Voting-Machine Vendor Put Remote-Access Software on Systems Sold to U.S.

The nation’s top voting-machine maker has admitted installing remote-access software on election-management systems that it sold over a period of six years, in what one U.S. senator described as “the worst decision for security short of leaving ballot boxes on a Moscow street corner.” In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained by Motherboard, Election Systems and Software admitted that it had “provided pcAnywhere remote connection software… to a small number of customers between 2000 and 2006,” which was installed on the election-management system ES&S sold them. Election-management systems are not the voting terminals used to cast ballots: They stay in county election offices and contain software used to program the voting machines and count up final results from the voting machines. The remote-access software created an opportunity for hackers to breach the machines. Election-management systems and voting machines are supposed to be disconnected from the internet and from any other systems that are connected to the internet for security reasons. ES&S customers who had pcAnywhere installed also had modems on their election-management systems so ES&S technicians could dial into the systems and use the software to troubleshoot.