After Trump tweets Defcon hacking video, voting security experts call BS

By | November 17, 2020
After Trump tweets Defcon hacking video, voting security experts call BS
Getty Images

As President Trump continues to make unfounded claims of widespread election fraud, 59 of the world’s foremost experts on electronic voting are hitting back, saying that recent allegations of actual voting machine hacking “have been unsubstantiated or are technically incoherent.”

Monday’s letter came after almost two weeks of baseless and unfounded claims from Trump and some of his supporters that this month’s presidential election had been “rigged” in favor of President-elect Joe Biden. On Thursday, Trump started a new round of disinformation when he took to Twitter to say that polling machines made by Dominion Voting deleted 2.7 million Trump votes around the country.

Vulnerabilities aren’t exploits

Over the weekend, Trump tweeted a video from last year’s Defcon hacker convention. It showed attendees participating in an event called the voting machine hacking village. Organizers of the event held it to raise awareness about the importance of security in electronic voting. Some of the event organizers were beside themselves that Trump was using the video as innuendo that voting machine hacking played a role in the results of this month’s election, or in any election ever, for that matter.

“Anyone asserting that a US election was ‘rigged’ is making an extraordinary claim, one that must be supported by persuasive and verifiable evidence,” the computer scientists wrote. “Merely citing the existence of technical flaws does not establish that an attack occurred, much less that it altered an election outcome. It is simply speculation.”

The letter continued:

The presence of security weaknesses in election infrastructure does not by itself tell us that any election has actually been compromised. Technical, physical, and procedural safeguards complicate the task of maliciously exploiting election systems, as does monitoring of likely adversaries by law enforcement and the intelligence community. Altering an election outcome involves more than simply the existence of a technical vulnerability.

We are aware of alarming assertions being made that the 2020 election was “rigged” by exploiting technical vulnerabilities. However, in every case of which we are aware, these claims either have been unsubstantiated or are technically incoherent. To our collective knowledge, no credible evidence has been put forth that supports a conclusion that the 2020 election outcome in any state has been altered through technical compromise.

Monday’s letter follows the issuance of another strongly worded statement on Thursday by the Election Infrastructure Government Coordinating Council, which includes officials from the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, the US Election Assistance Commission, and secretaries of state and state election directors from various states.

“The November 3rd election was the most secure in American history,” the joint statement read. “Right now, across the country, election officials are reviewing and double checking the entire election process prior to finalizing the result.”

The statement went on to say: “While we know there are many unfounded claims and opportunities for misinformation about the process of our elections, we can assure you we have the utmost confidence in the security and integrity of our elections, and you should too.”

Earlier that day, Reuters reported that Cybersecurity and Infrastructure Security Agency Director Christopher Krebs was telling associates he expected to be fired. Citing unnamed people familiar with the matter, the news outlet said that Krebs “drew the ire of the Trump White House over efforts to debunk disinformation” related to the recent elections.

Monday’s letter shows that computer scientists are also now working to debunk conspiracy theories claiming widespread voter fraud. Those signing the document include Matt Blaze, a computer science professor at Georgetown University; Ronald Rivest, a professor at the Massachusetts Institute of Technology and the R in RSA; Steven M. Bellovin, a computer science professor at Columbia University; Joseph Lorenzo Hall, senior VP at the nonprofit Internet Society; and J. Alex Halderman, a University of Michigan professor of computer science and engineering who specializes in election security.

Source