In the US, vote-counting systems utilized in government elections contained a security flaw which could have been exploited to influence election results.
The systems, which were sold by Elections Systems and Software (ES&S), contained remote access software and were being sold during the 2000-2006 period, some machines were still being used even in 2011.
Election-counting systems are not voting terminals – they are in election offices, and are used in some counties to program all the voting machines. Those systems also calculate and output final results from votin terminals.
In a report by Motherboard, in a letter sent to Senator Ron Wyden D-Oregon, which became public on July 17 2018, the firm confirmed that it had “provided pcAnywhere remote connection software to a small number of customers between 2000 and 2006.” The article goes onto say that initially in February 2018, ES&S had denied introducing the product on any of its election systems it sold and stated: “None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software.” The ES&S’s machines were utilized in various states and no less than 60% of the whole election results were counted on those same systems.
This news comes close by the proceeding with examinations concerning suspected Russian interfering in the 2016 US presidential race.
In 2006, hackers stole the source code for the pcAnywhere program, which wasn’t made public until 2012 when a hacker posted a portion of the code on the web. This made Symantec, the wholesaler of the product, to confirm that it had been stolen. Specialists at Rapid7 durin their research found aout that 150,000 online computers were literally configured to enable direct access to hackers.
Alarmingly, pcAnywhere was still being used during 2011 by Venango County, Pennsylvania, and it has not been evident whether the security flaws were updated or if there could have been more vulnerabilities.