“Earlier this year, I attended a conference and was shocked to find that you could actually buy voting machines on eBay. So I bought one, two months ago, and have been able to open it up and look at the chips.”
Beatrice Atobatele is making an attempt to hack one of the generally used voting machines within the US, to search for safety vulnerabilities, however not with any felony intentions.
Beatrice is definitely one in every of greater than 200 individuals who have signed as much as a volunteer group of safety consultants and hackers known as the Election Cyber Surge.
And by understanding how this machine works, she hopes she will be able to guarantee any vulnerabilities are mounted.
“I’ve bypassed the authentication itself,” she says.
“I’m still learning and trying to find any new vulnerabilities that might not be known about yet.”
The downside with US elections, Beatrice and others say, is how disjointed they’re.
Most estimates counsel there are about 8,000 separate election jurisdictions.
The tools and voting strategies fluctuate dramatically.
And each step of the method is susceptible to hackers and human error.
In the polling sales space, there are various totally different programs, from direct-recording digital voting machines to ballot-marking units and paper-based programs.
And the extra digitised and linked a system is, the upper the chance of some form of cyber-interference.
Like all of the volunteers, Beatrice’s analysis is performed exterior of her day job.
And as a eager footballer, and mom to 2 soccer-obsessed daughters in New York City, she has to suit the volunteering round a busy schedule.
She did not plan to get into cyber-security in any respect.
But 17 years in the past, she misplaced greater than $1,000 (£775) after hackers used her account to purchase 5 pairs of Nike trainers.
It spurred her on to a brand new profession path.
And she is now a safety specialist for state and native authorities.
Despite the stress she’s underneath, Beatrice is determined to assist the election run easily.
“Every vote cast should count,” she says.
“The thing that I’m worried about is some sort of ransomware attack on these machines on the day, which would stop people from voting.
“That’s my worst-case situation.”
A ransomware attack is when hackers take over a computer system or encrypt data until the victims have paid a ransom.
Beatrice and the rest of the Election Cyber Surge group are aware time is running out.
By now, it’s too late to update physical voting equipment.
But she is still searching for critical software flaws and offering to help election officials better understand their machines and any potential problems.
The group is being led by the University of Chicago’s Cyber Policy Institute, trying to “open up a line of communication between election officers and a community of volunteers for direct communication about cyber-security issues” main as much as the three November vote.
Hackers from all over the US have signed up to help secure the election or deal with any attacks that could derail an already fraught process.
“It’s not simply voting machines on polling day that could possibly be susceptible to cyber-attack,” Christopher Budd, another volunteer from Washington state, says.
“With my hacker hat on, going after the registration lists being compiled proper now throughout the US can be a good way to disrupt an election.
“If I’m not registered or if my registration record is altered in some way, even if the voting system is completely secure, my vote might not count.”
And once more, the disjointed nature of the electoral system provides danger.
The safety and even the precise construction of voter-registration databases fluctuate.
And an FBI alert within the lead-up to the 2016 election warned international actors had gained entry to a few of these databases.
With the added complication this time of election officers distant working, and making an attempt to plan round Covid-19 restrictions, Christopher is apprehensive:
“I all the time attempt to de-escalate issues in my job
“But there is no doubt that there are heightened threats on this election.
“Everyone is focused on the vulnerability of this election.
“I’m keen to offer no matter time is important to assist out.”
Christopher’s expertise is in crisis communication and management.
As a consultant, he deals with cyber-attacks that bring large corporations to their knees.
He handles everything from panicking chief executives to angry IT managers, from his rural home office overlooking the woods.
And when he has to pull all-nighters, the only company he has are the local deer peering into his window, wondering what the fuss is about.
Over his 20 years of experience, Christopher has developed a secret weapon for when things truly hit the fan.
“I’m an enormous classical music fan,” he says.
“When I really want to focus and work quick, there’s just one place I flip to – Symphony No three by Camille Saint-Saëns.”
Christopher hopes he will not need to “crank out the Camille” in the next month – but he’s ready.
The group is also putting a huge amount of effort into data protection.
The last US and UK elections were hit by high-profile “hack and leak” operations.
In 2016, email accounts of the Democratic National Committee and some top Democrats were hacked and then leaked.
And in the 2019 UK general election, documents on UK-US trade talks were stolen from an MP’s email account and leaked online.
Jason Kirkland specialises in defending “finish factors” – computers and phones.
But he is less concerned about highly sophisticated zero-day attacks than more basic techniques.
“I do not assume we’ll see attackers burn via treasured zero days after they can get into essential networks with far simpler strategies,” he says.
“It’s most likely going to be issues like malicious software program that will get in via on a regular basis workplace functions which can be actually going to be the menace.
“I need to assist folks get the fundamentals proper.
“For instance, do not obtain unhealthy recordsdata or click on on malicious hyperlinks.”
US and UK safety companies publicly blamed Russian hackers for the “hack and leak” operations and numerous other disinformation campaigns to sway voters and sow discord on social media.
Russia denies the accusation.
And other countries are also being blamed for cyber-activities that harm democracy.
Earlier this week, Twitter removed about 130 accounts linked to Iran it said had been trying to disrupt the public conversation during the first presidential debate.
Disinformation campaigns are a major concern the volunteer hackers say they won’t have time or capacity to deal with.
But Jason is committed to helping keep the bad guys out as best he can.
Before he got into hacking and cyber-security, he was a dispatcher for local state troopers.
And his time in law enforcement is what compelled him to become involved.
“I’m positively a rule-follower,” he says.
“And my spouse teases me about it on a regular basis.
“But guidelines and legal guidelines are crucial.
“And we have to uphold these issues.
“I really feel an uneasiness proper now.
“Election officers have a lot coming at them.
“So I’m really hoping I can help.”