Kill Chain: The Cyber War on America's Elections (2020) Movie Script
1
Voting is about our capability
to change the way the government works
by changing the people
who make the decisions,
and have a peaceful transfer of power
when the people have made that choice.
If you don't have that,
then the alternatives are revolutions.
The problem is once you
understand how everything works,
you understand how fragile everything is,
and how easy it is to... lose this all.
Do you have any doubt
that Russia attempted to interfere
- in the 2016 elections?
- None.
In 2016, we know that Russian actors
targeted state election systems.
Has the department conducted any kind of
post-election forensics
on the voting machines
that were used in 2016?
Our department has not conducted forensics
on specific voting machines.
I think it had no bearing on the election.
We have no evidence
that votes were changed.
No actual votes were changed.
I keep hearing that
the system is unhackable.
Bzzz! Wrong.
Everything is hackable, always.
These are just computers.
We call them voting machines,
but they're nothing more
than obsolete computers.
Wow.
WoPassword. Do we
want...? For admin. Yeah.
- Admin.
- Yeah.
- Awesome.
- Success!
We are in!
It's not just about hardware.
It's the hardware of our democracy.
- Thank you for voting.
- When people say
no votes were changed,
it misses the point.
What matters is that you create chaos
in the election system.
We tend to see these events
as random and disconnected,
but, in fact,
there's a pattern you can see.
In cyberwarfare,
it's called a "kill chain."
We may be buying the world's
best 20th century military,
when the battlefront in the
21st century is election security,
cybersecurity.
In order for us to find a way forward,
we have to understand
how broken the system is
and what are the fundamental
problems we are facing.
This shouldn't be a partisan issue.
This is our common problem,
owned by everyone living
in the United States,
and we have to solve it
in order to preserve
our way of life, our society,
the rule of law,
and our right to self-govern.
So, how we vote in the United
States is very complicated.
Elections are run locally.
There's no national election system,
no agency, and all of this is left up
to the states, and within the states,
it's left up to, typically,
to the counties.
There are many, many, many
counties in the United States.
Within the counties, it's then left
to the election officials
in those counties,
and they get to decide how we vote.
They get to decide what machines we use,
and there are many different
kinds of election machines.
Then the memory card
is placed into the voting machine.
Some places also use paper ballots,
and all of the paper ballots
go into a scanner.
Paper ballot here, hand-mark it,
and feed it to our precinct scanner.
Other districts will use what are called
"direct recording electronic machines,"
which are touch-screen computers,
and then, ultimately, all of these votes
will go into a central location
that will tabulate the votes.
So, at the end of the night, when you
close the machine down from voting,
there's a thumb drive...
As soon as the voting
stops, the coordinator pulls this out,
has a special laptop, to just
put it in the side of that machine,
and they send it to the right place,
and then it's done. Pow!
Basically, there is no way
that you can say,
"This is how America votes,"
because America votes in this very,
kind of chaotic, very idiosyncratic way.
Our vote system in
the United States is very, very hard
for someone to hack into 'cause
it's so clunky and dispersed.
It's Mary and Fred putting a machine
under the basketball hoop at the gym.
The overlapping layers of the
system are what give us confidence,
the fact that there's a wide
variety of machines in use,
a wide variety of procedures
across jurisdictions.
Thousands of machines
at thousands of locations
across the United States...
Means that there's
no national system that a hacker
or bad actor can infiltrate to affect
the American elections as a whole.
There is a commonly repeated statement,
repeated over and over again,
that the US election system
is protected by its vast diversity,
uh, that's not exactly true.
The laws are actually
very similar across the US,
but so are also the voting machines.
There is commonalities between,
basically, all makes and models,
and one of the commonalities is that
the key element to carry
and store the votes
seems to always be a removable medium.
Whether it's a card
or whether it's a USB stick,
it doesn't matter...
It's still a removable storage medium.
Every single step of the way,
it is vulnerable to attack.
One machine, then another machine,
then another machine, and so on.
It is also important to understand
that modern storage devices
are computers of their own.
It is not just where data is stored,
also storing instructions
for the voting machine,
how it should operate.
What we are going to do
here is modify one card.
And it's a very simple process...
You just add the card in,
and tell exactly what file
you want to be put in.
You run the rewrite program,
and then bring it to the
election supervisor's office.
Here is the memory card I have touched.
Okay. Now this is the only piece
- of Diebold equipment that you've used?
- That's correct.
What we have here is a
programmed optical-scan ballot.
Now there is only one
question on this ballot.
Two individuals will be voting "yes,"
the rest of us will be voting "no,"
and then we'll scrutinize
the ballots afterwards,
to ensure that that is indeed the mark.
Oh my.
Oh no!
- What is it? What is it?
- WoSeven yes, one no!
Oh my gosh!
Seven people said it could be hacked.
- And we put through...
- Six and two.
Six no's and two yes's.
Oh my gosh. Do you know what this means?
The memory card can be altered,
and that will cause incorrect results,
and every single element of the system
will be reporting
the same incorrect results,
seamlessly, leaving no evidence,
nothing to be detected.
The first reaction was
to shoot the messenger,
to try to use any legal means
possible to cause a chilling effect.
And there was a huge
amount of resources used
just to stop the communications,
just to stop people
discovering the vulnerabilities.
There was a huge amount of lobbying,
advertising, marketing to assure customers
everything is fine when it was not.
If those same resources
would have been put
to actually fix the problem,
that would've been way cheaper.
The real differentiation of
Dominion is we are customer-driven.
Our employees partner with
our customers to make elections
simpler, more secure, and more accessible.
We are right now outside of
Tallahassee, Florida, in Leon County.
It's been almost 15 years
from when we hacked the voting machines
back in 2005.
And we are here to see
our old friend, lon Sancho,
who was the election supervisor
of Leon County.
On September 30th of 2016,
we get this cryptic email
from the secretary of state
of Florida's office, saying,
"All supervisors of elections must be
"on this conference call
at such and such a time.
"This is secure.
You will be there, and you will
not mention this call to anybody."
- Mm-hmm.
- We gathered our staff, put it on a speakerphone,
and what it was, was the FBI
was telling Florida election officials
that a foreign power
had penetrated a vendor
- which does work in Florida.
- Mm-hmm.
It didn't take us long
to figure out that they were talking about
the GRU, i.e., Russia's
military intelligence service.
And the vendor was a Tallahassee vendor,
- VR...
- Mm-hmm.
Which did all the programming
for a majority of the counties
in the state of Florida.
They do the absentee ballots.
They do the early voting operation.
This... This company,
if it had been hacked,
it had the potential to really
impact on Florida elections.
VR Systems sells what are
called electronic poll books,
which are software or hardware or both,
that have digitized the voter databases
that are used to verify
who is a legitimate voter and who's not.
And VR Systems are responsible
for the poll books
in almost every county in Florida.
I think there's 67 or 68 counties,
and they had sold
poll books in 64 of them.
They also sell them around the country.
They're in eight states.
In this case, the vendor was VR Systems.
Maybe the vendor was the first
target, but it's not the real target.
The real target was the
jurisdictions of the customers.
If what the bad guys wanna do is
hack into the voting process,
then they might target
voter registration databases
because they are open
to the Internet by definition.
Like if you want people to be
able to register online,
they have to be open to the
Internet, so you can get to them.
The other thing is that with
a voter registration database,
imagine you go in and you flip
the second and third digits
of everybody's address,
so that, now, when
they show up to the polls,
their ID does not match
their address on file
in the voter registration database.
It's virtually impossible
to detect by eye,
so a human's not gonna notice it,
and yet, you could cause
a lot of chaos at the polls.
CBS North Carolina's Jonathan
Rodriguez joins us live from Durham.
It's been a very busy day of voting here.
We're here at the Bethesda Ruritan Club,
where people can go out and vote.
It started a little bit
rocky for voters out here,
and it's all due to a technical glitch.
Normally, when you go inside here,
they would get on a computer
and get your name
and your information
to see who's voting, right?
Well, that's the system that had a glitch
and required them to go
back to paper polling,
the old-school way of doing it.
Durham County was ordered
to go to the paper poll books
and to shut down the computers.
Basically now, it's
a big stack of papers that has
every registered voter on it, and
they have to check you in that way.
They said it impacted
at least six other precincts,
slowing down voting times.
"It's a glitch why all of
the electronic voter ID systems
"in particular precincts in America
went down uniformly. Oh, it's a glitch."
Excuse me. There is no
such thing as a glitch.
- No.
- That's a term
that we use to hide problems,
not illuminate problems.
Long lines and some
equipment malfunctions were reported.
Machine malfunction
forces wait times to exceed two hours.
This line, all the way
around the building, waiting to vote.
I work. I won't be able
to get back over here
in time to vote.
If your goal is to undermine democracy,
you actually don't need to change votes
to hack an election.
When you prevent people
from casting a ballot,
you've hacked an election.
Quite frankly, all election
officials in America
were clueless of what was going on.
In fact, we heard nothing
until a national security subcontractor
- called Reality Winner.
- Mm-hmm.
Reality Winner ran across
a report from National Security,
detailing how the attacks were done
around the states in
the United States of America.
This was considered top secret...
and no election official
- in the country knew about it.
- Mm-hmm.
It was about a year
later before the states
that were actually
attacked by the Russians
were able to hear and know
it was the Russians doing it.
We should never have that.
Barely one hour after The Intercept,
an online news site, posted a story about
a top-secret US government
document on Russian hacking,
the Justice Department said
a 25-year-old Georgia woman,
Reality Leigh Winner, had been
arrested for leaking it.
The document that
she leaked was the actual proof
that the Russians had attempted
to hack into our voting software.
She was trapped in a world
where she was going to work
every day at the NSA,
and the news was conflicting
with the proof that was
right on her computer screen.
She was basically releasing information
that we were under attack.
Based on the
volume and the level of activity
that we had seen,
I had no reason to believe
that the Russians hadn't tried to access
some kind of voter system
in all of the states.
That was really a moment
where we realized, like,
that this was, uh,
a very large-scale operation
beyond anything that
we had really, I think,
anticipated up to that point.
Reality Winner will now serve
more than five years in prison.
That's the longest sentence ever imposed
for this kind of violation.
I think she's a heroine
for releasing that information
because, until that moment,
we did not know
the extent of this operation.
She's got a minimum
of a five-year sentence
that she's serving in federal prison.
But that's not gonna prevent
an attack on our system
or ensure that our
votes are being counted.
The American government
was caught off guard.
The election systems were
caught off guard in 2016.
In a way,
it was a failure
of imagination on our part,
because if we look back at
the Russian military doctrines
that were outlined in 2011
by General Gerasimov,
who was the equivalent of the Russian
Chairman of the Joint Chiefs of Staff,
he said in 2011 that
Russia could not compete with the West
in tanks and trucks
and planes and bullets.
But they could compete in the
area of cyber and misinformation,
disinformation, and sowing dissension.
And what better way to sow dissension
than to corrupt an election process?
I serve on the
Senate Intelligence Committee,
and I can tell you every
single country in NATO
has had Russian interference in
their elections, every one of them.
The campaign of centrist Emmanuel Macron
claims it suffered a massive
and coordinated 11th-hour cyber attack,
with leaked documents
designed to destabilize
tomorrow's runoff election.
Analysts say Putin
wants to work against Macron
to tilt the election toward
his favorite candidate,
the far-right populist Marine Le Pen,
who wants to bring France
out of NATO and the EU.
The day before the Ukrainian
presidential election
results were announced,
a hacker group calling
themselves CyberBerkut
infiltrated Ukraine's central
election computer systems.
According to Ukraine officials,
if the malicious software
they installed had not been
discovered and removed,
it would've portrayed
that ultra-nationalist
Right Sector leader Dmytro Yarosh
had won with 37 percent of the vote,
instead of the one percent
he actually received.
Moderate Petro Poroshenko,
the actual winner with
a majority of the vote,
would've been placed
in second with 29 percent.
That evening, Russian Channel
One aired a bulletin declaring
Mr. Yarosh the winner, quoting
these exact percentages.
We are more vulnerable
to this kind of subtle,
hard-to-attribute attack
than we are to tanks,
airplanes, and ships.
And we need to shift
the mentality away from,
"The Internet is secure,
"and no one is able to tamper
with the American election system,"
to the reality that was
demonstrated in 2016.
We're in 2016. We just
assumed we're the big dog,
and no one's gonna mess
with the big dog on the porch.
That's not true of the Russians.
So, this is the land border
between Finland and Russia.
This border is very closely
monitored and guarded.
We don't know what is on the Russian side.
We only know what is on Finnish side.
Finnish side has a constant
electronic surveillance
to make certain that anything
crossing the border will be detected
and will be intercepted by the
border guards, who are always on duty.
The borderline between Finland and Russia
was altered in Second World War,
where large portions of the land
was lost to Russia, so
Soviet Union back in those days.
So, we do have a long-lasting distrust
to our neighbors, and really,
the political climate
where we are right now, it's...
we are in a new Cold War,
in a very real sense.
Yeah, that was a mainframe computer.
That's actually,
I think, this is Honeywell.
It's kind of funny to see the old...
big tape... mass storage units.
Actually, the first thing here is...
"Harri, 15 years old,
"is programming enterprise...
computer systems."
And here's my software,
which was used in, uh,
new... developing
new treatments for cancer
and "Leukemia: A New Hope."
Two different medical systems,
which I helped to build.
Another one is a blood analysis.
Another one is imaging, heart
imaging system, with visible...
Simon Ardizzone:
Uh, 13...
No, I was younger, 12.
Three years old.
Hmm. I don't know if I want it, but...
So, this is the...
third-highest medal which can be given
by the military to a civilian.
- Given for me.
- What was it given for, Harri?
- Writing software.
- Must've been pretty good software to get a medal.
Yep. Pretty good software.
'Cause those are not floating around.
- Can you tell us what the software did?
- No.
It's for general service.
If the endgame of the Russians
in the last US presidential elections was
to make United States weaker,
they absolutely did that.
A divided nation is a weaker nation.
We've been tracking
Russian cyber operations
for 15 years, and it's remarkable how...
how good they are in this,
and how, how, how
brazen they are.
They're actually not worried
about getting caught,
and that's, that's, that's remarkable.
'Cause I remember the first
white papers we released
about their targets in Central Europe,
or in Poland, or in Ukraine,
and we thought we had
a really explosive report.
We were publishing their, their servers,
their IP ranges, their
encryption keys, everything.
And then we put it out, we
put out the PDF, on our website,
we get thousands of downloads
from all over the world.
Now we're watching like,
how are they gonna react?
What are they gonna do?
Are they gonna stop everything?
They did nothing. The next day,
they continue with the same operations,
same IP addresses, same encryption
keys, same pieces of malware.
They just didn't care, and
that's the only evidence you need
that these are governmental operations.
They're not worried about getting caught.
They're not worried about
getting police at their doors.
Police won't come to their doors
because they are
the government themselves.
Well, actually, they probably
are building it into the model.
That's part of the thing, they
are expecting to be caught,
and it's on your face, it's a power play.
It's like, "See what
I can do? I don't care!"
I hate the way you think, Harri.
I hate the way you think!
Well, you know, I think
like the bad person.
- Yes!
- That's... That's what I do.
Right, right, right.
My name is Thomas Hicks and I'm chairman
of the United States Election
Assistance Commission, or EAC.
What is important in identifying
in today's hearing is that
the complexity of our
American election assistance...
System both deters attacks
and allows election officials to ensure
the integrity of the election
in the event of an attack.
So, you've got a couple
of systems that are here
in the election structure that
most Americans don't know about.
They know about where they go
to vote and their polling place.
They don't know the system
from their polling place
to their state or their county
and how that gets counted,
or even something called the
election assistance commission,
which is an advisory commission
to be able to help everyone
in their elections.
First and foremost, I am here
to communicate one message, that
message is that our elections are secure.
They are secure because the
American Election Administration system
inherently protects them.
Andrei Barysevich:
On forums, you can find
compromised credentials.
You can find malware.
You can find partners
for cash-out operations,
and this is where Rasputin
was attempting to sell his information.
Barysevich:
Yeah.
Well, this is very interesting.
EAC is acting
as the ultimate clearing house
of all the information for
best practices, for testing.
Also, they have a lot of information
which systems are deployed and where.
Hart InterCivic, Dominion,
ES&S.
You basically have way over 80 percent
of all the system
which is on the first page.
So, for anyone who is
wanting to do illegal acts,
this gives you one-stop shop
all the information you need
to plan your attack campaign.
- It's a very horrible scenario.
- Yeah.
- "Daniel Brandes."
- Yeah, stolen credentials.
Some guy whose credentials got stolen.
My name was on that
screenshot, but it could've been anybody.
To this day, I still don't know
why they chose me.
But it was quite a shock.
Maybe I was on Rasputin's hack
because I was the new guy,
and he wanted to exploit the new guy
'cause that would be
the path of least resistance.
What Rasputin did was
he went to the login page,
and where you put your username in,
he had put his exploit code in there,
and then he had full
access to the database.
Barysevich:
There's very recent dates.
We are talking here
September 2016,
- October...
- October to November 2016,
so this is very recent.
They can do whatever
they want to that database.
And now, the database
and the server were separate,
so now if you have access to the database,
then you can get into the server.
And the proprietary information was not
on the database, it was on the server.
Barysevich:
One of the document archives
was the test reports
of voting machines, and these reports
have a list of file names.
One could argue that file
name list is not valuable,
but for attacker,
it is extremely valuable.
Now you know of third-party libraries.
You know open-source software.
You learn a lot.
Rasputin, to this day,
could still have that information.
I mean, if he copied them all,
he probably still has all that
very sensitive information
that he could end up selling still.
As soon as we
learned the full extent of his hack,
we knew that it was
tremendously important.
And I spent all night long talking to him
and waiting for law enforcement
to get back to us in the morning.
And then you learn where
a state has vulnerability
by hacking into the EAC.
So, if someone gets into the EAC,
there may be communication
from one state saying,
"Hey, we're having a problem
with a certain county."
They now know where the weak link is,
and they can try to
reach in that weak link.
So, it's a long system,
but for a persistent actor,
especially for a foreign
government who has the finances
and the capability to be
able to be persistent in it,
this is a way to do it.
We have three main election vendors
that are running the election machinery
that run our democracy in this country.
Dominion, ES&S, and Hart.
We're very concerned
because there's only three companies.
You could easily hack into them.
It makes it seem like
all these states are doing
different things, but, in fact, three
companies are controlling this.
We don't know anything about
how they organize themselves and how
their software works
because it's all proprietary.
The degree to which
the voting machine companies
will say, "We got this,"
that's almost always
a warning sign for anybody
in the cybersecurity business, because...
um, unless they are really, truly skilled,
and have been doing cybersecurity
as their main business for a long time,
they usually don't got this.
Unlike Microsoft, who's
actually very transparent
about their security issues,
and they have hackers
routinely come in and hack them,
and then they make their vulnerabilities
public information, in most cases,
the voting machine vendors
are the opposite of that.
You know, one of the things
me and my teammates
here at ES&S talk about frequently
is we really wish we had the opportunity
for all of you, our customers,
to come visit us here in Omaha,
and see what we do live and in action.
Those companies will
give lip service to cybersecurity,
but when cybersecurity
experts come in and say,
"We would like to talk to you about this,"
or "We would like to see
how you are handling this,"
they are actually very, very negative.
What I've found, especially
in the voting system arena,
is that security is not
really taken very seriously.
We posted a testing plan
with the California
Secretary of State's office,
saying we were gonna do X, Y, and Z,
and they approved that plan, and so,
we started that plan of testing.
Voting on the
DS-200 is as easy as 1, 2, 3.
The DS-200 digital scanner
is a simple-to-use...
And what we
found is, just it's staggering.
There were multiple vulnerabilities
that could allow an attacker to get
the highest level of privilege
or the highest level of rights,
and then gain remote
access into the system,
and do what you wanna do, whether it's
change an election
or shut the system down.
Our dedication is to
the absolute highest standards
of accuracy, security, and reliability.
We believe in honesty,
commitment, trust, and respect.
And when ES&S discovered
that we were not using their testing plan,
they were appalled.
When we used our own testing plan
and found these vulnerabilities,
they pretty much told us
that they had their own team
and that they were not interested.
The fact that we have vendors that say,
"You cannot look at our code,"
is the first problem.
In 2014, we evaluated
Dominion's Democracy Suite.
We're on the forefront
of really something that
is gonna be accessible,
it's gonna be cost-effective,
and it's gonna be efficient.
We'd found a number of vulnerabilities.
The same thing with ES&S,
we found multiple,
um, operating system patches missing.
And, essentially, what that means
is an attacker can inject
code into that system,
execute that with a possibility of
receiving some sort of control.
If I can get on that system,
if I can get access
to the database, and if I can
change the elections,
change an election for a city,
for a county, for a state, however.
How can a vendor sell a voting system
with this many vulnerabilities?
And I just can't find a straight answer.
What's happened over the last
couple years is, obviously,
there's been a revolution
in the kind of devices
that you can get off the shelf,
and it's really allowed us to,
again, to focus on
the actual election software
that we're loading up on these
off-the-shelf components.
A lot of developers today developing
applications, which are critical,
don't really know what they are doing.
And they are simply picking up
a ready-made box,
and building the application
by using these blocks,
and not that careful.
Because people are only
looking, "Is it functional?"
And I think that's
probably one of the issues
that the vendors are having is
that they don't know what
they have in those systems.
They don't know what
code is in those systems.
They just make it work, and they sell it.
We should know every single line of code
that is in that software.
We should know every bit and byte
that goes across the lines
in that hardware,
and we should be able to validate that.
We should have procedures to validate
that everything that we're doing
is the right way of doing things.
In a half mile, continue onto 14 East.
There is a gentleman
who is on eBay selling
AccuVote TSX voting machine,
and that is a voting machine
system used here in Ohio.
Well, it will be interesting to see
what is the story behind this,
why these are $79 each.
It's gonna be very interesting
to learn what's going on here.
Yeah, I used to grow up
in places like this.
Building stuff from salvaged electronics.
The smell of old.
Actually condensators.
Oh wow.
Look at that.
That's a lot more than I was expecting.
Oh my God.
The AccuVote TSX is
one of the most popular voting
machines in the United States.
It's a direct-recording
electronic machine.
It's an extremely vulnerable machine.
It's also a very old machine,
and yet, it's still being
used all over the country.
I was contacted by the insurance company
that did the buyout.
I had not...
printed off and looked at all
of them when the last time
it was in service. I just know...
in 2002 is when they put them in service,
and they turned around...
- Well, let's take a look.
- That's when you get all those touch screens,
right after the 2000 election.
So, 2011...
- Oh yeah. Oh wow.
- 2012...
Looks like this has been last time used in
June, July 2013.
That's the newer one.
That's the one which
the vendor claims to be secure.
200...
20...
- And five.
- All righty.
- Thank you, sir.
- Thank you.
So, do you sell these
anywhere in the world?
I don't right now, but I would have
absolutely no problem in doing that.
You know, I'm a recycle center.
I get them in,
it doesn't matter to me
where they came from.
I'm just gonna try to make
a dime on them or recycle them,
one way or the other.
The common defense that why the systems
are unhackable in the election world
has always been that the bad people
will have no access to the machines.
We have 1,200 machines,
auctioned on eBay.
This takes away that argument.
Anyone who has any kind of motivation,
and $75 in their pocket,
can now get access to the machine,
as many machines as they need,
and fine-tune their attacks.
There is a term called
"asymmetrical warfare,"
applies to a whole series of tactics
which are very inexpensive to produce,
which have an outsized impact.
And unfortunately,
the Internet is a perfect asymmetric tool.
From what we've
determined, no voting machines
are connected to the Internet.
Voting machines themselves are
not connected to the Internet.
They are non-network pieces of hardware
that do not connect to the Internet.
The devices are not
connected to the Internet.
Those things are not
connected to the Internet.
Not connected to the Internet,
and, therefore, cannot be attacked.
None of them are
connected to the Internet,
and so, there will not be
any sort of Internet hack
or Internet incidents.
All right, Maggie, probably
best if you take this down...
Okay.
Every single system we have,
there is a place where
it touches Internet.
There's nothing anymore
in our world, really,
which doesn't touch
Internet one way or another.
It might be indirect,
it might be infrequent,
but it's always there.
All right.
Oh!
It wants to go to Internet.
That's very nice of it.
The fact that it's the first option
it's offering is kind of interesting.
A commonly used argument
that these machines are safe from hacking
because they are never
connected to Internet.
It immediately asked, do I want to connect
to the local area network.
Local area network can always
be connected to Internet,
so the reality here is once you are
connected to network, you don't
know where the network is.
What else is connected to the Internet?
That is the problem of the network.
Election offices
think that connected to Internet
is dangerous only when
it's within an election cycle.
Actually, in many cases,
it has been found that barriers are
lowered between the election cycles.
Malware can infect machines
between the cycles and stay dormant,
waiting for the right time to activate.
It's very, very easy
to write a software piece
in this machine which will
silently change the votes
as they come and go,
and it will wipe itself clean
and there will be no
evidence on the machine
that it ever existed.
I think over the last 10 years,
people have gotten really adept now
at going to an unknown piece of hardware
and taking it apart
and figuring out how it works.
So, that's why when
I hear these stories that,
"As far as we can tell, the machines
have not been tampered with."
It's like, yeah, but it's
a pretty simple machine.
It wouldn't be hard to remove the traces.
In a half mile,
continue onto Michigan 14 East.
Maybe
Harri takes it a little bit personally
when people do stupid
things with technology.
I do in a little way, but maybe
not as much as Harri does.
I think I first met Harri
probably back in about 2007.
We went to Estonia together,
and highlighted all of
these terrible problems
with their Internet voting system.
When we were in Estonia, Harri went out
drinking with the security supervisor
for the Estonia voting system,
who was Russian.
And he told us that after each of them
had finished a full bottle of vodka, um,
he drank the root password
to the Estonia voting servers
out of their chief of security.
That's what Harri claims!
- How you doing?
- HalderHow are you?
- Good to see you, sir!
- Long time!
- Great to see you! This is Matt.
- Hi, Matt.
- Nice to meet you.
- Yeah, I've seen you a number of times,
- but only on a screen.
- HalderWow! Look at this.
Yeah, that was one hell of a warehouse.
Looks like a TSX.
75 bucks. Take as many as we want.
All right, let's plug it in and
turn it on and see what happens.
And... Aha!
"Ballot station secure
touchscreen voting terminal."
What do you think the security pin is?
I don't know. I mean, it used to be 1-1-1,
but I know they upgraded to 1-1-1-1-1-1.
I'm sorry. That was not a joke.
Well, these are not tight at all.
No.
That's... There you go.
This is the slot that
can sometimes be used
for a modem, right?
Not only modem.
There's a telephone jack here,
but this also can have
an Ethernet network card.
Ah, yes.
And the other thing
which is interesting is
the SD slot,
which not only can have
an additional memory card,
but also, it can be used for wireless.
Oh, I forgot about this.
Yeah, there's an SD slot.
You showed years ago
how just putting in a card
with a special file name could rewrite
all the software in the machine,
make it do whatever you want.
I mean, there are no two ways about it.
This is architecturally not
a safe way to cast votes, and, boy,
I'm worried now more than ever
about nation-state attackers,
about real state-level
attacks on these machines.
That's true, however, I still think that
the one problem with the
nation-state attacks being talk
is that it gives you
a false sense of security,
that the lone wolf and smaller guy
cannot do it themselves, too.
Everything we discovered, how easy it is
or hackable for lone wolf,
is still true, too.
Just look at this motherboard.
There's so many different
wires connecting to it.
Each of these is a different
type of input or output device.
These machines want to be
talking to other devices.
They're built for it, and, um,
that's what magnifies
the threat because, ultimately,
just hacking one machine,
coming up to one,
opening it up, resoldering it,
that's not an attack that will scale.
But the thing that will scale
is piggybacking on the data
that's being copied into the machines.
That's what's going to allow
an attacker to upset
an election across an entire county,
an entire state, an entire country.
Here, I have a set of tools
that I've built for
vote-stealing software,
and it can piggyback
on the normal pre-election processes...
- to get to every voting machine.
- Yep.
You also have here the actual
- software driving the printer.
- HalderRight.
It completely controls
the paper summary tapes,
the things it prints at the end
of elections that have the totals.
So, an attacker can program the machine
to print out whatever they want
even to just completely
disregard the election results.
And then the code to run the machine
and the printer gets delivered
to every voting machine along
with the ballot programming.
What is your estimation,
how many hours it took...
- for you to create a tool set?
- Oh, this was just
part-time over a couple of months.
Certainly more than,
I think, people could do
in a long weekend, but not something that
- requires nation-state level effort either.
- Mm-hmm, mm-hmm.
Let's go.
Hello,
everybody! Welcome to the voting village!
We have a variety of voting machines
available here. One of
the reasons we're doing this
is to broaden the community of people
who are gonna be experts in how
voting machines work.
- Harri, do you wanna say a few words?
- Yes.
Every voting machine
in this room is in use
in next elections, every single one,
every single model is
a model still in use.
We are actually asking your help
because we don't know
much about those devices.
Basically, the idea
here is all the machines
are there to be tested, to be used.
You can open it. Don't break all of them,
but if something breaks, that's fine.
They are bought from eBay,
and they do have the previous election in.
If you see something, say something!
Tell what you found!
Every discovery, every
information you have,
please let them know,
so that we can inform people
what you have discovered
and what you have found.
We are here to help,
so that you can have fun
and explore and discover
new things. Thank you.
Thank you.
So, at Def Con, we're
always a really open conference.
We knew, even though we were some,
you know, sketchy hackers,
the manufacturers were gonna
wanna know what's going on.
So, instead of creating
an adversarial relationship,
we know you're gonna try to be
there, let's just invite you.
We're doing this thing,
you might not like it,
but come and participate.
Tell us why we're wrong.
Bring your latest equipment
if we're testing the wrong equipment.
Get some free consulting. I mean,
you've got some of
the world's best hackers.
Maybe this is a free test.
Maybe you can get some advice out of it.
And nobody took us up on the offer.
This is the first time we
have a public to be able to
experience and take a look
into the critical spot, which has been
little bit hiding in the shadow
in all the previous election
and voting machine security studies.
Finally, for the first time, non-experts,
non-having signed a non-disclosure
agreement researchers
are having a chance to see
what these machines are
like, how incredibly,
trivially vulnerable they are.
And what effect this is gonna have
on their democracy if
they don't get involved.
Trying to see if there's
any obvious storage on here.
This is a Diebold
voter registration machine,
and its purpose
is to just hold voter registration data,
like names, addresses,
social security numbers,
lots of scary stuff.
And the database is stored on these cards.
'Cause one of the things that
you can do with these machines
is install your own malware
on whatever the memory media is.
That will go back
and infect the...
back end, vote tabulating,
and next year's ballot design
systems for years to come
because the software doesn't get upgraded.
Your malware could stay there forever
and no one would know it was there.
Hackers are a wonderful resource.
We make significant discoveries.
So, I could put a program on there
- that just modifies the count.
- Yes.
We are here only three days a year.
The real adversaries, they run it
24/7 with massive funding.
Use the display command, it will
fill this screen with
whatever you tell it to.
If you don't believe
that there is this kind of room
in Russia, running 24/7,
you are kidding yourself.
We have access.
We have access to the machine.
Here is Microsoft Windows XP.
And I'm demonstrating how you can,
remotely from this laptop,
gain complete control
of the voting machine.
I'm doing it right now.
This is the prompt of the voting machine.
We are in. We have made it!
- Here is the directory, which is called "reports."
- Yeah.
Sarah Teale:
- He wirelessly got into the machine.
- Yes.
So, I'm connected to the machine,
but I think I can take control
of the screen of the machine.
And so, what you can see now, if it works,
it actually kind of shows me...
- this screen, Windows XP!
- Oh my God.
I can turn the machine off from
here as well, if I want to.
Okay.
Now, I can exit the machine, and
you know what's gonna happen?
I am turning off the machine for them.
They're gonna be very surprised.
Do you want to exit the machine?
Now it's disconnected,
and now let's see...
- what their faces look like.
- Oh shit.
- Oh! Oh! Okay!
- I don't know what just happened.
It switched to
an administrator login screen,
and then it went off,
and we're like, "What happened?"
Because we were trying
all the different smart cards
to see if one of them
actually did anything.
That's awesome.
And you can do all this all automatically.
You can actually have a machine,
a car that drives by the voting places
and updates all of the votes,
and because there's no paper evidence,
the machine will actually, um...
You will never, ever notice
that this actually happened.
This vulnerability is so trivial,
the tools are so widely known,
it would be easy to imagine
that somebody will hack the machine
from the parking lot with never
seeing the voting machine.
What happens is attacks only get easier.
So maybe, it was a super
sophisticated attack
in 2016.
By 2020, or 2022,
it's only average, right?
We gotta stay one step ahead of this.
If it was the Russians
yesterday, who is it tomorrow?
Is it an organized crime group?
Is it a political action group?
Is it an environmental rights group?
"Oh yeah, you can't swing
the presidential election
because you'd have to tamper
with too many precincts."
Well, okay, what if I'm just
tampering with my local precinct
'cause I just wanna get my guy in?
What if the skills
become so widespread that you can do this
on a county or state level?
Then what? Maybe getting
your governor is almost
as important to you as
getting the president,
depending upon what your issue is. So,
I don't wanna get so
spun up that it's like
an all or nothing federal thing.
It's an everything thing!
I feel like we are in terrible danger
of losing what it means to be a democracy.
If elections can be altered subtly,
they can be altered in
a way that is undetectable,
how does one trust
the results of their election?
And a democracy functions on trust.
Without that trust,
things descend into chaos and anarchy.
Those of us who know how vulnerable, um,
the voting systems are in these elections
are terribly afraid right now.
Brian Kemp is running for governor
at a moment in time when he was
also overseeing the elections
in Georgia, i.e., he was
overseeing his own election.
Secretary of State Brian Kemp...
The race between
Brian Kemp and Stacey Abrams,
- which is too close to call...
- An historic race...
Locked in a tight race.
It couldn't be any tighter.
This is a battle for
the soul of our state, y'all.
I got a big truck,
just in case I need to round up
criminal illegals
and take 'em home myself.
Yep, I just said that.
I'm Stacey Abrams
and I'm running for governor,
because where you come from
shouldn't determine
how far you can go.
The canary in the coal mine is Georgia.
Georgia is
in this situation where
every single person in Georgia
who votes, votes on the same
kind of machine, the AccuVote,
which is, as we know,
an extremely insecure machine
that can be easily, easily hacked,
and yet, it's still being used.
With his family in tow, Brian Kemp
voted today at the historic
Winterville Train Depot.
Like most Georgians, he was voting on
a machine using 16-year-old technology.
After a first try in the voting booth,
he came back holding
the yellow voting card
he'd been given and told
the poll worker...
It said this is an invalid card.
Okay, you go back
in there, I'll redo it for you.
Kemp fought
against efforts earlier this year
to replace the machines,
saying a last-minute change
to paper ballots would create chaos.
Chaos, which he now says,
has been avoided.
Are you concerned
about the reports of problems
- people are having?
- No, not at all.
Today, been a great,
really, a smooth election.
This is a look at
lines inside Annistown Elementary
in Gwinnett County, where some
machines were not even working.
There were some major problems
here at this Gwinnett County polling place.
Those voting machines,
that you see right over there,
stopped working earlier this morning.
Some were here for three hours,
others here for much longer.
I wanted to come in, do my voting,
and get out, and that didn't happen today.
Some people were here for five hours.
By the way, this is the second
largest county in the state.
It's also a Democratic stronghold.
What time do polls close tonight?
It's supposed to close at seven,
but we've received 25-minute extension,
- but that's not enough.
- Yeah.
We're still fighting to get a full hour.
There's a saying in Georgia
that, "As goes Gwinnett County,"
which is this county...
- Yeah.
- "...so goes the governorship."
The secretary of state,
- who's also a candidate...
- Mm-hmm.
Is telling everybody that these
machines are not hackable.
- Mm-hmm.
- That they are safe.
I don't know if you knew, but I
hacked that machine which is used here.
Okay, call the police.
No, that was long time ago.
2006, I showed how that
machine can be hacked.
And then they are
here today, telling us...
- Yeah, 12 years later.
- It's not hackable.
Twelve years later, that same machine
still in use, and it's still hackable.
Poll worker:
- Have you all had an interesting day so far?
- How's your day been?
- Busy.
- Hi, Harri. Nice to see you.
- Likewise, likewise.
- Hi, Harri.
So, the cards aren't working.
That's what they tell.
- Which shouldn't be possible, right?
- I mean, that's weird.
Excuse me.
Let's see...
Yeah, so...
Generally, I'm looking for...
voters who insert their card
into the machine, and it fails
to work. So like, right now,
that guy's having issues,
so we should head him off,
talk to him a bit.
Excuse me, were you
having issues just now?
Oh, I see.
Yeah, so you did change
your driver's license...
Oh, for real?
Yeah.
Do you know what the
error message was on that screen?
It was a warning. I don't
remember exactly what it said.
- It was a warning, error warning.
- Okay, but it was just having
- trouble writing to the card?
- It wouldn't write to any of the cards.
We had 24 cards... I need
your driver's license, too.
And none of them would work.
Okay. It just said
it was something saying,
"card is inserted incorrectly"
or "unable to write to card."
- Was that on a TS?
- Yes, they were all TS's.
I mean, this whole thing is bizarre.
I heard this same thing happen in
- a number of precincts, and not only here.
- Yeah. Sounds like
there's another precinct, like, two miles
down the road that had the same issue.
Was there no control?
Didn't they test this?
How it's possible that you ship
up something which fails on arrival?
It would be acceptable if you
had one or two cards fail.
- Sure.
- So, you would have to cook the whole bag of cards
in order to get that
kind of failure, right?
Well, I don't know
- what could have been going wrong.
- We put them in microwaves,
and you could do that.
- Yeah.
- Yeah, that's true.
But I think you're right. One at a time,
you get random failures on the cards.
- But where did it come from?
- Through ElectionNet.
Secretary of State's office. Yeah.
Oh, okay.
That four-hour line here...
it shouldn't work that way.
Stacey Abrams lost. Brian Kemp won.
And Brian Kemp then took
the lobbyist for ES&S
as his chief of staff.
So, there is a huge battle
that will probably be lost in Georgia
over using ballot marking devices
rather than voter-marked,
hand-marked paper ballots.
This is really gonna be a catastrophe.
It's far more expensive than
hand-marked paper ballots.
It is a vehicle for disenfranchisement
in a number of different ways.
Other than feeding corporate profits
and making it easier to
manipulate election outcomes,
I don't really see the point.
That's what I was thinking immediately.
All right, let's go play.
- All right.
- The Richmond-San Rafael Bridge and the Golden Gate Bridge,
and in a second, we'll see
the San Francisco Bay Bridge.
The fundamental problem
with electronic voting technology is
the evidence that it produces
about who actually won.
Most of them don't produce
really convincing evidence,
and the best technology for
voter verifiability is
hand-marked paper ballots.
We need a trustworthy paper trail.
In about 2007, I came up
with the idea of risk-limiting audits,
which are a way of providing
statistical evidence that
the outcome is correct,
or having a large chance of correcting
the outcome if it isn't correct.
So, risk-limiting audits,
there's a lot of misconceptions.
Everybody agrees that's the way forward,
but there's so much misconceptions.
The risk-limiting audit
relies on a paper trail.
You don't have paper,
then you can't do one.
It's easy to do a risk-limiting audit.
You just do a hand count
of everything. Done.
The subtlety is how to limit the risk
- and keep the workload down.
- Right, right.
The procedure is you
start looking at paper,
and you keep looking
at paper until you have
convincing evidence that
looking at all of it
wouldn't change the result.
So, you can think of it as, um,
an intelligent, incremental recount
that stops as soon as it's
clear that it's pointless.
And if it never becomes
clear that it's pointless,
it just keeps going until
you've looked at all the paper.
The key is that sample
you choose is random.
So, that's what lets you, uh,
protect against any kind of
error problem whatsoever,
whether it's a malicious opponent,
or a random machine failure,
or a bug, or whatever it is,
by looking at it randomly,
you can guarantee
- a big chance of catching it.
- Right.
It's a check on the tabulation in a way
that is economical and efficient
and accomplishes the minimum standard
of verifying that the votes
were tabulated accurately enough
to tell who really won.
Good to be here, hello.
In Georgia, we ended up seeing
the strangest thing.
In a heavily Democratic
precinct, there was one machine
out of a seven-machine precinct
- that showed heavy Republican wins...
- Mm-hmm.
While the precinct itself,
and all of the other machines,
were showing heavy Democratic wins.
- Mm-hmm.
- And it made us go,
"Wait a minute.
Something's weird about this.
How could this happen?"
Just on the one machine out of seven?
The other six showed a Democratic majority
- in every statewide contest?
- Right, right.
And in Georgia,
and in a lot of other states,
when the machines are printing tapes
at seven o'clock at night
when the polls close,
it is a law that for
purposes of transparency,
that those tapes, one from every machine,
be posted at the door, and so,
like here, here's a photograph...
It was just an end of the day dump
of what was in the memory onto paper.
So, it's just the final tally according to
- its internal software, according to that machine.
- Right. Right.
And this particular tape
is the one that got all
of the Republican votes.
It got substantially more
votes for Brian Kemp,
the Republican, than
Stacey Abrams, the Democrat,
and this was true all
the way down the ballot.
The Republican wins every single race
- on this one machine.
- Mm-hmm.
Something had to happen
to cause one machine
to have such different
results than its neighbors.
I called Philip and said,
"Is this important? Is this
as odd as it looks to me?"
So he went to work on it
with his magic statistics.
And the magic grad student, yes.
So, what we did was
simulate this process,
run it over and over again,
saying if we had this
many Democratic voters
and this many Republican voters
in our precinct,
and we assigned them
at random to machines,
how likely is it that we'd get
a Republican majority
as great as what we saw
on machine three?
So we did this probably 10,000 times,
and it was an astronomically small chance.
Less than one in a million.
Georgia is buying new
election machines for the whole state
to replace the AccuVote voting machines
that we know are insecure,
and they are replacing
them with another set
of machines that are also insecure
because they use bar codes,
and bar codes can be hacked.
The model that is their
favorite choice right now
is the Dominion ImageCast.
The ImageCast X will not permit the voter
to over-vote a contest, to change...
What this does is
it's a touchscreen machine.
The voter enters their vote,
and what is spit out is a paper ballot,
and their votes are encoded as bar codes.
The vote itself is in that bar code.
No humans I know can
read bar code very well.
And it's that vote
that is then put into
a scanner and counted.
It is, again, putting a computer
between the voter and his ballot.
Putting a computer between
a voter and his ballot
is going to make sure that
you don't have an auditable,
reliable election.
So, even though
the election officials in
Georgia are paying lip service
to the fact they now have a paper trail,
they are creating a paper
trail that, in fact,
can't actually be audited.
Paper ballots and risk-limiting audits
are the unanimous... I can't find
a single expert in the field,
who believes that you can get this fixed
without those two basic requirements.
And the only way you get anything done
in the Senate right now
is if it's bipartisan.
The way the filibuster rules work,
you have to work across the aisle.
The Secure Elections Act is
a bipartisan effort to be able
to try to address what were the
problems that we already see.
There are vulnerabilities in our system
that we should pay attention to.
Some are dramatic,
like actually changing votes.
Some are subtle,
like just trying to alter
a formula in a website
and making that vulnerable so that people
can't trust the results that they got.
The Russians did this last time in 2016.
It could be the North Koreans next time.
It could be a domestic hacktivist group
that just decides they're mad
and they wanna be able
to create some chaos.
It doesn't have to be a foreign actor.
Voting machines that do
not produce a paper trail.
The only record of the votes
cast is a digital record,
which could be hacked
and which is impossible
to audit reliably.
That strikes me as a prescription
for disaster.
The most important things
are to make sure we have
votes recorded on paper...
paper ballots, which just...
cannot be changed in a cyber attack.
How would you do a non-paper audit?
Senator, I think it would be
basically impossible.
When you and your colleagues
hacked election systems,
did you get caught?
- Um...
- Did they see your intrusion into their systems?
The one instance when
I was invited to hack a real voting system
while people were watching
was in Washington, DC, in 2010,
and in that instance,
it took less than 48 hours
for us to change all the votes,
and we were not caught.
There's a number of bills that
are pending before Congress,
and I think some of them
before this committee,
on the subject of election integrity.
Mr. Chairman, are we going to
be marking up any of those bills
on election security?
At this point, I don't see any likelihood
that those bills would get to
the floor if we mark them up.
Why?
Same reason we couldn't
get our bill to the floor last year.
Which is?
I think the majority leader
just is of the view that
this debate reaches no conclusion.
It's very important that
we maintain the integrity
and the security of our
elections in our country.
Any Washington involvement in that task
needs to be undertaken
with extreme care...
extreme care, and on a thoroughly
bipartisan basis.
Leader McConnell
has not brought a single piece of
election security
legislation to the floor,
even though the president's
own security team
has said that we're in jeopardy.
We were not able to get
the bill out of committee.
We were not able to
actually have a vote on it.
Because, I assure you, if we
had a vote on this legislation,
whether it's at committee
or on the floor of the Senate,
it would pass overwhelmingly.
I don't see how they explain
not passing a bill to protect
our election equipment.
The White House, just
as we were on the verge
of getting a mark up
in the rules committee,
getting it to the floor, where I think
we would get the vast
majority of senators,
the White House made calls to stop this.
Were you aware of that?
- No.
- Okay, well that happened.
There are plenty of Republicans
in the House and the Senate
who are deeply concerned about this,
deeply, deeply concerned
about it, as they should be,
as we all should be.
This is not a partisan issue.
Everyone should care about this,
whoever they vote for, everybody.
And you've gotta believe at some point,
it's something bad is going on,
that people don't wanna pass it.
I don't remember the
specific person that referred me to you,
but I do remember that
you were named
by one of my sources as a very credible
cybersecurity expert, um,
and I'm trying to remember...
I think it was like
I emailed someone else,
and they were like, "You
should talk to Harri Hursti, not me.
I'm busy."
So, this all started
around the 2016 election.
This is a pretty interesting
and important-seeming thing.
We kept reading a series of
national reports about various
named and unnamed state election systems
or websites that were
compromised or hacked,
and my immediate question was:
Is there any affiliation
here with the Russians
and the Russian actors
that have been identified
as being involved in the other hacks?
So, I'll play this tape of the...
state elections director.
Josie Bahnke:
Last week, I had a secure briefing
with the FBI and DHS.
We know that they were
able to look at our website,
but there was no breach,
I guess, essentially.
Is there any sense that they
tried to actually, like, access anything?
No. They wiggled on the door and moved on.
Wiggled on the door,
meaning they literally
looked at the website,
it's not like they tried
to input credentials or...
Yes, and there was an IP address.
I think that's the...
that's the gist of it.
We got some information that
seemed to indicate, pretty clearly,
that there was more to the story here,
and based on that,
we formulated a Freedom
of Information Act request,
just sort of sent it off, and...
How long after election
you FOIA'd these documents?
More than a year.
And then we got this
whole package of documents.
Really interesting here when
you start looking what they explain.
The Alaska system was compromised,
but it was compromised by
a completely different actor,
the bad actor is named CyberZeist.
And, you know, sort of
linked to a Twitter account
that has a sort of past history
of hacking other figures.
Uh, they talked about how
the attacker had originated
from what appeared to be the IP
address of a power plant in India.
State officials had had
to report to the FBI,
and there was more than officials here
had originally led Alaskans to believe.
To me, if this is the whole documentation,
then there was never
a proper, uh, investigation.
Uh, they didn't take this seriously.
This was quickly brushed over,
saying, okay, it's contained,
so, this is the whole problem,
and we cleaned the whole
problem, it's all fine.
And nothing to see here,
we were not hacked.
They are making a claim here
that the attacker
got access to the file system,
and they sort of, kind of leave it there.
If you have that kind of
access to file system,
you can simply replace files
and gain control of the system.
Security researchers like
myself, this tells that...
Whether they believe what they
say themselves doesn't matter.
This tells that the truth is likely to be
way worse than what they're saying,
clearly worse than this explanation.
There was no containment in effect.
CyberZeist:
What I take of this...
is that... he got into that one place,
and then, he deployed a tool,
which he doesn't want to disc...
He doesn't want to disclose that tool.
That tool took him, all of a sudden,
to a completely different place.
And because he wants
to use that tool later,
he doesn't want to give any hint,
um... how that jump happened.
But omission of that information
is not making him less credible,
because he could have made
a bullshit story and he didn't.
CyberZeist:
If you use a standardized...
"standardized" criminal tools,
all of this can be carried
out almost effortlessly.
So, this also brings back
the question, why Alaska?
Is Alaska the ultimate target,
or is Alaska just an intermediate step
towards something else?
You have to think about what are
the threat actors' real motivations.
Everything else is tools,
tactics, technology... irrelevant.
What you are really going after
is the mind of your adversary.
And the mind, in some cases a visual mind,
sometimes a collective
mind of the society.
When a sufficiently large group
of members of society don't
anymore believe in the society,
and that's where the collapse starts.
It's called kill chain.
Kill chain is a 2,000-year-old concept,
which can be used in
any kind of operation,
whether it is military or organized crime
or some other activity.
And in kill chain, you move,
step-by-step,
towards your ultimate target.
First, you gather intelligence.
What is the landscape?
After that, you analyze the intelligence,
and now, you're asking
yourself the question,
"Who are the possible targets?"
After that, it's weaponization.
So, now you know against
whom you are going,
what tools you are using.
I think the most important
part of the kill chain
is the paralyzation of your adversaries.
And when the governments cannot
assess the situation,
take an action and correct it,
that's when a paralyzation happens.
That's really when you finish the target.
The chain will go on
until you break a link.
Stopping them while maintaining
and remain true to your values,
that is the tricky part.
I've told voters before to be
careful what you vote on.
Um, if you cannot validate it,
if you cannot verify it
right in front of you, then
you shouldn't be voting on it,
and you should be asking
for a paper ballot.
Use paper ballots.
We can use an optical scanner
to scan the paper ballots.
If it turns out that
an optical scanner,
which is also a computer,
has been corrupted in some way
or hacked in some way,
then we've got these paper
ballots we can go back to
and count them by hand.
Whether it's Vladimir Putin
or Harri Hursti
who's attacking the machines,
the only surefire way to know
whether the machines are telling the truth
about the election results
is to do an audit, to look at the paper,
and to make sure that what's on that paper
matches the results that
the computers are saying.
Voting is about our capability
to change the way the government works
by changing the people
who make the decisions,
and have a peaceful transfer of power
when the people have made that choice.
If you don't have that,
then the alternatives are revolutions.
The problem is once you
understand how everything works,
you understand how fragile everything is,
and how easy it is to... lose this all.
Do you have any doubt
that Russia attempted to interfere
- in the 2016 elections?
- None.
In 2016, we know that Russian actors
targeted state election systems.
Has the department conducted any kind of
post-election forensics
on the voting machines
that were used in 2016?
Our department has not conducted forensics
on specific voting machines.
I think it had no bearing on the election.
We have no evidence
that votes were changed.
No actual votes were changed.
I keep hearing that
the system is unhackable.
Bzzz! Wrong.
Everything is hackable, always.
These are just computers.
We call them voting machines,
but they're nothing more
than obsolete computers.
Wow.
WoPassword. Do we
want...? For admin. Yeah.
- Admin.
- Yeah.
- Awesome.
- Success!
We are in!
It's not just about hardware.
It's the hardware of our democracy.
- Thank you for voting.
- When people say
no votes were changed,
it misses the point.
What matters is that you create chaos
in the election system.
We tend to see these events
as random and disconnected,
but, in fact,
there's a pattern you can see.
In cyberwarfare,
it's called a "kill chain."
We may be buying the world's
best 20th century military,
when the battlefront in the
21st century is election security,
cybersecurity.
In order for us to find a way forward,
we have to understand
how broken the system is
and what are the fundamental
problems we are facing.
This shouldn't be a partisan issue.
This is our common problem,
owned by everyone living
in the United States,
and we have to solve it
in order to preserve
our way of life, our society,
the rule of law,
and our right to self-govern.
So, how we vote in the United
States is very complicated.
Elections are run locally.
There's no national election system,
no agency, and all of this is left up
to the states, and within the states,
it's left up to, typically,
to the counties.
There are many, many, many
counties in the United States.
Within the counties, it's then left
to the election officials
in those counties,
and they get to decide how we vote.
They get to decide what machines we use,
and there are many different
kinds of election machines.
Then the memory card
is placed into the voting machine.
Some places also use paper ballots,
and all of the paper ballots
go into a scanner.
Paper ballot here, hand-mark it,
and feed it to our precinct scanner.
Other districts will use what are called
"direct recording electronic machines,"
which are touch-screen computers,
and then, ultimately, all of these votes
will go into a central location
that will tabulate the votes.
So, at the end of the night, when you
close the machine down from voting,
there's a thumb drive...
As soon as the voting
stops, the coordinator pulls this out,
has a special laptop, to just
put it in the side of that machine,
and they send it to the right place,
and then it's done. Pow!
Basically, there is no way
that you can say,
"This is how America votes,"
because America votes in this very,
kind of chaotic, very idiosyncratic way.
Our vote system in
the United States is very, very hard
for someone to hack into 'cause
it's so clunky and dispersed.
It's Mary and Fred putting a machine
under the basketball hoop at the gym.
The overlapping layers of the
system are what give us confidence,
the fact that there's a wide
variety of machines in use,
a wide variety of procedures
across jurisdictions.
Thousands of machines
at thousands of locations
across the United States...
Means that there's
no national system that a hacker
or bad actor can infiltrate to affect
the American elections as a whole.
There is a commonly repeated statement,
repeated over and over again,
that the US election system
is protected by its vast diversity,
uh, that's not exactly true.
The laws are actually
very similar across the US,
but so are also the voting machines.
There is commonalities between,
basically, all makes and models,
and one of the commonalities is that
the key element to carry
and store the votes
seems to always be a removable medium.
Whether it's a card
or whether it's a USB stick,
it doesn't matter...
It's still a removable storage medium.
Every single step of the way,
it is vulnerable to attack.
One machine, then another machine,
then another machine, and so on.
It is also important to understand
that modern storage devices
are computers of their own.
It is not just where data is stored,
also storing instructions
for the voting machine,
how it should operate.
What we are going to do
here is modify one card.
And it's a very simple process...
You just add the card in,
and tell exactly what file
you want to be put in.
You run the rewrite program,
and then bring it to the
election supervisor's office.
Here is the memory card I have touched.
Okay. Now this is the only piece
- of Diebold equipment that you've used?
- That's correct.
What we have here is a
programmed optical-scan ballot.
Now there is only one
question on this ballot.
Two individuals will be voting "yes,"
the rest of us will be voting "no,"
and then we'll scrutinize
the ballots afterwards,
to ensure that that is indeed the mark.
Oh my.
Oh no!
- What is it? What is it?
- WoSeven yes, one no!
Oh my gosh!
Seven people said it could be hacked.
- And we put through...
- Six and two.
Six no's and two yes's.
Oh my gosh. Do you know what this means?
The memory card can be altered,
and that will cause incorrect results,
and every single element of the system
will be reporting
the same incorrect results,
seamlessly, leaving no evidence,
nothing to be detected.
The first reaction was
to shoot the messenger,
to try to use any legal means
possible to cause a chilling effect.
And there was a huge
amount of resources used
just to stop the communications,
just to stop people
discovering the vulnerabilities.
There was a huge amount of lobbying,
advertising, marketing to assure customers
everything is fine when it was not.
If those same resources
would have been put
to actually fix the problem,
that would've been way cheaper.
The real differentiation of
Dominion is we are customer-driven.
Our employees partner with
our customers to make elections
simpler, more secure, and more accessible.
We are right now outside of
Tallahassee, Florida, in Leon County.
It's been almost 15 years
from when we hacked the voting machines
back in 2005.
And we are here to see
our old friend, lon Sancho,
who was the election supervisor
of Leon County.
On September 30th of 2016,
we get this cryptic email
from the secretary of state
of Florida's office, saying,
"All supervisors of elections must be
"on this conference call
at such and such a time.
"This is secure.
You will be there, and you will
not mention this call to anybody."
- Mm-hmm.
- We gathered our staff, put it on a speakerphone,
and what it was, was the FBI
was telling Florida election officials
that a foreign power
had penetrated a vendor
- which does work in Florida.
- Mm-hmm.
It didn't take us long
to figure out that they were talking about
the GRU, i.e., Russia's
military intelligence service.
And the vendor was a Tallahassee vendor,
- VR...
- Mm-hmm.
Which did all the programming
for a majority of the counties
in the state of Florida.
They do the absentee ballots.
They do the early voting operation.
This... This company,
if it had been hacked,
it had the potential to really
impact on Florida elections.
VR Systems sells what are
called electronic poll books,
which are software or hardware or both,
that have digitized the voter databases
that are used to verify
who is a legitimate voter and who's not.
And VR Systems are responsible
for the poll books
in almost every county in Florida.
I think there's 67 or 68 counties,
and they had sold
poll books in 64 of them.
They also sell them around the country.
They're in eight states.
In this case, the vendor was VR Systems.
Maybe the vendor was the first
target, but it's not the real target.
The real target was the
jurisdictions of the customers.
If what the bad guys wanna do is
hack into the voting process,
then they might target
voter registration databases
because they are open
to the Internet by definition.
Like if you want people to be
able to register online,
they have to be open to the
Internet, so you can get to them.
The other thing is that with
a voter registration database,
imagine you go in and you flip
the second and third digits
of everybody's address,
so that, now, when
they show up to the polls,
their ID does not match
their address on file
in the voter registration database.
It's virtually impossible
to detect by eye,
so a human's not gonna notice it,
and yet, you could cause
a lot of chaos at the polls.
CBS North Carolina's Jonathan
Rodriguez joins us live from Durham.
It's been a very busy day of voting here.
We're here at the Bethesda Ruritan Club,
where people can go out and vote.
It started a little bit
rocky for voters out here,
and it's all due to a technical glitch.
Normally, when you go inside here,
they would get on a computer
and get your name
and your information
to see who's voting, right?
Well, that's the system that had a glitch
and required them to go
back to paper polling,
the old-school way of doing it.
Durham County was ordered
to go to the paper poll books
and to shut down the computers.
Basically now, it's
a big stack of papers that has
every registered voter on it, and
they have to check you in that way.
They said it impacted
at least six other precincts,
slowing down voting times.
"It's a glitch why all of
the electronic voter ID systems
"in particular precincts in America
went down uniformly. Oh, it's a glitch."
Excuse me. There is no
such thing as a glitch.
- No.
- That's a term
that we use to hide problems,
not illuminate problems.
Long lines and some
equipment malfunctions were reported.
Machine malfunction
forces wait times to exceed two hours.
This line, all the way
around the building, waiting to vote.
I work. I won't be able
to get back over here
in time to vote.
If your goal is to undermine democracy,
you actually don't need to change votes
to hack an election.
When you prevent people
from casting a ballot,
you've hacked an election.
Quite frankly, all election
officials in America
were clueless of what was going on.
In fact, we heard nothing
until a national security subcontractor
- called Reality Winner.
- Mm-hmm.
Reality Winner ran across
a report from National Security,
detailing how the attacks were done
around the states in
the United States of America.
This was considered top secret...
and no election official
- in the country knew about it.
- Mm-hmm.
It was about a year
later before the states
that were actually
attacked by the Russians
were able to hear and know
it was the Russians doing it.
We should never have that.
Barely one hour after The Intercept,
an online news site, posted a story about
a top-secret US government
document on Russian hacking,
the Justice Department said
a 25-year-old Georgia woman,
Reality Leigh Winner, had been
arrested for leaking it.
The document that
she leaked was the actual proof
that the Russians had attempted
to hack into our voting software.
She was trapped in a world
where she was going to work
every day at the NSA,
and the news was conflicting
with the proof that was
right on her computer screen.
She was basically releasing information
that we were under attack.
Based on the
volume and the level of activity
that we had seen,
I had no reason to believe
that the Russians hadn't tried to access
some kind of voter system
in all of the states.
That was really a moment
where we realized, like,
that this was, uh,
a very large-scale operation
beyond anything that
we had really, I think,
anticipated up to that point.
Reality Winner will now serve
more than five years in prison.
That's the longest sentence ever imposed
for this kind of violation.
I think she's a heroine
for releasing that information
because, until that moment,
we did not know
the extent of this operation.
She's got a minimum
of a five-year sentence
that she's serving in federal prison.
But that's not gonna prevent
an attack on our system
or ensure that our
votes are being counted.
The American government
was caught off guard.
The election systems were
caught off guard in 2016.
In a way,
it was a failure
of imagination on our part,
because if we look back at
the Russian military doctrines
that were outlined in 2011
by General Gerasimov,
who was the equivalent of the Russian
Chairman of the Joint Chiefs of Staff,
he said in 2011 that
Russia could not compete with the West
in tanks and trucks
and planes and bullets.
But they could compete in the
area of cyber and misinformation,
disinformation, and sowing dissension.
And what better way to sow dissension
than to corrupt an election process?
I serve on the
Senate Intelligence Committee,
and I can tell you every
single country in NATO
has had Russian interference in
their elections, every one of them.
The campaign of centrist Emmanuel Macron
claims it suffered a massive
and coordinated 11th-hour cyber attack,
with leaked documents
designed to destabilize
tomorrow's runoff election.
Analysts say Putin
wants to work against Macron
to tilt the election toward
his favorite candidate,
the far-right populist Marine Le Pen,
who wants to bring France
out of NATO and the EU.
The day before the Ukrainian
presidential election
results were announced,
a hacker group calling
themselves CyberBerkut
infiltrated Ukraine's central
election computer systems.
According to Ukraine officials,
if the malicious software
they installed had not been
discovered and removed,
it would've portrayed
that ultra-nationalist
Right Sector leader Dmytro Yarosh
had won with 37 percent of the vote,
instead of the one percent
he actually received.
Moderate Petro Poroshenko,
the actual winner with
a majority of the vote,
would've been placed
in second with 29 percent.
That evening, Russian Channel
One aired a bulletin declaring
Mr. Yarosh the winner, quoting
these exact percentages.
We are more vulnerable
to this kind of subtle,
hard-to-attribute attack
than we are to tanks,
airplanes, and ships.
And we need to shift
the mentality away from,
"The Internet is secure,
"and no one is able to tamper
with the American election system,"
to the reality that was
demonstrated in 2016.
We're in 2016. We just
assumed we're the big dog,
and no one's gonna mess
with the big dog on the porch.
That's not true of the Russians.
So, this is the land border
between Finland and Russia.
This border is very closely
monitored and guarded.
We don't know what is on the Russian side.
We only know what is on Finnish side.
Finnish side has a constant
electronic surveillance
to make certain that anything
crossing the border will be detected
and will be intercepted by the
border guards, who are always on duty.
The borderline between Finland and Russia
was altered in Second World War,
where large portions of the land
was lost to Russia, so
Soviet Union back in those days.
So, we do have a long-lasting distrust
to our neighbors, and really,
the political climate
where we are right now, it's...
we are in a new Cold War,
in a very real sense.
Yeah, that was a mainframe computer.
That's actually,
I think, this is Honeywell.
It's kind of funny to see the old...
big tape... mass storage units.
Actually, the first thing here is...
"Harri, 15 years old,
"is programming enterprise...
computer systems."
And here's my software,
which was used in, uh,
new... developing
new treatments for cancer
and "Leukemia: A New Hope."
Two different medical systems,
which I helped to build.
Another one is a blood analysis.
Another one is imaging, heart
imaging system, with visible...
Simon Ardizzone:
Uh, 13...
No, I was younger, 12.
Three years old.
Hmm. I don't know if I want it, but...
So, this is the...
third-highest medal which can be given
by the military to a civilian.
- Given for me.
- What was it given for, Harri?
- Writing software.
- Must've been pretty good software to get a medal.
Yep. Pretty good software.
'Cause those are not floating around.
- Can you tell us what the software did?
- No.
It's for general service.
If the endgame of the Russians
in the last US presidential elections was
to make United States weaker,
they absolutely did that.
A divided nation is a weaker nation.
We've been tracking
Russian cyber operations
for 15 years, and it's remarkable how...
how good they are in this,
and how, how, how
brazen they are.
They're actually not worried
about getting caught,
and that's, that's, that's remarkable.
'Cause I remember the first
white papers we released
about their targets in Central Europe,
or in Poland, or in Ukraine,
and we thought we had
a really explosive report.
We were publishing their, their servers,
their IP ranges, their
encryption keys, everything.
And then we put it out, we
put out the PDF, on our website,
we get thousands of downloads
from all over the world.
Now we're watching like,
how are they gonna react?
What are they gonna do?
Are they gonna stop everything?
They did nothing. The next day,
they continue with the same operations,
same IP addresses, same encryption
keys, same pieces of malware.
They just didn't care, and
that's the only evidence you need
that these are governmental operations.
They're not worried about getting caught.
They're not worried about
getting police at their doors.
Police won't come to their doors
because they are
the government themselves.
Well, actually, they probably
are building it into the model.
That's part of the thing, they
are expecting to be caught,
and it's on your face, it's a power play.
It's like, "See what
I can do? I don't care!"
I hate the way you think, Harri.
I hate the way you think!
Well, you know, I think
like the bad person.
- Yes!
- That's... That's what I do.
Right, right, right.
My name is Thomas Hicks and I'm chairman
of the United States Election
Assistance Commission, or EAC.
What is important in identifying
in today's hearing is that
the complexity of our
American election assistance...
System both deters attacks
and allows election officials to ensure
the integrity of the election
in the event of an attack.
So, you've got a couple
of systems that are here
in the election structure that
most Americans don't know about.
They know about where they go
to vote and their polling place.
They don't know the system
from their polling place
to their state or their county
and how that gets counted,
or even something called the
election assistance commission,
which is an advisory commission
to be able to help everyone
in their elections.
First and foremost, I am here
to communicate one message, that
message is that our elections are secure.
They are secure because the
American Election Administration system
inherently protects them.
Andrei Barysevich:
On forums, you can find
compromised credentials.
You can find malware.
You can find partners
for cash-out operations,
and this is where Rasputin
was attempting to sell his information.
Barysevich:
Yeah.
Well, this is very interesting.
EAC is acting
as the ultimate clearing house
of all the information for
best practices, for testing.
Also, they have a lot of information
which systems are deployed and where.
Hart InterCivic, Dominion,
ES&S.
You basically have way over 80 percent
of all the system
which is on the first page.
So, for anyone who is
wanting to do illegal acts,
this gives you one-stop shop
all the information you need
to plan your attack campaign.
- It's a very horrible scenario.
- Yeah.
- "Daniel Brandes."
- Yeah, stolen credentials.
Some guy whose credentials got stolen.
My name was on that
screenshot, but it could've been anybody.
To this day, I still don't know
why they chose me.
But it was quite a shock.
Maybe I was on Rasputin's hack
because I was the new guy,
and he wanted to exploit the new guy
'cause that would be
the path of least resistance.
What Rasputin did was
he went to the login page,
and where you put your username in,
he had put his exploit code in there,
and then he had full
access to the database.
Barysevich:
There's very recent dates.
We are talking here
September 2016,
- October...
- October to November 2016,
so this is very recent.
They can do whatever
they want to that database.
And now, the database
and the server were separate,
so now if you have access to the database,
then you can get into the server.
And the proprietary information was not
on the database, it was on the server.
Barysevich:
One of the document archives
was the test reports
of voting machines, and these reports
have a list of file names.
One could argue that file
name list is not valuable,
but for attacker,
it is extremely valuable.
Now you know of third-party libraries.
You know open-source software.
You learn a lot.
Rasputin, to this day,
could still have that information.
I mean, if he copied them all,
he probably still has all that
very sensitive information
that he could end up selling still.
As soon as we
learned the full extent of his hack,
we knew that it was
tremendously important.
And I spent all night long talking to him
and waiting for law enforcement
to get back to us in the morning.
And then you learn where
a state has vulnerability
by hacking into the EAC.
So, if someone gets into the EAC,
there may be communication
from one state saying,
"Hey, we're having a problem
with a certain county."
They now know where the weak link is,
and they can try to
reach in that weak link.
So, it's a long system,
but for a persistent actor,
especially for a foreign
government who has the finances
and the capability to be
able to be persistent in it,
this is a way to do it.
We have three main election vendors
that are running the election machinery
that run our democracy in this country.
Dominion, ES&S, and Hart.
We're very concerned
because there's only three companies.
You could easily hack into them.
It makes it seem like
all these states are doing
different things, but, in fact, three
companies are controlling this.
We don't know anything about
how they organize themselves and how
their software works
because it's all proprietary.
The degree to which
the voting machine companies
will say, "We got this,"
that's almost always
a warning sign for anybody
in the cybersecurity business, because...
um, unless they are really, truly skilled,
and have been doing cybersecurity
as their main business for a long time,
they usually don't got this.
Unlike Microsoft, who's
actually very transparent
about their security issues,
and they have hackers
routinely come in and hack them,
and then they make their vulnerabilities
public information, in most cases,
the voting machine vendors
are the opposite of that.
You know, one of the things
me and my teammates
here at ES&S talk about frequently
is we really wish we had the opportunity
for all of you, our customers,
to come visit us here in Omaha,
and see what we do live and in action.
Those companies will
give lip service to cybersecurity,
but when cybersecurity
experts come in and say,
"We would like to talk to you about this,"
or "We would like to see
how you are handling this,"
they are actually very, very negative.
What I've found, especially
in the voting system arena,
is that security is not
really taken very seriously.
We posted a testing plan
with the California
Secretary of State's office,
saying we were gonna do X, Y, and Z,
and they approved that plan, and so,
we started that plan of testing.
Voting on the
DS-200 is as easy as 1, 2, 3.
The DS-200 digital scanner
is a simple-to-use...
And what we
found is, just it's staggering.
There were multiple vulnerabilities
that could allow an attacker to get
the highest level of privilege
or the highest level of rights,
and then gain remote
access into the system,
and do what you wanna do, whether it's
change an election
or shut the system down.
Our dedication is to
the absolute highest standards
of accuracy, security, and reliability.
We believe in honesty,
commitment, trust, and respect.
And when ES&S discovered
that we were not using their testing plan,
they were appalled.
When we used our own testing plan
and found these vulnerabilities,
they pretty much told us
that they had their own team
and that they were not interested.
The fact that we have vendors that say,
"You cannot look at our code,"
is the first problem.
In 2014, we evaluated
Dominion's Democracy Suite.
We're on the forefront
of really something that
is gonna be accessible,
it's gonna be cost-effective,
and it's gonna be efficient.
We'd found a number of vulnerabilities.
The same thing with ES&S,
we found multiple,
um, operating system patches missing.
And, essentially, what that means
is an attacker can inject
code into that system,
execute that with a possibility of
receiving some sort of control.
If I can get on that system,
if I can get access
to the database, and if I can
change the elections,
change an election for a city,
for a county, for a state, however.
How can a vendor sell a voting system
with this many vulnerabilities?
And I just can't find a straight answer.
What's happened over the last
couple years is, obviously,
there's been a revolution
in the kind of devices
that you can get off the shelf,
and it's really allowed us to,
again, to focus on
the actual election software
that we're loading up on these
off-the-shelf components.
A lot of developers today developing
applications, which are critical,
don't really know what they are doing.
And they are simply picking up
a ready-made box,
and building the application
by using these blocks,
and not that careful.
Because people are only
looking, "Is it functional?"
And I think that's
probably one of the issues
that the vendors are having is
that they don't know what
they have in those systems.
They don't know what
code is in those systems.
They just make it work, and they sell it.
We should know every single line of code
that is in that software.
We should know every bit and byte
that goes across the lines
in that hardware,
and we should be able to validate that.
We should have procedures to validate
that everything that we're doing
is the right way of doing things.
In a half mile, continue onto 14 East.
There is a gentleman
who is on eBay selling
AccuVote TSX voting machine,
and that is a voting machine
system used here in Ohio.
Well, it will be interesting to see
what is the story behind this,
why these are $79 each.
It's gonna be very interesting
to learn what's going on here.
Yeah, I used to grow up
in places like this.
Building stuff from salvaged electronics.
The smell of old.
Actually condensators.
Oh wow.
Look at that.
That's a lot more than I was expecting.
Oh my God.
The AccuVote TSX is
one of the most popular voting
machines in the United States.
It's a direct-recording
electronic machine.
It's an extremely vulnerable machine.
It's also a very old machine,
and yet, it's still being
used all over the country.
I was contacted by the insurance company
that did the buyout.
I had not...
printed off and looked at all
of them when the last time
it was in service. I just know...
in 2002 is when they put them in service,
and they turned around...
- Well, let's take a look.
- That's when you get all those touch screens,
right after the 2000 election.
So, 2011...
- Oh yeah. Oh wow.
- 2012...
Looks like this has been last time used in
June, July 2013.
That's the newer one.
That's the one which
the vendor claims to be secure.
200...
20...
- And five.
- All righty.
- Thank you, sir.
- Thank you.
So, do you sell these
anywhere in the world?
I don't right now, but I would have
absolutely no problem in doing that.
You know, I'm a recycle center.
I get them in,
it doesn't matter to me
where they came from.
I'm just gonna try to make
a dime on them or recycle them,
one way or the other.
The common defense that why the systems
are unhackable in the election world
has always been that the bad people
will have no access to the machines.
We have 1,200 machines,
auctioned on eBay.
This takes away that argument.
Anyone who has any kind of motivation,
and $75 in their pocket,
can now get access to the machine,
as many machines as they need,
and fine-tune their attacks.
There is a term called
"asymmetrical warfare,"
applies to a whole series of tactics
which are very inexpensive to produce,
which have an outsized impact.
And unfortunately,
the Internet is a perfect asymmetric tool.
From what we've
determined, no voting machines
are connected to the Internet.
Voting machines themselves are
not connected to the Internet.
They are non-network pieces of hardware
that do not connect to the Internet.
The devices are not
connected to the Internet.
Those things are not
connected to the Internet.
Not connected to the Internet,
and, therefore, cannot be attacked.
None of them are
connected to the Internet,
and so, there will not be
any sort of Internet hack
or Internet incidents.
All right, Maggie, probably
best if you take this down...
Okay.
Every single system we have,
there is a place where
it touches Internet.
There's nothing anymore
in our world, really,
which doesn't touch
Internet one way or another.
It might be indirect,
it might be infrequent,
but it's always there.
All right.
Oh!
It wants to go to Internet.
That's very nice of it.
The fact that it's the first option
it's offering is kind of interesting.
A commonly used argument
that these machines are safe from hacking
because they are never
connected to Internet.
It immediately asked, do I want to connect
to the local area network.
Local area network can always
be connected to Internet,
so the reality here is once you are
connected to network, you don't
know where the network is.
What else is connected to the Internet?
That is the problem of the network.
Election offices
think that connected to Internet
is dangerous only when
it's within an election cycle.
Actually, in many cases,
it has been found that barriers are
lowered between the election cycles.
Malware can infect machines
between the cycles and stay dormant,
waiting for the right time to activate.
It's very, very easy
to write a software piece
in this machine which will
silently change the votes
as they come and go,
and it will wipe itself clean
and there will be no
evidence on the machine
that it ever existed.
I think over the last 10 years,
people have gotten really adept now
at going to an unknown piece of hardware
and taking it apart
and figuring out how it works.
So, that's why when
I hear these stories that,
"As far as we can tell, the machines
have not been tampered with."
It's like, yeah, but it's
a pretty simple machine.
It wouldn't be hard to remove the traces.
In a half mile,
continue onto Michigan 14 East.
Maybe
Harri takes it a little bit personally
when people do stupid
things with technology.
I do in a little way, but maybe
not as much as Harri does.
I think I first met Harri
probably back in about 2007.
We went to Estonia together,
and highlighted all of
these terrible problems
with their Internet voting system.
When we were in Estonia, Harri went out
drinking with the security supervisor
for the Estonia voting system,
who was Russian.
And he told us that after each of them
had finished a full bottle of vodka, um,
he drank the root password
to the Estonia voting servers
out of their chief of security.
That's what Harri claims!
- How you doing?
- HalderHow are you?
- Good to see you, sir!
- Long time!
- Great to see you! This is Matt.
- Hi, Matt.
- Nice to meet you.
- Yeah, I've seen you a number of times,
- but only on a screen.
- HalderWow! Look at this.
Yeah, that was one hell of a warehouse.
Looks like a TSX.
75 bucks. Take as many as we want.
All right, let's plug it in and
turn it on and see what happens.
And... Aha!
"Ballot station secure
touchscreen voting terminal."
What do you think the security pin is?
I don't know. I mean, it used to be 1-1-1,
but I know they upgraded to 1-1-1-1-1-1.
I'm sorry. That was not a joke.
Well, these are not tight at all.
No.
That's... There you go.
This is the slot that
can sometimes be used
for a modem, right?
Not only modem.
There's a telephone jack here,
but this also can have
an Ethernet network card.
Ah, yes.
And the other thing
which is interesting is
the SD slot,
which not only can have
an additional memory card,
but also, it can be used for wireless.
Oh, I forgot about this.
Yeah, there's an SD slot.
You showed years ago
how just putting in a card
with a special file name could rewrite
all the software in the machine,
make it do whatever you want.
I mean, there are no two ways about it.
This is architecturally not
a safe way to cast votes, and, boy,
I'm worried now more than ever
about nation-state attackers,
about real state-level
attacks on these machines.
That's true, however, I still think that
the one problem with the
nation-state attacks being talk
is that it gives you
a false sense of security,
that the lone wolf and smaller guy
cannot do it themselves, too.
Everything we discovered, how easy it is
or hackable for lone wolf,
is still true, too.
Just look at this motherboard.
There's so many different
wires connecting to it.
Each of these is a different
type of input or output device.
These machines want to be
talking to other devices.
They're built for it, and, um,
that's what magnifies
the threat because, ultimately,
just hacking one machine,
coming up to one,
opening it up, resoldering it,
that's not an attack that will scale.
But the thing that will scale
is piggybacking on the data
that's being copied into the machines.
That's what's going to allow
an attacker to upset
an election across an entire county,
an entire state, an entire country.
Here, I have a set of tools
that I've built for
vote-stealing software,
and it can piggyback
on the normal pre-election processes...
- to get to every voting machine.
- Yep.
You also have here the actual
- software driving the printer.
- HalderRight.
It completely controls
the paper summary tapes,
the things it prints at the end
of elections that have the totals.
So, an attacker can program the machine
to print out whatever they want
even to just completely
disregard the election results.
And then the code to run the machine
and the printer gets delivered
to every voting machine along
with the ballot programming.
What is your estimation,
how many hours it took...
- for you to create a tool set?
- Oh, this was just
part-time over a couple of months.
Certainly more than,
I think, people could do
in a long weekend, but not something that
- requires nation-state level effort either.
- Mm-hmm, mm-hmm.
Let's go.
Hello,
everybody! Welcome to the voting village!
We have a variety of voting machines
available here. One of
the reasons we're doing this
is to broaden the community of people
who are gonna be experts in how
voting machines work.
- Harri, do you wanna say a few words?
- Yes.
Every voting machine
in this room is in use
in next elections, every single one,
every single model is
a model still in use.
We are actually asking your help
because we don't know
much about those devices.
Basically, the idea
here is all the machines
are there to be tested, to be used.
You can open it. Don't break all of them,
but if something breaks, that's fine.
They are bought from eBay,
and they do have the previous election in.
If you see something, say something!
Tell what you found!
Every discovery, every
information you have,
please let them know,
so that we can inform people
what you have discovered
and what you have found.
We are here to help,
so that you can have fun
and explore and discover
new things. Thank you.
Thank you.
So, at Def Con, we're
always a really open conference.
We knew, even though we were some,
you know, sketchy hackers,
the manufacturers were gonna
wanna know what's going on.
So, instead of creating
an adversarial relationship,
we know you're gonna try to be
there, let's just invite you.
We're doing this thing,
you might not like it,
but come and participate.
Tell us why we're wrong.
Bring your latest equipment
if we're testing the wrong equipment.
Get some free consulting. I mean,
you've got some of
the world's best hackers.
Maybe this is a free test.
Maybe you can get some advice out of it.
And nobody took us up on the offer.
This is the first time we
have a public to be able to
experience and take a look
into the critical spot, which has been
little bit hiding in the shadow
in all the previous election
and voting machine security studies.
Finally, for the first time, non-experts,
non-having signed a non-disclosure
agreement researchers
are having a chance to see
what these machines are
like, how incredibly,
trivially vulnerable they are.
And what effect this is gonna have
on their democracy if
they don't get involved.
Trying to see if there's
any obvious storage on here.
This is a Diebold
voter registration machine,
and its purpose
is to just hold voter registration data,
like names, addresses,
social security numbers,
lots of scary stuff.
And the database is stored on these cards.
'Cause one of the things that
you can do with these machines
is install your own malware
on whatever the memory media is.
That will go back
and infect the...
back end, vote tabulating,
and next year's ballot design
systems for years to come
because the software doesn't get upgraded.
Your malware could stay there forever
and no one would know it was there.
Hackers are a wonderful resource.
We make significant discoveries.
So, I could put a program on there
- that just modifies the count.
- Yes.
We are here only three days a year.
The real adversaries, they run it
24/7 with massive funding.
Use the display command, it will
fill this screen with
whatever you tell it to.
If you don't believe
that there is this kind of room
in Russia, running 24/7,
you are kidding yourself.
We have access.
We have access to the machine.
Here is Microsoft Windows XP.
And I'm demonstrating how you can,
remotely from this laptop,
gain complete control
of the voting machine.
I'm doing it right now.
This is the prompt of the voting machine.
We are in. We have made it!
- Here is the directory, which is called "reports."
- Yeah.
Sarah Teale:
- He wirelessly got into the machine.
- Yes.
So, I'm connected to the machine,
but I think I can take control
of the screen of the machine.
And so, what you can see now, if it works,
it actually kind of shows me...
- this screen, Windows XP!
- Oh my God.
I can turn the machine off from
here as well, if I want to.
Okay.
Now, I can exit the machine, and
you know what's gonna happen?
I am turning off the machine for them.
They're gonna be very surprised.
Do you want to exit the machine?
Now it's disconnected,
and now let's see...
- what their faces look like.
- Oh shit.
- Oh! Oh! Okay!
- I don't know what just happened.
It switched to
an administrator login screen,
and then it went off,
and we're like, "What happened?"
Because we were trying
all the different smart cards
to see if one of them
actually did anything.
That's awesome.
And you can do all this all automatically.
You can actually have a machine,
a car that drives by the voting places
and updates all of the votes,
and because there's no paper evidence,
the machine will actually, um...
You will never, ever notice
that this actually happened.
This vulnerability is so trivial,
the tools are so widely known,
it would be easy to imagine
that somebody will hack the machine
from the parking lot with never
seeing the voting machine.
What happens is attacks only get easier.
So maybe, it was a super
sophisticated attack
in 2016.
By 2020, or 2022,
it's only average, right?
We gotta stay one step ahead of this.
If it was the Russians
yesterday, who is it tomorrow?
Is it an organized crime group?
Is it a political action group?
Is it an environmental rights group?
"Oh yeah, you can't swing
the presidential election
because you'd have to tamper
with too many precincts."
Well, okay, what if I'm just
tampering with my local precinct
'cause I just wanna get my guy in?
What if the skills
become so widespread that you can do this
on a county or state level?
Then what? Maybe getting
your governor is almost
as important to you as
getting the president,
depending upon what your issue is. So,
I don't wanna get so
spun up that it's like
an all or nothing federal thing.
It's an everything thing!
I feel like we are in terrible danger
of losing what it means to be a democracy.
If elections can be altered subtly,
they can be altered in
a way that is undetectable,
how does one trust
the results of their election?
And a democracy functions on trust.
Without that trust,
things descend into chaos and anarchy.
Those of us who know how vulnerable, um,
the voting systems are in these elections
are terribly afraid right now.
Brian Kemp is running for governor
at a moment in time when he was
also overseeing the elections
in Georgia, i.e., he was
overseeing his own election.
Secretary of State Brian Kemp...
The race between
Brian Kemp and Stacey Abrams,
- which is too close to call...
- An historic race...
Locked in a tight race.
It couldn't be any tighter.
This is a battle for
the soul of our state, y'all.
I got a big truck,
just in case I need to round up
criminal illegals
and take 'em home myself.
Yep, I just said that.
I'm Stacey Abrams
and I'm running for governor,
because where you come from
shouldn't determine
how far you can go.
The canary in the coal mine is Georgia.
Georgia is
in this situation where
every single person in Georgia
who votes, votes on the same
kind of machine, the AccuVote,
which is, as we know,
an extremely insecure machine
that can be easily, easily hacked,
and yet, it's still being used.
With his family in tow, Brian Kemp
voted today at the historic
Winterville Train Depot.
Like most Georgians, he was voting on
a machine using 16-year-old technology.
After a first try in the voting booth,
he came back holding
the yellow voting card
he'd been given and told
the poll worker...
It said this is an invalid card.
Okay, you go back
in there, I'll redo it for you.
Kemp fought
against efforts earlier this year
to replace the machines,
saying a last-minute change
to paper ballots would create chaos.
Chaos, which he now says,
has been avoided.
Are you concerned
about the reports of problems
- people are having?
- No, not at all.
Today, been a great,
really, a smooth election.
This is a look at
lines inside Annistown Elementary
in Gwinnett County, where some
machines were not even working.
There were some major problems
here at this Gwinnett County polling place.
Those voting machines,
that you see right over there,
stopped working earlier this morning.
Some were here for three hours,
others here for much longer.
I wanted to come in, do my voting,
and get out, and that didn't happen today.
Some people were here for five hours.
By the way, this is the second
largest county in the state.
It's also a Democratic stronghold.
What time do polls close tonight?
It's supposed to close at seven,
but we've received 25-minute extension,
- but that's not enough.
- Yeah.
We're still fighting to get a full hour.
There's a saying in Georgia
that, "As goes Gwinnett County,"
which is this county...
- Yeah.
- "...so goes the governorship."
The secretary of state,
- who's also a candidate...
- Mm-hmm.
Is telling everybody that these
machines are not hackable.
- Mm-hmm.
- That they are safe.
I don't know if you knew, but I
hacked that machine which is used here.
Okay, call the police.
No, that was long time ago.
2006, I showed how that
machine can be hacked.
And then they are
here today, telling us...
- Yeah, 12 years later.
- It's not hackable.
Twelve years later, that same machine
still in use, and it's still hackable.
Poll worker:
- Have you all had an interesting day so far?
- How's your day been?
- Busy.
- Hi, Harri. Nice to see you.
- Likewise, likewise.
- Hi, Harri.
So, the cards aren't working.
That's what they tell.
- Which shouldn't be possible, right?
- I mean, that's weird.
Excuse me.
Let's see...
Yeah, so...
Generally, I'm looking for...
voters who insert their card
into the machine, and it fails
to work. So like, right now,
that guy's having issues,
so we should head him off,
talk to him a bit.
Excuse me, were you
having issues just now?
Oh, I see.
Yeah, so you did change
your driver's license...
Oh, for real?
Yeah.
Do you know what the
error message was on that screen?
It was a warning. I don't
remember exactly what it said.
- It was a warning, error warning.
- Okay, but it was just having
- trouble writing to the card?
- It wouldn't write to any of the cards.
We had 24 cards... I need
your driver's license, too.
And none of them would work.
Okay. It just said
it was something saying,
"card is inserted incorrectly"
or "unable to write to card."
- Was that on a TS?
- Yes, they were all TS's.
I mean, this whole thing is bizarre.
I heard this same thing happen in
- a number of precincts, and not only here.
- Yeah. Sounds like
there's another precinct, like, two miles
down the road that had the same issue.
Was there no control?
Didn't they test this?
How it's possible that you ship
up something which fails on arrival?
It would be acceptable if you
had one or two cards fail.
- Sure.
- So, you would have to cook the whole bag of cards
in order to get that
kind of failure, right?
Well, I don't know
- what could have been going wrong.
- We put them in microwaves,
and you could do that.
- Yeah.
- Yeah, that's true.
But I think you're right. One at a time,
you get random failures on the cards.
- But where did it come from?
- Through ElectionNet.
Secretary of State's office. Yeah.
Oh, okay.
That four-hour line here...
it shouldn't work that way.
Stacey Abrams lost. Brian Kemp won.
And Brian Kemp then took
the lobbyist for ES&S
as his chief of staff.
So, there is a huge battle
that will probably be lost in Georgia
over using ballot marking devices
rather than voter-marked,
hand-marked paper ballots.
This is really gonna be a catastrophe.
It's far more expensive than
hand-marked paper ballots.
It is a vehicle for disenfranchisement
in a number of different ways.
Other than feeding corporate profits
and making it easier to
manipulate election outcomes,
I don't really see the point.
That's what I was thinking immediately.
All right, let's go play.
- All right.
- The Richmond-San Rafael Bridge and the Golden Gate Bridge,
and in a second, we'll see
the San Francisco Bay Bridge.
The fundamental problem
with electronic voting technology is
the evidence that it produces
about who actually won.
Most of them don't produce
really convincing evidence,
and the best technology for
voter verifiability is
hand-marked paper ballots.
We need a trustworthy paper trail.
In about 2007, I came up
with the idea of risk-limiting audits,
which are a way of providing
statistical evidence that
the outcome is correct,
or having a large chance of correcting
the outcome if it isn't correct.
So, risk-limiting audits,
there's a lot of misconceptions.
Everybody agrees that's the way forward,
but there's so much misconceptions.
The risk-limiting audit
relies on a paper trail.
You don't have paper,
then you can't do one.
It's easy to do a risk-limiting audit.
You just do a hand count
of everything. Done.
The subtlety is how to limit the risk
- and keep the workload down.
- Right, right.
The procedure is you
start looking at paper,
and you keep looking
at paper until you have
convincing evidence that
looking at all of it
wouldn't change the result.
So, you can think of it as, um,
an intelligent, incremental recount
that stops as soon as it's
clear that it's pointless.
And if it never becomes
clear that it's pointless,
it just keeps going until
you've looked at all the paper.
The key is that sample
you choose is random.
So, that's what lets you, uh,
protect against any kind of
error problem whatsoever,
whether it's a malicious opponent,
or a random machine failure,
or a bug, or whatever it is,
by looking at it randomly,
you can guarantee
- a big chance of catching it.
- Right.
It's a check on the tabulation in a way
that is economical and efficient
and accomplishes the minimum standard
of verifying that the votes
were tabulated accurately enough
to tell who really won.
Good to be here, hello.
In Georgia, we ended up seeing
the strangest thing.
In a heavily Democratic
precinct, there was one machine
out of a seven-machine precinct
- that showed heavy Republican wins...
- Mm-hmm.
While the precinct itself,
and all of the other machines,
were showing heavy Democratic wins.
- Mm-hmm.
- And it made us go,
"Wait a minute.
Something's weird about this.
How could this happen?"
Just on the one machine out of seven?
The other six showed a Democratic majority
- in every statewide contest?
- Right, right.
And in Georgia,
and in a lot of other states,
when the machines are printing tapes
at seven o'clock at night
when the polls close,
it is a law that for
purposes of transparency,
that those tapes, one from every machine,
be posted at the door, and so,
like here, here's a photograph...
It was just an end of the day dump
of what was in the memory onto paper.
So, it's just the final tally according to
- its internal software, according to that machine.
- Right. Right.
And this particular tape
is the one that got all
of the Republican votes.
It got substantially more
votes for Brian Kemp,
the Republican, than
Stacey Abrams, the Democrat,
and this was true all
the way down the ballot.
The Republican wins every single race
- on this one machine.
- Mm-hmm.
Something had to happen
to cause one machine
to have such different
results than its neighbors.
I called Philip and said,
"Is this important? Is this
as odd as it looks to me?"
So he went to work on it
with his magic statistics.
And the magic grad student, yes.
So, what we did was
simulate this process,
run it over and over again,
saying if we had this
many Democratic voters
and this many Republican voters
in our precinct,
and we assigned them
at random to machines,
how likely is it that we'd get
a Republican majority
as great as what we saw
on machine three?
So we did this probably 10,000 times,
and it was an astronomically small chance.
Less than one in a million.
Georgia is buying new
election machines for the whole state
to replace the AccuVote voting machines
that we know are insecure,
and they are replacing
them with another set
of machines that are also insecure
because they use bar codes,
and bar codes can be hacked.
The model that is their
favorite choice right now
is the Dominion ImageCast.
The ImageCast X will not permit the voter
to over-vote a contest, to change...
What this does is
it's a touchscreen machine.
The voter enters their vote,
and what is spit out is a paper ballot,
and their votes are encoded as bar codes.
The vote itself is in that bar code.
No humans I know can
read bar code very well.
And it's that vote
that is then put into
a scanner and counted.
It is, again, putting a computer
between the voter and his ballot.
Putting a computer between
a voter and his ballot
is going to make sure that
you don't have an auditable,
reliable election.
So, even though
the election officials in
Georgia are paying lip service
to the fact they now have a paper trail,
they are creating a paper
trail that, in fact,
can't actually be audited.
Paper ballots and risk-limiting audits
are the unanimous... I can't find
a single expert in the field,
who believes that you can get this fixed
without those two basic requirements.
And the only way you get anything done
in the Senate right now
is if it's bipartisan.
The way the filibuster rules work,
you have to work across the aisle.
The Secure Elections Act is
a bipartisan effort to be able
to try to address what were the
problems that we already see.
There are vulnerabilities in our system
that we should pay attention to.
Some are dramatic,
like actually changing votes.
Some are subtle,
like just trying to alter
a formula in a website
and making that vulnerable so that people
can't trust the results that they got.
The Russians did this last time in 2016.
It could be the North Koreans next time.
It could be a domestic hacktivist group
that just decides they're mad
and they wanna be able
to create some chaos.
It doesn't have to be a foreign actor.
Voting machines that do
not produce a paper trail.
The only record of the votes
cast is a digital record,
which could be hacked
and which is impossible
to audit reliably.
That strikes me as a prescription
for disaster.
The most important things
are to make sure we have
votes recorded on paper...
paper ballots, which just...
cannot be changed in a cyber attack.
How would you do a non-paper audit?
Senator, I think it would be
basically impossible.
When you and your colleagues
hacked election systems,
did you get caught?
- Um...
- Did they see your intrusion into their systems?
The one instance when
I was invited to hack a real voting system
while people were watching
was in Washington, DC, in 2010,
and in that instance,
it took less than 48 hours
for us to change all the votes,
and we were not caught.
There's a number of bills that
are pending before Congress,
and I think some of them
before this committee,
on the subject of election integrity.
Mr. Chairman, are we going to
be marking up any of those bills
on election security?
At this point, I don't see any likelihood
that those bills would get to
the floor if we mark them up.
Why?
Same reason we couldn't
get our bill to the floor last year.
Which is?
I think the majority leader
just is of the view that
this debate reaches no conclusion.
It's very important that
we maintain the integrity
and the security of our
elections in our country.
Any Washington involvement in that task
needs to be undertaken
with extreme care...
extreme care, and on a thoroughly
bipartisan basis.
Leader McConnell
has not brought a single piece of
election security
legislation to the floor,
even though the president's
own security team
has said that we're in jeopardy.
We were not able to get
the bill out of committee.
We were not able to
actually have a vote on it.
Because, I assure you, if we
had a vote on this legislation,
whether it's at committee
or on the floor of the Senate,
it would pass overwhelmingly.
I don't see how they explain
not passing a bill to protect
our election equipment.
The White House, just
as we were on the verge
of getting a mark up
in the rules committee,
getting it to the floor, where I think
we would get the vast
majority of senators,
the White House made calls to stop this.
Were you aware of that?
- No.
- Okay, well that happened.
There are plenty of Republicans
in the House and the Senate
who are deeply concerned about this,
deeply, deeply concerned
about it, as they should be,
as we all should be.
This is not a partisan issue.
Everyone should care about this,
whoever they vote for, everybody.
And you've gotta believe at some point,
it's something bad is going on,
that people don't wanna pass it.
I don't remember the
specific person that referred me to you,
but I do remember that
you were named
by one of my sources as a very credible
cybersecurity expert, um,
and I'm trying to remember...
I think it was like
I emailed someone else,
and they were like, "You
should talk to Harri Hursti, not me.
I'm busy."
So, this all started
around the 2016 election.
This is a pretty interesting
and important-seeming thing.
We kept reading a series of
national reports about various
named and unnamed state election systems
or websites that were
compromised or hacked,
and my immediate question was:
Is there any affiliation
here with the Russians
and the Russian actors
that have been identified
as being involved in the other hacks?
So, I'll play this tape of the...
state elections director.
Josie Bahnke:
Last week, I had a secure briefing
with the FBI and DHS.
We know that they were
able to look at our website,
but there was no breach,
I guess, essentially.
Is there any sense that they
tried to actually, like, access anything?
No. They wiggled on the door and moved on.
Wiggled on the door,
meaning they literally
looked at the website,
it's not like they tried
to input credentials or...
Yes, and there was an IP address.
I think that's the...
that's the gist of it.
We got some information that
seemed to indicate, pretty clearly,
that there was more to the story here,
and based on that,
we formulated a Freedom
of Information Act request,
just sort of sent it off, and...
How long after election
you FOIA'd these documents?
More than a year.
And then we got this
whole package of documents.
Really interesting here when
you start looking what they explain.
The Alaska system was compromised,
but it was compromised by
a completely different actor,
the bad actor is named CyberZeist.
And, you know, sort of
linked to a Twitter account
that has a sort of past history
of hacking other figures.
Uh, they talked about how
the attacker had originated
from what appeared to be the IP
address of a power plant in India.
State officials had had
to report to the FBI,
and there was more than officials here
had originally led Alaskans to believe.
To me, if this is the whole documentation,
then there was never
a proper, uh, investigation.
Uh, they didn't take this seriously.
This was quickly brushed over,
saying, okay, it's contained,
so, this is the whole problem,
and we cleaned the whole
problem, it's all fine.
And nothing to see here,
we were not hacked.
They are making a claim here
that the attacker
got access to the file system,
and they sort of, kind of leave it there.
If you have that kind of
access to file system,
you can simply replace files
and gain control of the system.
Security researchers like
myself, this tells that...
Whether they believe what they
say themselves doesn't matter.
This tells that the truth is likely to be
way worse than what they're saying,
clearly worse than this explanation.
There was no containment in effect.
CyberZeist:
What I take of this...
is that... he got into that one place,
and then, he deployed a tool,
which he doesn't want to disc...
He doesn't want to disclose that tool.
That tool took him, all of a sudden,
to a completely different place.
And because he wants
to use that tool later,
he doesn't want to give any hint,
um... how that jump happened.
But omission of that information
is not making him less credible,
because he could have made
a bullshit story and he didn't.
CyberZeist:
If you use a standardized...
"standardized" criminal tools,
all of this can be carried
out almost effortlessly.
So, this also brings back
the question, why Alaska?
Is Alaska the ultimate target,
or is Alaska just an intermediate step
towards something else?
You have to think about what are
the threat actors' real motivations.
Everything else is tools,
tactics, technology... irrelevant.
What you are really going after
is the mind of your adversary.
And the mind, in some cases a visual mind,
sometimes a collective
mind of the society.
When a sufficiently large group
of members of society don't
anymore believe in the society,
and that's where the collapse starts.
It's called kill chain.
Kill chain is a 2,000-year-old concept,
which can be used in
any kind of operation,
whether it is military or organized crime
or some other activity.
And in kill chain, you move,
step-by-step,
towards your ultimate target.
First, you gather intelligence.
What is the landscape?
After that, you analyze the intelligence,
and now, you're asking
yourself the question,
"Who are the possible targets?"
After that, it's weaponization.
So, now you know against
whom you are going,
what tools you are using.
I think the most important
part of the kill chain
is the paralyzation of your adversaries.
And when the governments cannot
assess the situation,
take an action and correct it,
that's when a paralyzation happens.
That's really when you finish the target.
The chain will go on
until you break a link.
Stopping them while maintaining
and remain true to your values,
that is the tricky part.
I've told voters before to be
careful what you vote on.
Um, if you cannot validate it,
if you cannot verify it
right in front of you, then
you shouldn't be voting on it,
and you should be asking
for a paper ballot.
Use paper ballots.
We can use an optical scanner
to scan the paper ballots.
If it turns out that
an optical scanner,
which is also a computer,
has been corrupted in some way
or hacked in some way,
then we've got these paper
ballots we can go back to
and count them by hand.
Whether it's Vladimir Putin
or Harri Hursti
who's attacking the machines,
the only surefire way to know
whether the machines are telling the truth
about the election results
is to do an audit, to look at the paper,
and to make sure that what's on that paper
matches the results that
the computers are saying.