If you see an alarming post on Twitter or Facebook claiming that a voting machine was hacked on Election Day, take a deep breath.
US officials are expecting a wave of disinformation on social media as foreign actors seek to sow distrust in the electoral process. That includes lying about voting machines, which Russian trolls did during the 2016 presidential election.
Social media platforms have become a hotbed of disinformation leading up to Tuesday’s midterm elections, with hoaxes touching on issues like immigration and voting. In the case of hoaxes about hacked voting machines, the goal is to discourage people from even showing up on Election Day.
“As we saw in 2016, foreign adversaries may be looking to amplify alleged voting problems to further divide us and diminish confidence in our elections,” said David Becker, executive director of the Center for Election Innovation and Research.
It’s easy to believe that a voting machine could be hacked. Security researchers at the hacking conference Defcon found that many are outdated and vulnerable to cyberattacks, and half of the US is using voting machines with a known vulnerability.
But keep this in mind: The existence of a vulnerability doesn’t mean the machines have actually been hacked.
Viral videos have purported to show “hacked” machines — but the problems turned out to be a software error or human mistake. In late October, for instance, voters in Texas complained that their machines were switching their votes, but it was because of a software bug.
On Election Day in 2016, a Russian Twitter account received more than 29,000 retweets for a video claiming that a voting machine was broken, even though the reality was that the person in the video was just using the machine the wrong way.
Those short videos don’t show that kind of nuance, but they are great for foreign actors to parade on social media to discourage voting. Secretary of Homeland Security Kirstjen Nielsen noted that disinformation on social media is more of an issue for her than the possibility of machines getting hacked.
“My biggest concern is that a foreign entity will take the opportunity after the election, or the night of the election, to attempt to sow discord through social media by suggesting that something’s not working as it should in a particular area,” Nielsen said Friday.
Here’s something that should be a red flag for you: someone claiming a machine has been hacked but not providing any evidence.
If you didn’t believe it when disgraced politician Anthony Weiner said a hacker posted his lewd photos to Twitter or when NBA star Kevin Durant said he was hacked after he tweeted a smoking selfie, you shouldn’t immediately trust posts about hacked voting machines, either.
If you see a post claiming there’s been a voting machine hack, the first thing you should look for is evidence. A video showing a machine malfunctioning should not be enough to convince people that there’s been a cyberattack.
“That could easily be attributed to a touchscreen error,” said Jake Williams, founder of Rendition Security. Proper evidence would only come after a qualified security firm or researcher performs a forensic analysis on the voting machine and the computers used to count the votes, he added.
Look to see if an election official has confirmed any details about a cyberattack. Also keep in mind that a cyberattack can take a long time to verify and attribute.
When Brian Kemp — Georgia’s secretary of state and a candidate for governor — accused the Obama administration of attempting to hack into the state’s computers, it took more than six months for investigators to prove him wrong.
Kemp made another accusation on Sunday against the Georgia Democratic party, alleging it attempted to hack the state’s voter registration system, again without any evidence.
“It’s important to remember that just because a device is shown to be vulnerable to a particular attack, that doesn’t mean that the device will be hacked,” Williams said. “Most attacks against e-voting machines require specific conditions to be successful, and those conditions may or may not be available to a potential attack.”
US officials know about voting machines with security flaws but aren’t as concerned about hacked hardware as they are about disinformation.
“At this time we have no indication of compromise of our nation’s election infrastructure that would prevent voting, change vote counts, or disrupt the ability to tally votes,” said a joint statement Monday night from Nielsen, Attorney General Jeff Sessions, Director of National Intelligence Dan Coats and FBI Director Christopher Wray. “But Americans should be aware that foreign actors – and Russia in particular – continue to try to influence public sentiment and voter perceptions through actions intended to sow discord.”
On the propaganda front, foreign adversaries know they don’t have to actually hack a machine for people to lose trust.
Around Election Day in 2016, Russian operatives from the Internet Research Agency tweeted about hacked voting machines more than 100 times, and also using the hashtag “#RiggedElection” 61 times. There’s no evidence of any machines that were hacked during the 2016 presidential election.
These disinformation campaigns have shown that it’s easy to spread lies about a cyberattack on social media. But you should remain skeptical of what you’re seeing. Voting machines are vulnerable and in dire need of updates, but until you see solid evidence of a cyberattack, it could also just be a glitch.
“Even if you have concerns about the e-voting machines, you should still vote,” Williams said.
Election security: Everything you need to know about election security in the 2018 US midterms.
: No, blockchain isn’t the answer to our voting system woes.