via nbcnews.com
A newly unsealed expert report arguing that Georgia’s Dominion Voting Systems machines are vulnerable to vote switching and hacking is raising alarms in Georgia, even as the state downplays the risks and their plans to mitigate them.
This week, a federal judge in Atlanta unsealed two reports in a federal court case over the use of Dominion ballot-marking devices in Georgia elections. One report, authored by University of Michigan computer science professor Alex Halderman for the plaintiffs in a federal court case seeking to block the use of Dominion machines in Georgia’s elections, argued that the machines are critically vulnerable to hacking. The other, paid for by Dominion, argued the identified vulnerabilities were practically unlikely, while Georgia officials say they are exaggerated and unrealistic.
But federal authorities have identified the same vulnerabilities, and more than 20 cybersecurity experts rushed to defend Halderman’s report this week. Some of the issues could be mitigated by upgrading the Dominion software, but Georgia officials say the upgrade is unrealistic — an enormous undertaking they won’t start until after the 2024 elections.
There is no evidence that hackers have attempted to exploit any of the identified vulnerabilities, or that any such hack has occurred in previous elections. But Georgia was at the center of election conspiracy theories advanced by President Donald Trump and his allies, many of whom singled out Dominion Voting Machines and claimed the election had been hacked. Fox News recently agreed to shell out $787 million to Dominion for advancing claims that Dominion voting machines had been rigged in the 2020 election.
Halderman was was given access to the voting machines by the federal judge in the case, and he argues in his report that the state’s ballot-marking devices are vulnerable to election fraud, including vote switching.
The warnings are stark, suggesting that Georgia’s voting machines could be manipulated by bad actors in mere minutes. Halderman argued that attackers could alter the QR codes on printed ballots, and install malware on individual voting machines “with only brief physical access.” They could attack the broader voting system if they have the same access as certain county-level election officials, his report said.
“My technical findings leave Georgia voters with greatly diminished grounds to be confident that the votes they cast on [the current Dominion ballot-marking devices] are secured, that their votes will be counted correctly, or that any future elections using Georgia’s [ballot-marking devices] will be reasonably secure from attack and produce correct results,” he wrote.
A second report, also unsealed by the judge, was authored by national security nonprofit MITRE. That group argued the hacks identified by Halderman were “operationally infeasible” based on normal voting practices, scale considerations, and adherence to strict security measures.
It’s a view shared by Georgia officials, who included the MITRE report in a press release that criticized Halderman’s report.
“The Halderman report was the result of a computer scientist having complete access to the Dominion equipment and software for three months in a laboratory environment. It identified risks that are theoretical and imaginary. Our security measures are real and mitigate all of them,” Georgia Secretary of State Brad Raffensperger wrote in a letter to state lawmakers, which Raffensperger’s office shared with NBC News.
He continued: “Is it possible for a team of bad actors to break into Georgia’s 2,700 voting precincts, install malware that changes election outcomes on 35,000 pieces of equipment, and sneak back out — all the while being undetected and leaving no trace? I’ll put it this way: It’s more likely that I could win the lottery without buying a ticket.”
Mike Hassinger, a spokesman for Raffensperger’s office, said Friday that responding to this report all day felt like he was “stuck in a Dumb and Dumber paradox,” referencing a character’s response to a one in a million likelihood: “So, you’re telling me there’s a chance?”