting machine division for a huge loss, at least partially because of the controversies of 2000 and the many studies showing how easily their machines could be hacked. Most of the country today uses paper ballots that are counted by machine. Still exploitable, but it would be much more difficult.

This is conspiracy-theory talk, especially without any citations.

And outside of squeaking by in Florida with an assist from SCOTUS, the 2000 general election was terrible for Republicans. They lost a few extremely close Senate races (ultimately resulting in a 50-50 tie) that any competent conspiracy could have pushed the other way.

None of this squares with what I have previously been told about US elections.

1. I have seen video demonstrations wherein one person with opportunistic unsupervised access to a voting machine can hack it to affect every issue on the ballot within five minutes. Given the security at many polling places in the US, this easily extrapolates to one person able to hack all machines at a given polling place prior to election day, and possibly repeat the effort at several other nearby polling places within counties using the same type of machine.

Other hacks target the central tabulators, and don't require touching the voting machines at all. Opportunistic timing to enjoy unsupervised access between the election and results certification is a bit more critical to these.

2. Exit polls have frequently been "adjusted" in the US to more closely match the actual elections results. In the UK, this is called the Shy Tory Factor[0] or Shy Labour Factor, and has existed since 1992. The US has had the Tom Bradley Effect[1] since 1982.

This is usually explained by presuming that the exit polling result is inaccurate. It is never seriously considered in public that vote fraud may be becoming more severe. Yet I saw a statistical analysis of actual voting results, differentiated by the model of voting machine, that showed a clear, obvious bias towards certain choices of specific issues. The poll adjustment factor can easily be explained by the hypothesis that people remain as honest as ever in exit polls, but the voting process itself has become less honest.

3. Recounts will not uncover fraud if the records necessary for the recount are subject to the same controls as the records used for the first official count. If the voting machine does not leave a non-electronic record that can be verified by the voter while they are still at the polling place, a recount will just be run on whatever records exist, which may be falsified.

4. Thanks to the winner-take-all elections in the US, and the availability of previous census and elections data, it is possible to identify specific counties as keystones, wherein efforts to sway the vote locally will have disproportionately effective results.

For instance, you examine the "battleground counties" in the "swing states", and hack the central tabulator in that county to give your favorite candidate a 3% advantage by switching an opposing vote 1.5% of the time. You don't tell your party you're doing it. You don't even tell your dog that you're doing it. You just do it. If your guy loses, well, you tried.

Multiply by dozens of technically competent yet unconnected and independent supporters, and you get a significant extent that does not require any team.

[0] https://en.wikipedia.org/wiki/Shy_Tory_Factor

[1] https://en.wikipedia.org/wiki/Bradley_effect

I still find it odd that we can receive carbon copies of time cards and receipts for ATM visits (..on thermal paper which decays rapidly), yet when it comes to voting for our state elections we have no record of our vote and everything is handed off to 3rd parties with seemingly no provable accountability or transparency.

  "It's not the votes that count, it's who counts the votes."

Eliminating the ultimate privacy of the voting booth has potentially serious negative consequences, like attempts to influence elections via intimidation or bribery ("Show us your vote for Smith and it's worth $100 to you. If you don't, remember we know where you live...") There are a variety of clever schemes that work around this, but none of them are as simple as you getting to bring home a certified copy of your ballot.

I would sooner welcome a president distributing $6.5 billion dollars ($100 * winning vote count 2012) to normal people than have to suspend rationality and instead have faith in every actor capable of manipulating votes (of which I feel there are many).

If you honestly believe there is nothing any candidate can offer you which is worth more than $100, I propose you should be allowed to take that deal.

( Of course, completely open source hardware and software is the real solution. )

EDIT: I am a little bitter because I'm in a state using machines which don't even keep a paper trail to begin with. https://www.verifiedvoting.org/verifier/

The reason for that is to maintain secrecy of the ballot. Otherwise your husband or neighborhod thug might beat you if you don't vote correctly, or you might be paid to vote a certain way.

You probably don't want to alter the votes in the swing states, because there will be a lot of scrutiny on them. But if you alter a couple of county's results that were assumed to be "safe" to /just/ swing to the other party, more than likely it won't receive any major attention, but could cancel out the delegates from the other county and get you the desired result.

To affect a national election, you'd still need a small army of helpers - "vote smurfs" to inject your votes. Chances are very slim of keeping that quiet.

1. There are over 100,000 polling places in the US. You would probably need to affect at least 1000 of them to have a noticeable impact. It's true that only a few polling places could decide an election, but you can't know this in advance. It would be absurd to hack a few "in case we need it". That's a massive risk for probably no gain.

Individual polling place results are always reported, so just modifying the total count would not work.

2. This is a good point, but again, look at Florida. It was very seriously considered, and is still seriously considered by some people, that real widespread vote fraud occurred.

It's an interesting effect though, and I agree that widespread subtle adjustments might not be caught by looking at polls.

3. Yes, all of this would be much easier if voting was totally electronic. In the US, the vast majority of voting is done with paper ballots that are read by a machine. I think at least 3/4 of votes use paper ballot.

4. Yes, I agree, you wouldn't need to hack the whole country. But on the other hand, battleground counties are also ones the media and the public is paying the most attention to.

I don't think your example is realistic. I find it very difficult to believe that nobody would notice the individual district counts don't add up to the total count in a county. Or maybe that's not quite what you meant, but regardless, the system is not that automated. There are people at every stage of the process who would need to notice that what they're reporting is not what's going through.

The exclusion would be caucases where a particular party would be in charge of the ballets and voting count.

I don't think that solves the polling and exit polling problem at all, it only partially solves the recount issue (you still need tons of people to cooperate illegally), and it introduces huge new risks like people filming the caucus.

Arizona's voter database has apparently been tampered with or at the very least been susceptible to lax security standards.

Apparently someone has copies of voter registration forms and just copied the signature and changed party affiliation, nullifying votes (causing voters to receive provisional ballets, which generally are not counted) https://www.youtube.com/watch?v=P1PnM6rf7X8

Here's the Arizona House elections Committee hearing, and a citizen mentions that voter registration documents have been leaked to the web. https://youtu.be/ESyXvGLMIS0?t=58m37s

It is happening in the US and in plain sight--yet its citizens don't seem to care.

Eg. Gerrymandering, drastically reducing voting stations (see AZ), goofy voter registration law changes. These issues don't occur in other mature democracies.

They do happen in late stage capitalist oligarchies though.

We'll get Elysium, not utopia.

We already live in Elysium.

All we lack is robots preventing people from Earth (aka India/China/Nigeria/Malaysia) come join us. The ocean does a good enough job.

do you believe the state should exist - if so, how does it function? what are the duties of the state? how do people join the state? are there people who are "naturally part of the state" if so - why? How does this state thing work?

If you don't believe in a state. Do you believe in contact? if so, why? if they get broken, how do they get enforced, or he penalties within them enforced? Who is or is not involved

Do you believe in the concept of laws and law making? Who is involved in laws and law-making, especially if there is no state in your world view, but laws somehow do still exist.

Your claim, and other claims you've made in the past, especially around "violence via taxes" and "violence because immigration" makes it sound like you don't think a state should exist, and all the things that come with a stable state, such as the ability to make contracts and get them enforced, have laws and create new ones. It would make you sound less cynical and more serious if you explained what you were really arguing about, what you actually did believe in, what you believe was the intelligent answer, rather than just arguing against people. Otherwise, how are you much better than the Sophists that Socrates railed against?

Changing the reported vote count is amateur-level election rigging. Professionals engage in much less obvious efforts - say, by suppressing turnout in unfavorable voting locations.

Introducing a bug at voting machines that makes them break in unfavorable precincts would probably be the most effective election hacking strategy.

> The question is, why do we pretend it's not happening until there's a smoking gun?

Part of the propaganda is to label and marginalize people who point things like this out as conspiracy nuts and mentally unstable.

I would add that we need tip think we're a democracy

I think the reason is because there are easier, legal, ways to exert political control than to commit election fraud.

Why mess around with petty vote fraud when you can just make large donations to both candidates and guarantee the results you want?

Because most people don't know, don't understand the basic concepts, and don't trust people like you and me when we tell them. We're not "Good people" with "Good values". sigh

I know I'm not the first to point out this risk, but why should we assume that the reported vote count represents the actual vote? Becasue there is no smoking gun yet? That's like assuming your critical network hasn't been hacked, and doing nothing to protect it, because you haven't seen evidence of an attack yet.

Interestingly this exact same argument applies to fraudulent voting. We take no reasonable steps (e.g. requiring ID, same as for buying a beer or a gun) to prevent it, and have no way to detect it if it occurs, yet we assume it doesn't.

We do have ways to detect it, nobody just assumes. https://www.washingtonpost.com/news/wonk/wp/2014/07/09/7-pap...

Much of the country does require ID: https://ballotpedia.org/Voter_identification_laws_by_state

And requiring ID is not a reasonable step unless you provide a free and easy way to get an ID.

The first two links cited by the washington post suggest there is little evidence of fraud. That totally misses the point of hackuser's critique: why do we pretend it's not happening until there's a smoking gun?...That's like assuming your critical network hasn't been hacked, and doing nothing to protect it, because you haven't seen evidence of an attack yet.

To refute this claim, you need to show that fraud would be easily detected if present. In stats terms, show P(evidence|fraud) is large.

I suppose that requiring ID before purchasing a firearm, alcohol or opening a bank account is also unreasonable if said ID is not free and easy?

Well, there are more than two links in the article. Many of them lay out methods that would detect fraud if it were happening. Nobody is "pretending", we have investigated and concluded that it is not happening. For example: http://apr.sagepub.com/content/42/2/311

"Although voter ID laws have become a hot topic of political debate, existing scholarship has failed to produce conclusive evidence concerning the existence or frequency of electoral fraud, especially the type of fraud that would be prevented by photo identification laws and signature verification protocols for voting by mail. We propose a new method of measuring election fraud, especially identity fraud, that is superior to previous measurement efforts because it measures actual instances of fraud rather than waiting for conclusive proof of fraud produced in a criminal prosecution. We test our method in multiple jurisdictions, including two known cases of electoral fraud, and we find no additional cases of fraud. We speculate that public access to voting and registration records play an important role in preventing this type of election fraud, suggesting that these practices are perhaps more important than voter ID laws in preventing election fraud."

Requiring an ID for alcohol is not unreasonable because there is no constitutional right to be able to purchase it. I imagine there are some gun control opponents who argue that requiring an ID to buy a gun is unconstitutional, but there is ample evidence that not requiring an ID causes immense societal problems, and infringes on other people's constitutional rights. This is not true of voting, as you can see in that article.

> Consider the U.S. presidential election: The outcome is worth billions each to very many parties worldwide; it's existential to some foreign governments and actors; many in the U.S. have very powerful ideological motives. How much would it cost to hack voting machines? It seems very likely to me that it's happening, though I don't know where or to what extent.

It is largely a question of Cost adjusted by Risk v. Reward.

Running attack ads, social media sockpuppet operations, etc. are legal, effective, and have similar costs. Similarly, you have a nation-wide machine who you endanger when you fuck with the integrity of that machine [i.e. being caught doing anything illegal] already. You've got plenty of options to spend your money on, from the preceding election(s) to seize local and state voting mechanisms to run the game in those states [legally] with tactics that are clearly unethical and immoral [voter suppression, deploying outright lies/euphemisms in the name of controlling the voting population].

These mechanisms are much, much more powerful than "hacking" voting machines due their lack of risk, similar costs, and provide you with a foundation with which to influence future elections. Kansas shifted the vote [~2%] greater than Obama's margin of victory in Florida [.88%] with a single law.

Consider the current situation nationally:


> Although no one jumped from “definitely Bush” to “definitely Kerry,” some students who were leaning toward one candidate did switch to the other side. And in a tightly contested race, like this year’s presidential election, getting even a few people to change their vote can make all the difference in the world.

> They then showed the students one of four political ads and asked them to re-rate their levels of support. Roughly 14 percent of the students said the attack on their candidate made them support him even more, the researchers found. But an equal percentage of students said the advertisement weakened their support and caused them to move closer to the opponent—the one who ran the negative ad.


> In the ongoing fight between Democrats and Republicans over election procedures like voter ID and early voting, the Democrats are supposedly the champions of higher turnout and reducing barriers to participation. But when it comes to scheduling off-cycle elections1 like those taking place today, the Democratic Party is the champion of voter suppression. > Scheduling local elections at odd times appears to be a deliberate strategy aimed at keeping turnout low, which gives more influence to groups like teachers unions that have a direct stake in the election’s outcome.


> Governor Chris Christie: Same-Day Voter Registration Is a “Trick” and GOP Needs to Win Gubernatorial Races So They Control “Voting Mechanisms” > Fran Millar: Georgia Senator Complains About Polling Place Being Too Convenient for Black Voters > Doug Preis: An Ohio GOP Chair Says We Shouldn’t Accommodate the “Urban — Read African-American — Voter-Turnout Machine” > Greg Abbott: Texas AG Says Partisan Districting Decisions Are Legal, Even if There Are “Incidental Effects” on Minority Voters > Don Yelton: North Carolina GOP Precinct Chair: Voter ID Law Will “Kick Democrats in the Butt” and Hurt “Lazy Blacks”


> In the state’s nail-biting gubernatorial race, Republican incumbent Sam Brownback bested his Democratic challenger, Paul Davis, by a mere 33,000 votes out of nearly 850,000 cast. Now, compare that with the estimated effects of Kansas’s new restrictions on voting.

> We know that more than 21,000 people tried to register but failed because they lacked the necessary “documentary proof of citizenship” required by a new Kansas law. The state’s separate, strict voter ID law also had an effect: Applying findings from a recent Government Accountability Office report that examined how the voter ID law affected the state’s turnout in 2012, Weiser estimates that it probably reduced turnout this time around by about 17,000 votes.


> For example, the researchers found that in primary elections, “a strict ID law could be expected to depress Latino turnout by 9.3 points, Black turnout by 8.6 points, and Asian American turnout by 12.5 points.”


> 1) Hacking voting machines to a significant extent would require a team of people, not just one guy, which dramatically increases the risk of exposure.

I don't agree with Burkman on that. It'd be relatively easy to hack them with a couple guys in a swing state who drops devices at target locations. You can get a partnership with decent security to function in this regard.


> When state auditors investigated, though, they didn't find that particular problem. Instead, they found something more disturbing. While using their smartphones, they were able to connect to the voting machines' wireless network, which is used to tally votes. > Other state investigators easily guessed the system's passwords — in one case, it was "abcde" — and were then able to change the vote counts remotely without detection.

> 2) The reported vote count is usually very close to the predicted vote count, and always very close to exit polling results. The hacked results would need to be very close to the real results, or be combined with control over a huge number of people in the polling industry.

This is a larger problem that can only be surmounted in 1-2 swing states in a given election. You can't push the needle more than a few basis points with these tricks or you'll get all sorts of accusations flying, recounts, Bush v. Gore, etc. etc.

Weird statistical outliers simply don't happen often enough at the precinct/county level and the shift in state results are the results of an aggregation of events in multiple precincts. So I highly suspect you could flip one or two precincts this way as well as shift the whole state a few basis points on top of that but if you swing more than 1-1.5% this way I'm pretty sure you'll fail due to recounts and other safeguards.

The target states for this would be the usual "swing states":

https://en.wikipedia.org/wiki/United_States_presidential_ele... [ .88% ]

https://en.wikipedia.org/wiki/United_States_presidential_ele... [ 2.98% ]

You aren't going to be able to pull this off in Ohio but you could in Florida. You'd also need to be able to predict which states you could swing this way and do so without triggering a recount.

So you push Florida to +.62% Romney and sabotage things when your opponent demands a recount. The risk of detection is really, really high. If detected swinging this one state, you lose the election due to being on trial for criminal conspiray, etc. etc.

The question is, why do we pretend it's not happening until there's a smoking gun?

Only a fool thinks it not happening everywhere, and one thing I know for sure after reading these forums for a few years now...

HN members are not fools.

HN members also write server-side code in JavaScript.

And here is why we the techies can't have nice thing, we trow shit each other over which language we use instead of working togheter toward gaining credibility to the masses, and I say this as one whom wouldn't touch anything nodejs as that's my preference: people out there are doing very smart things with it (And some very bad stuff, but such is life of widespread tools)

> He also splurged on the very best fake Twitter profiles; they’d been maintained for at least a year, giving them a patina of believability.

> Sepúlveda managed thousands of such fake profiles and used the accounts to shape discussion around topics such as Peña Nieto’s plan to end drug violence, priming the social media pump with views that real users would mimic. For less nuanced work, he had a larger army of 30,000 Twitter bots, automatic posters that could create trends. One conversation he started stoked fear that the more López Obrador rose in the polls, the lower the peso would sink. Sepúlveda knew the currency issue was a major vulnerability; he’d read it in the candidate’s own internal staff memos.

I've been wondering when more sophisticated Twitter sockpuppetry would start having an impact. The media seems generally unprepared for a coordinated campaign of fake tweets from accounts that don't have eggs as their avatar or #freeiphones in their profiles...I don't mean just the trend of "Hey 3 people said something on Twitter so it's a story", but that there's also not enough skepticism paired with efficient ways for sniffing out fakery on social media. I hadn't thought about the problem of a mass army of bots suddenly creating a trending tag.

It reminds me of "The Agency", a story published last year investigating how Russian operatives allegedly used human-controlled Twitter spamming to try to publicize a fake story of a Louisiana chemical plant explosion:


But as sophisticated as that sockpuppet campaign was...it was obviously destined to fail by the fact that an exploding chemical plant is fairly easy to confirm as true or false in real life. Trending opinions about politics don't offer such binary ways of filtering.

Propaganda takes time. Often the most effective stuff happens when you aren't even aware of it. You progress through your regular life and encounter regular things. People bitch on the internet about stupid stuff with the occasional decent argument, and nothing looks out of the ordinary. You see laughable arguments about politicians with hints of truth, or intrude, but maybe you ignore it.

After a while you see more arguments along the same line of reasoning, but with more data and less vitriol. You find yourself agreeing more, even if you like the person being disparaged. You may even come around to accept a side of an argument you didn't think much about before.

This is how minds are turned. First the trolls and bots do as they do. Some people catch a whiff and continue the trend. Sometimes as a joke, other times seriously. Even those who pretend to be joking will not long be indistinguishable from the fools who think they are in good company.

Propaganda is not a tidal wave that comes crashing down on established opinions, it is a steady stream that eats at solid rock until it creates a deep gorge you could not have imagined structured in any other way.

The world is neck deep in dearly-held beliefs that would quickly die out if people en-masse embraced the kind of systematic, relentless skepticism required to combat this. Society protects these beliefs by stigmatizing skepticism, but in doing so effectively makes itself vulnerable to exploit.

I myself am skeptical about that.

Edward Bernays, who really pioneered propaganda, argued that people put elements of identity in "logic-proof compartments" because to be one thing by definition means not being another thing, and people often would rather shut out thoughts than seriously question themselves.

Are you an "entrepreneur?" What about "talented?" Or "Democrat?" Or even, "Liberal?" "Conservative?"

Public opinion is as much an influence on propagandists as they are on public opinion.

> Propaganda is not a tidal wave that comes crashing down on established opinions, it is a steady stream that eats at solid rock until it creates a deep gorge you could not have imagined structured in any other way.

Yes. However, they swing things in a single election cycle for marginal supporters of a candidate [which are the folks that really control the outcome in the US. The majority of the states are consistent.].


> Roughly 14 percent of the students said the attack on their candidate made them support him even more, the researchers found. But an equal percentage of students said the advertisement weakened their support and caused them to move closer to the opponent—the one who ran the negative ad.


> •Just giving medical students pens with a drug's name on them made the students significantly more favorably disposed toward the medication than otherwise, despite their immersion in classes aimed at letting them rationally evaluate drug benefits, found a 2009 Archives of Internal Medicinereport.

> •Remember shaking hands with Bugs Bunny at Disneyland? Roughly a third of people presented with a fake ad depicting a visit to Disneyland that featured a handshake with Bugs later remembered or knew the meet up with the 'wascally wabbit' had happened to them, according to a 2001 University of Washington study. Even though Bugs is owned by Warner Brothers and verboten at a Disney facility, so it couldn't have happened.

The media are often... how should I say it... a tad behind the times in regards to how the internet works and how it can be exploited. For example, note all the media coverage a year or two ago about 'fake reviews' on sites like Amazon and Yelp. These have been widespread since both sites begun, yet were pretty well ignored by the media for most of that.

Or the comments and articles about Reddit's launch. Apparently, the idea that someone could use fake users to start a community shocked a few unwary people (and journalists). Despite this being a forum building tactic since the internet begun, and a business tactic (to some degree) for decades or centuries.

Or heck, the 'trolling' and harassment stuff about Twitter and social networks. Old tactics and behaviour, but seemingly not known by the mainstream media till it affected sites their journalists used.

Really, the media is unprepared for a lot of stuff, since they're about two decades behind when it comes to knowing how technology and culture works.

As for when sophisticated Twitter sockpuppetry would start having an impact? It might well already be having one. I mean, similar stuff is endemic on Russian language forums and sites, and hey, governments have access to these techniques and useful software to help carry them out...

> The media seems generally unprepared for a coordinated campaign of fake tweets from accounts that don't have eggs as their avatar or #freeiphones in their profiles.

Why should they care? The purpose of a news business is to make money. If it works, then it works.

I think the real problem here is the incentive structure for a modern news business, as well as the network effects of sharing, links, etc.

Even assuming maximum cynicism, they should care about losing trust (and therefore future business) when it's shown they've spread fake news.

That would be the case if they did in fact lose money based on this problem.

I don't know how common/significant such losses are. But it seems clear that lots of news organizations are betting heavily that such losses are less than the cost of ensuring that they publish only reliable news.

> with a shaved head, goatee, and a tattoo of a QR code containing an encryption key on the back of his head. On his nape are the words “</head>” and “<body>” stacked atop each other, dark riffs on coding.

Jesus, this guy sounds like he walked straight out of a bad cyberpunk story.

On the serious side, this gets to me:

> Sepúlveda says many of the candidates he helped might not even have known about his role; he says he met only a few.

It never occurred to me, but it's a novel concept: people campaigning for high office may be unaware of corruption in their own campaign. The idea of a well-intentioned politician with no idea corruption propelled them into office is scarier to me than a knowingly corrupt politician.

I certainly wouldn't want one, but a </head><body> neck tattoo is actually pretty amusing, to me anyway...

It is just plausible dependability for the candidate. This is traditionally how organized crime works.

I believe it is called "plausible deniability". ;)

Yay! I'm not the only one old enough to have seen that movie on HN.

Capitalism makes centralized democracy untenable, and capitalism is here to stay.

So much power is controlled by infrequent elections, so influencing those elections is always worthwhile. Capitalism is an evolutionary force that selects for the most profitable business practices. People who figure out how to profit from influencing our democracies will outcompete those who don't. We can pass new laws, but that's like inventing a new antibiotic: it works for a while until evolution finds a way.

We must decentralize governance to be free. But how? We can use trade to individually enforce rules. Consider ISIS. ISIS controls territory by paying people to control territory. The money ISIS pays is worthless paper. You and I give that paper value because we accept it for our work. If you want to reduce ISIS's power without anyone's permission, all you have to do is stop accepting any money they've traded for your work.

We now have the ability to build decentralized ledgers of trade that you can consult to do this. Instead of relying on political parties to pursue your policy goals, you'll install an app that cuts people off from your economy when they break your rules. If this is a power that people desire, they must stop accepting anonymous money and only accept money through their policy wallet apps.

We're using bad technology to organize our society and it's giving us political corruption, terrorism, and global warming. It's imperative that we decentralize democracy so we can rid the world of this unnecessary damage.

As an alternative, what about moving away from representative democracy (i.e. where you periodically elect someone to make decisions for you by proxy), to a system where you can optionally choose to cast your own vote for particular issues. If we had more lightweight mechanisms for performing trustworthy elections then maybe this would be feasible. I imagine by default though most people wouldn't be bothered to put in the effort to make knowledgeable decisions, and hence why you want to still have representatives.

"Liquid democracy" is very cool, and it seems strictly superior to our current system. However, it will still be captured by capitalism. The most popular representatives will attract the most funding, and their actions will be as biased toward their funders as they can be without losing too much support. The big threat there is regulatory capture: promoting laws to clamp down on profitable industries, but in ways that give incumbents huge advantages because the laws are hard to comply with.

The only way to get money out of politics is to make sure the people can control money.

Sure but at least it reduces, albeit doesn't eliminate, the ability of politicians to say one thing at election time and then do the opposite once they've been elected.

A system where a delegate would have a number of votes they represent, and in which people could choose to cast their own vote, instead of letting their chosen delegate do it?

This would have a few problems, mainly the secrecy of votes, delegates having unequal voting power and people who didn't vote in the elections.

"I don't like you comment, I'm gonna stop accepting money that ever went through your hands."

This seems like a terrible idea that would fracture the economy in so many different ways.

If you go to a store and they reject your cash because it's too crumpled, you're probably going to start shopping somewhere else. Same logic applies here: cutting people off from your economy is bad for business. You only do it when it's worth it.

Computers are flexible mutable controllable interconnected facile adaptable devices - it's why we use them and love them so. What is it we hope for as the basic property to vote collection and reporting? It's essentially the opposite of the computer's character set. So if you insist on the convenience advances to the voting process, ("I wanna be able to vote via smart-phone!") then you'll inevitably be giving up the basic property that you really do want: veracity. So, to the first approximation: primitive paper ballots are some of the most stubborn and costly to hack.

Keep in mind that you can give up anonymity instead, via cryptographically verifiable voting with confirmation receipts ;) Of course, that opens its own can of worms...

oh please. He didn't hack an election. They tried to influence public sentiment using social media. They hacked some phones and emails. But they didn't rigged the election.

Just so you know. The Mexican electoral system looks like it was built by paranoiac maniac. It has many locks. Everything is done manually, votes are counted by multiple citizens, they use transparent poll boxes, special election photo ids are issued for every citizen, even the voting lists have photos, people get their thumb marked with ink, the parties are allowed to have representatives at every place, results at every place are signed, they are published at the voting place and also electronically, etc, etc. One million people participate on the election.

Clint Curtis testified before congress that he did just this.

It remains an unproven allegation.



Somewhat related story: During the Mexican presidential election mentioned in the article, a PhD student at one of the top Computer Science departments in the U.S. got in touch with me (through a shared friend) because he saw I was doing research on Mexican civic tech.

He mentioned that while he was teaching a workshop at his university, two of the workshop participants, who were employees of a powerful Mexican TV network, asked him to help them discredit or deflect the student movement described in the article (the movement was called the "Mexican spring" at the time for their use of social media).

This sounded shady to the student, and he wanted to tell someone, but didn't know who. Ultimately he just avoided the TV folks for the rest of the workshop.

Weeks later, The Guardian published some leaked documents that showed nefarious ties between said TV network and the then candidate.

The student connected with the press then, but the story never came out. Perhaps he got cold feet, or maybe the journalists didn't think it was interesting enough.

Ugh. I don't know if the particular people involved here are telling the truth, but I basically know that something like this must be happening, given the incentives involved. Dispiriting, I have to say, since it would be hard to beat this sort of thing without becoming what you're fighting against.

Also, at the end there when they implied that HRC is hiring Rendon for the general election, did anyone else find themselves thinking that this whole story could be a manipulative plant of the very sort they were discussing? Not that I think HRC is above this sort of thing.

I wonder if the implication was that the candidate from Texas was the interested party instead of HRC.

I know she is a "leading candidate" and no party affiliation was mentioned but the hacker has in the past supported right-wing candidates and Ted Cruz is also closer to being the annointed one than he was a month ago. It might not be a coincidence that dirty tricks reminiscent of past elections are just starting.

It certainly appears that he is already on someone's payroll. Trump? Maybe, though it would be denied of course. Maybe this is Trump's answer to Cruz's manager.

It appears though that Cruz already has a slimer helping him according to a story I read a few weeks ago.

Maybe it is HRC and she's just trying to gear up for the mud-fest that will surely start once the real campaign kicks off.

[Behind Ted Cruz's Campaign Manager, Scorched Earth and Election Victories - NYTimes](http://www.nytimes.com/2016/02/24/us/politics/ted-cruz-campa...)

It was Rendón, not Sepúlveda (the hacker, in prison), who was allegedly helping Trump.

  > But Rendón says he’s in talks with another leading 
  U.S. presidential campaign—he wouldn’t say which—to
  begin working for it once the primaries wrap up and the 
  general election begins.

That's right.

I didn't keep the two of them clearly separated in my mind since they had operated as a team for so long.

I wonder though if part of his access to computers while locked up allows him opportunity to carry on the same sort of operations as before, this time only for "approved" clients.

Elections aren't what they used to be. Maybe they never were.

well, it is bloomberg lol

No open <head> and no close </body> ... I don't trust this guy.

This is scary. Although we believe that an intelligent person would probably distinguish most social media manipulations, I think that we fall into the trap of deceptions more than we think we do. I wonder if there is some sort of study on how often significan social media manipulations occure in elections on the west.

Reminds me of a meeting I sat some years back with someone whose role was to run 'dirty tricks' campaigns for Microsoft in the early Apple vs. Microsoft days. He talked about stuff like ways they used to undermine Apple dev conferences so no-one would be interested to go the following year and generally white-anting their community, especially education environment. It was a bit of an eye opener.

I also suspect this guy is underselling his service. The article calls $20k/mth expensive. If your going to significantly affect an election I suspect there could be another zero or more there. And I wonder if he's ever worked for 2 sides simultaneously? Given the ethics involved this wouldn't be a stretch.

Hi guys, I'm a journalist from the Netherlands and I'm working on this story. Basically in a way that you comment on it, asking myself the question what this story means for more adult democracies. So my question for you is: do you think it's likely that political campaigns have hackers on a payroll to spy on opponents agenda's and manipulate social media? I'd like to hear from you. You can email me as well on anne.sachtleven@volkskrant.nl

There are many comments here pointing out the (quite reasonable) fact that hacking voting machines on a large scale is likely to be discovered and thus unsuccessful in stealing a U.S. Presidential election.

Even so, the average voter is quite protective of the idea that American elections are structurally fair (a sentiment that is actively inflamed to imposed voter disenfranchisement schemes, like ID requirements).

If the goal is to expose the fundamentally insecure nature of electronic voting in the US (and potential for truly fraudulent election results in tight districts) a complete invalidation of voter ballots [i.e. Big splashy, obviously fraudulent election results] would surely draw enough attention to force some public discussion of investing in secure, auditable voting machines.

I found this article very interesting. I do always wonder why we pretend this isn't happening though? That's not ignorance, that's just plain stupid.

Fixing the results 49% to 51%, is a way for them to seem plausible.

American Election Hacker Testifies https://www.youtube.com/watch?v=DzBI33kOiKc

Am I the only one who misread this as "How to Hack an Elect_r_on"? :)

More interesting for me is why hacker decided to share it all with press agency. Is this information in the article? I might have missed it. Seems like a good way to get yourself kidnapped and tortured indefinitely.

Why Electronic Voting is a BAD Idea - Computerphile: https://www.youtube.com/watch?v=w3_0x6oaDmI

A 600k budget to fix or change the results of an election for a country with a GDP of 1.2 trillion?

That's a ridiculously good use of money for a corrupt politician.

Exceptionally interesting.

Also, First HN article I've also seen on Drudge. Worlds collide.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact