Five ways hackers could tamper with the 2008 elections.

Who's winning, who's losing, and why.
Aug. 15 2008 1:53 PM

Hack the Vote

Five ways Internet tricksters could tamper with the 2008 elections.

Hacker. Illustration by Natalie Matthews.

In the late 1800s, during the heyday of Tammany Hall, New Yorkers would often show up to vote with a full beard. "When you've voted them with their whiskers on, you take them to a barber and scrape off the chin fringe,"explained Democratic boss Big Tim Sullivan. If the political machine needed still more votes, the voter would return with nothing but a mustache, and then once again clean-shaven. "That makes one of them good for four votes," according to Sullivan.

Technology has cleaned up elections since then. Voting machines ensure one person casts only one vote. Electronic databases let secretaries of state compare their rolls to avoid double registration. Hotlines tell voters where and when to show up on Election Day.

Advertisement

This year, campaigns are relying more than ever on e-mail, texting, and the Web to get their message out and raise cash. But high-speed communication also means more opportunities for electronic skullduggery. Just as new technology lets voters get good information faster than ever in 2008, mischief-makers can spread bad information quickly.

Election tricksters—perhaps working for campaigns, perhaps freelancing—disseminate false polling locations and closing times. They spread rumors that Democrats vote Tuesday, Republicans vote Wednesday, or that anyone with outstanding parking tickets, unpaid rent, or family members in prison can't vote. Voters also get misled about ID laws, believing they're stricter than they really are. (A recent Supreme Court decision to uphold Indiana's voter ID law could be misinterpreted as applying to other states as well.)

Campaigns and voting rights activists are anticipating all kinds of Internet dirty tricks to spread this misinformation. Here are five they are most worried about—and how they can be stopped.

1. Fake e-mails. In 2004, Democrats were duped by an official-looking e-mail soliciting donations to the Kerry campaign. Researchers exposed it as a phishing scam, but many donors had already lost their money. Now most contributions to the presidential candidates are given online. And supporters are eager to give—a fake solicitation from Obama campaign manager David Plouffe could rake in cash before the campaign had time shut it down. (Just look how accurately tricksters were able to replicate bank Web sites.) Such fraud doesn't have to be about money: In November, an e-mail falsely attributed to the Mitt Romney campaign called out Rudy Giuliani and "his pedophile friends," reflecting poorly on both candidates.

Defense: Rapid response. Campaigns need an early-warning system that lets them counter false claims as soon as they occur. Branding also helps—the more distinctive campaign e-mails are, the more likely supporters will recognize a fake. Notice that Obama's donation page has a security seal at the bottom designating it an "authentic site." Notice, also, that you can easily copy the seal and post it on your own site.

2.Dummy Web sites. In 1999, a Web site appeared depicting George Bush with a straw up his nose inhaling lines of coke. It was clearly satire, but the GOP sued and the site was taken down. More threatening is the prospect of fake candidate sites that look real. Some weak points have already been exposed: A team from Symantec registered 124 domain names with various misspellings of the candidates' names and attracted 21,000 hits over two months. In April, a hacker redirected anyone who clicked on the "Community Blogs" section of MyBarackObama.com to Hillary Clinton's home page, then posted an apparent confession. (One online security expert recently discovered a flaw in the Domain Name System that could allow hackers to redirect visitors to other pages.) Particularly vulnerable are Secretary of State sites, where many voters go to find polling locations and to preview their ballots. These state sites are generally low-tech and subject to tampering—if people with basic coding skills could access and manipulate Oklahoma's sex offender registry, they can certainly muck with the Secretary of State polling-station locators.

Defense:Back it up. If a campaign finds a major security breach in their site, they can immediately pull it down and automatically redirect users to an identical clone site. If done right, the user experience would be seamless. That said, beware of false alarms: Sen. Joe Lieberman cried foul in 2006 when he thought his Web site was downed by Ned Lamont-loving hackers. Turns out it was his own campaign's fault. As for security, companies offer seals of authenticity for political and government Web sites. But, again, they're easy to fake.

  Slate Plus
Working
Nov. 27 2014 12:31 PM Slate’s Working Podcast: Episode 11 Transcript Read what David Plotz asked a helicopter paramedic about his workday.