The possible attempt was unsuccessful and no votes were changed but West Virginia’s Secretary of State says the investigation announcement aims to act as a “deterrent”.
The FBI is investigating a potential attempt to hack the state of West Virginia’s mobile voting system in 2018.
West Virginia Secretary of State Mac Warner said: “In last year’s election, we detected activity that may have been an attempt to penetrate West Virginia’s mobile voting process. No penetration occurred and the security protocols to protect our election process worked as designed. The IP addresses from which the attempts were made have been turned over to the FBI for investigation. The investigation will determine if crimes were committed.”
No penetration occurred and the security protocols to protect our election process worked as designed.
Mobile voting was introduced in West Virginia’s 2018’s mid-term elections to allow members of the military and overseas citizens to vote more easily without requiring a printer, scanner or fax machine. The system, created by Voatz, uses biometric identity verification and blockchain technology for security.
The tool was tested with two West Virginia counties during the May 2018 primaries before being used more widely in November 2018’s mid-terms, when almost 150 people from 31 counties voted using the system.
Warner said the announcement was being made as a deterrent “to warn people that any attempt to hack an election will be fully investigated by the FBI and turned over to prosecutors when appropriate.”
He added: “I want to assure everyone in West Virginia that absolutely no penetration occurred, no votes were changed, and the integrity of the elections in West Virginia was absolutely secure. Our security systems worked completely as designed.”
Warner said that even if well-intentioned, “the mere act of attempting to probe a voter registration list, a mobile device, or any aspect of the election process may amount to a criminal offence.”
CNN reported that the possible attempted hack may have been a student researching security vulnerabilities rather than a bid to alter any votes.
Democratic US presidential hopeful Andrew Yang said recently that voting should be available via mobile devices with verification through blockchain. He argues that modernising voting with decentralised ledger technology could increase security, reduce inconsistent processes between states and restore confidence in democracy.
Others, though, are not so sure. Cesar Cerrudo, CTO at IOActive Labs, a security research firm, told SmartCitiesWorld he believes implementing digital voting in this way would be “just craziness”.
He said he sees more risks than opportunities, explaining: “You need to have an extremely secure system from end to end, which is very difficult to do in a practical way. For example, malware is present in most devices nowadays so a compromised device will mean that any vote coming from that device can’t be trusted. [You can’t always know whether] a device is compromised or not, so how do you trust the votes?”
He added that if someone’s device was hacked, their vote could be changed without their knowledge. “The vote would be saved on blockchain and won’t be able to be changed anymore. Secure e-voting is very complex and blockchain alone is not a solution,” he said.
Last month, Pierrick Gaudry, a researcher at CNRS, the French National Centre for Scientific Research, exposed a security flaw in Moscow’s online voting system less than a month before its use in the city’s election of a new parliament. Moscow updated the system following the finding but soon after, a Harvard researcher said he had found another flaw.
In September, over 10,000 people voted via Moscow’s online voting system.
The elections went ahead as planned. Moscow said that 10,396 people voted via the online system – 92.3 per cent of those in the three experimental constituencies in Moscow where the option was available. There was a brief outage during the online election, which affected some users.
You might also like: