On Monday, the Washington Post ran a story with a horrifying headline: "US investigating potential covert Russian plan to disrupt November elections." According to an anonymous intelligence official, a Russian hack aimed at influencing or discrediting the election "is something we're looking very closely at."
Coming on the heels of another Post story reporting that Russian hackers had targeted voter registration systems in Arizona and Illinois, and the Russian-linked hack in June of the Democratic National Committee's computer system, this all seems kinda concerning. When I go to the polls in November, will some Guy Fawkes mask–wearing dude in Vladivostok be monkeying with my vote-o-matic? And what would that mean for American democracy and security?
To find out, I checked in with Jeffrey Carr, a security consultant and the author of the book Inside Cyber Warfare: Mapping the Cyber Underworld. He told VICE that, yes, our democracy is vulnerable to a destabilizing attack, but said he wouldn't be as quick as others to blame the Ruskies.
VICE: Is a hack on our voting system really more likely this year than in the past?
Jeffrey Carr: Every four years—every time there's a presidential election—there are stories about tampering with electronic voting. And this is the first time we've blamed it on a foreign government. That's because electronic voting is insecure. These stories always pop up, and it's always too late. There's never enough time to fix the problem when all of a sudden it becomes an issue a few months before the election. And when the election is over, it's shoved aside.
How would hackers break into voting machines if those machines aren't internet-enabled?
The systems aren't internet facing, but it's not that difficult to compromise systems that are not internet-facing, [as long as] we use existing systems without the benefit of encryption, or two-factor authentication—for example, your chip-and-pin type method that we use for purchases. Something like that could be used to secure our voting as well, or some other kind of two-factor authentication. I'd like to see two systems used: Whatever we're using for electronic voting, because it's too late to really fix that—but also, ask every voter to prepare a paper ballot at the same time.
So what happens if Russians hack the election, and we find out about it?
Since it's never been done before, I don't know what would happen. Does Obama stay on until some new type of election is held? I have no idea. That's an interesting question. Do we have a plan for that? This could easily be the one where that happens.
"Ideally what would happen is Obama would call Putin and say, 'What the fuck?'"
In your opinion, would Russian president Vladimir Putin be a likely culprit?
I doubt it. I don't understand why he would bother. [Why] would Russian intelligence—if they were trying to help Trump—hack into the electoral system in Arizona, which has been voting Republican longer than I've been alive? [And] if Russia wanted to keep it secret, why would they use their own servers?
I think people do have responses to those hypotheticals…
The answer will be, "Well, because they want us to know!" But they don't want economic sanctions. Why would they risk more? There's no good answer to that.
Who else might want to hack the election?
Nobody can seem to predict what Donald Trump will do, and he may well resort to saying the election was rigged or tampered with.
Are you saying Trump could hire people to pretend to be Russian hackers? How would they make that believable?
You can simply buy everything you need online in a Russian forum, including the tools that'll show Russian tool marks. People won't stop for a second to question it. They'll immediately say it was Russia. In a climate like this, where crazy, Rusophobic, Cold War speculation is rampant, that's all Trump would have to do. For six figures, he could easily hire hackers to use Russian malware, and compromise one or two voting machines, throw the entire election into chaos, and blame it all on the FSB [the Russian intelligence agency].
So if someone convinced the US that the election was tainted by Russian influence, do you think a cyberthreat like this could escalate to a broader military incident?
There are so many people in the US government right now stirring the flames of anti-Russian sentiment, [claiming that] compromising our election process is like attacking our critical infrastructure, and it rises to a level where a kinetic response would be justified. I doubt that's true, but countries' leaders make decisions like that all the time.
And would those bad decisions lead to a potential war?
Well, ideally what would happen is Obama would call Putin, and say, "What the fuck? Did you guys do this? Because we've got a serious problem here." And [Putin] would say no, and Obama would say, "Can you tell us what was done, and which servers were used, and who was involved?" Hopefully the FSB would cooperate.
Sure, but would they actually cooperate?
There are plenty of examples where the FBI and the FSB have cooperated, [particularly] when it comes to Russian criminals that the Kremlin is just as anxious to get rid of as the US. In this case, I can't imagine why they wouldn't cooperate if it were this serious. They would literally have to, or everyone would assume that yes, it was Russia, and then serious consequences would probably follow. But even if the FSB said, "Yeah, it wasn't us. We'll help you try and figure out who it was," they may or may not be successful in doing that. It just depends on how savvy the hackers were that did the work.
This interview has been edited for length and clarity.
Follow Mike Pearl on Twitter.