A type of cyber crime known as “ransomware” could disrupt or even sabotage the 2020 presidential election, some tech experts fear.
As The Associated Press reported, a ransomware attack occurs when a computer user unwittingly installs malicious code on their computer — such as through downloading a file or even clicking a link. That code then hijacks the user’s data, and the criminal who installed the code will only allow the user to access their data once a fee — a “ransom” — is paid. In some cases, those ransoms have turned out to be tens or even hundreds of thousands of dollars, usually paid via an untraceable crypto currency such as Bitcoin.
For example, as BBC News reported, in 2019 the town of Lake City, Florida paid $500,000 in Bitcoin after a ransomware attack held the city’s data hostage for two weeks.
Now, some experts fear that the same process could affect voter data and, by extension, affect the November 3 presidential election, either directly or indirectly.
Colorado Secretary of State Jena Griswold noted that the United States’ electronic infrastructure was an issue in the 2016 election, and it could be an issue again.
“With the 2020 election, election infrastructure has a target on its back. We know that election infrastructure was attempted to be undermined in 2016, and we know the techniques are shifting,” Griswold said.
It’s a sentiment echoed by David Tackett, chief information officer for the Secretary of State of West Virginia. He notes that all it takes is one employee in one of the state’s 55 local election offices to fall for a “phishing” email and soon enough, a criminal will have access to that county’s election data.
Further, Tackett noted that many employees are temps, and others will have been working long hours under difficult conditions.
“This may create a certain malaise or fatigue when they are using tools like email,” he said.
So how could such a crime affect voting systems? One possibility is that an attack during early voting, in a state that relies heavily on it, could prevent officials from verifying voters’ identity. Or in a state where ballots are largely cast by mail, a disruption to the computer networks that count the votes could force officials to count the ballots by hand.
Could a ransomware attack be used to actually change votes, however? Adam Hickey, a Justice Department deputy assistant attorney general, said in an interview that he doesn’t think so.
“I think it is much easier to disrupt a network and prevent it from operating than it is to change votes,” he said.