Hacked - Special: Hacking an Election
Episode Date: November 8, 2016We explore the concept of hacking an election. Jordan tells stories and interprets the nerdiness of Scott. Learn more about your ad choices. Visit podcastchoices.com/adchoices...
Transcript
Discussion (0)
Russia, if you're listening, I hope you're able to find the 30,000 emails that are missing.
I think you will probably be rewarded mightily by our press.
So when people talk about hacking an election, they tend to talk about voting machines.
And those are a real problem.
43 American states use digital machines that are over a decade old,
and in terms of cybersecurity, that's just not okay.
But when it comes to hacking an election, it's not just hacking machines you have to worry about.
It's hacking people.
For example.
In April of last year, the French television network TV5 piped terrorist propaganda into the homes of its 256 million viewers.
During an 18-hour period, the largest French-language news network in the world broadcast a black screen with a message written by ISIS.
So why you might be asking, in the world, would anyone give 18 hours free airtime to a terrorist organization?
And the answer is no one. TV5 was hacked by a group calling themselves the cyber caliphate.
ISIS had never really dabbled in cybercrime on this scale before, and now everyone was realizing that they were this entirely new kind of threat.
But in the weeks following, researchers into the attack began to notice discrepancies in this narrative.
The government had tasked 15 investigators with learning more about the cyber caliphate,
and during their research, they found that while much of the groundwork for the hack was laid from IP actresses all over the world,
the code was almost entirely written on a keyboard layout corresponding with the Cyrillic alphabet used most commonly in Russia.
They noticed patterns in the hours during which the hackers worked based on time zones.
It would seem they were working in Moscow.
This is all a very roundabout way of getting to the larger point that now French authorities officially believe that the hack came from a group with close ties to the Kremlin.
In a country with a complicated relationship with the Muslim world,
millions of eyes watched as the purest expression of their fear unfolded on live television.
France was the victim of this cyber attack by radical Muslim extremists.
except they weren't.
Probably they were tricked,
which was the whole point.
I mentioned this in the context of elections
because in the days leading up to the 2015 UK election,
the GCHQ, which is Britain's NSA,
thwarted a very, very similar attack,
an attack the night before an election
that would have had people going to the polls
thinking they were at war with one group
and not finding out that they had been deceived
until after their vote was cast.
When we talk about hacking an election,
and we're not just talking about hacking machines.
We're talking about hacking people.
We're talking about making people think the world is one way,
when really it's another.
So when the guy who says that Russia should leak their opponent's email
also says that...
November 8th, we better be careful because that election's going to be rigged.
You're going to want to ask some follow-up questions.
My name is Jordan Blumen.
And I'm Scott Weinder.
And this is How to Hack an Election on this episode of Hacked.
There's been a lot of talk of rigged elections, and I think the number one thing that jumps in everybody's mind is vote rigging, because vote rigging is the tangible action that leads to the outcome.
And so whenever somebody talks about hacking an election, they talk about vote rigging.
Or at least I think your mind naturally jumps there.
Sure, I picture someone unscrewing a panel on the back of a voting machine and plugging something in, and suddenly your vote doesn't count the way you think it's going to.
Yeah, which is apparently plausible.
and also has been done in lab environments.
So, you know.
Sure.
But I imagine that would be tough to do on a mass scale, though.
Yeah, yeah.
So I think there's, like, there's an interesting thing
and something that you and I have discussed a lot
is that, you know, there's kind of three pillars
to the hacking world and there's the, you know,
the social, you know, the interpersonal aspect making people
what, you know, social sentiment and public sentiment is.
And there's like the digital, which is, you know,
the email hacks and the software side.
And then there's the physical, which is like, you know, your machinery and your environments
and all the rest of it.
So I think that rigging the voting machines is definitely in the digital paradigm and could
quite well be plausible.
But, you know.
You're more concerned with the social.
Yeah.
Yeah.
I think to actually hack the voting machines, you know, just given the way that the United
States runs elections, when Donald Trump says.
that the elections are rigged.
I agree with him,
but I actually think that they're rigged against Hillary
because it seems like there's a lot more foul play going on
in the physical and social space against Hillary.
Does that make sense?
So when Donald Trump stands up and says,
the elections are rigged against me,
he's insinuating one socially
that the media is not.
covering him positively, but he's also insinuating that there could be election tampering
in the digital sense or in the voting sense or in the actual execution of the election.
And just the way that the independent bodies run an election in the United States makes that,
you know, I'm not going to say virtually impossible, but to do anything on any kind of large scale
would make it very, very, very challenging.
Yeah, the term voter fraud keeps coming up.
And I feel like in a lot of people's minds, that's tangled up with a sense of, well, we're doing digital voting.
And I keep hearing that term voter fraud. It's really easy to put those two things together.
Yeah, very easily.
And it's maybe misrepresenting what the actual threat of hacking an election is.
Yeah, very much so, I think. I'm not going to say that there isn't voter fraud. Actually, there's proven cases of it. It's just so minor.
And, you know, there's always this hypothetical that, like, when I push the HRC or the Donald
Trump button on the voting machine, it actually registers as the opposition candidate or some
statistical anomaly that will not get caught registers. That stuff can totally happen, but it's just
you would assume, and I don't have any real deep knowledge of it, but you would assume that there's a
significant set of checksums and checks and balances behind the scenes to make sure that doesn't happen.
So if you wanted to get around those checks and balances, how would you do that?
do it. I really have no idea. I can hypothesize at how they could be vulnerable, but only somebody
that knows the code that drives them and the architecture of the infrastructure that powers them
would have a better understanding. But I assume they have network connectivity. So they must
talk to a home base or to a regional server that then aggregates the data and ships it up.
So they have to have some form of network connectivity, which makes them inherently vulnerable.
I'm assuming that that network connectivity has layers of encryption, layers of checks and balances,
layers of identity verification to make sure that the servers are what they are
and that people can't listen in on the communications.
Because even if I was able to listen in on the communication and see the length,
language it was talking, I might be able to reverse engineer my own Raspberry Pi voting machine
that I can drop into a network at a voting booth without anybody knowing that shoots data.
So, you know, the physical access to the machines would be a big thing.
So there would be, because they are a physical thing that requires, you know, digital infrastructure,
they will be vulnerable.
And it's not just the reprogramming the firmware in them
to have them record every 42nd red vote blue or blue vote red.
It would be more about figuring out how they talk,
figuring out when they talk, why they talk,
what the checks and balances are,
can we trick the checks and balances?
You know, there'd be so many games.
It would be, I would love to have one
and get to like bug bound.
it. Like, it would be so much fun.
Because I guarantee
it's got a vulnerability,
and it would be great to get to play
with one to see. So if you're listening,
voting booth designers,
once the election's done, Jordan and I will
happily have one and make an entire episode
about us tearing it apart and seeing if we can
find a bug in it. Think about
the last time you heard a breach story
on this show. It always starts the same way.
Someone, somewhere,
saw something too late, an alert
buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground
up for a world where attackers are already using AI.
They created the Aurora superintelligence platform, a fully agentic system powered by the swarm
of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic
agents that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything
trustworthy, and all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events
every week and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora agent SOC.
It's the first SCC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally
buries human analysts. Arctic Wolf didn't try and bolt AI onto an old model. They rebuilt the
model entirely. What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven decision
reflects your environment instead of generic assumptions. The automation frees your concierge security
team to focus on higher value strategy and proactive risk reductions while the agents handle the grind.
If you want to see what trustworthy, production-ready AI insecurity operations actually looks like,
go to arcticwolf.com slash hacked.
Something that not a lot of people know is that Jordan and I actually both work in advertising now.
And the common kind of saying is that there's only two emotions that matter.
It's hope and fear.
If you want to make somebody do something, you need to make them believe that what
they're doing is for the good and make them hope in a better tomorrow or make them fearful
of a worse tomorrow.
You know, the intro story about hacking French media and playing, you know, these scary commercials
that scare us to our core and make us fearful are super, super effective at making us change
our actions, change our attitudes, change how we believe and how we think.
and that's just what's going on.
And it's not just one side of.
And this is, you know, what we would call hacking an election.
I think political strategists would call good work.
So at that point, if engaging in behavior that a lot of people would call hacking an election is just good political strategy, how do you hack an election?
If you want to take it one step further, if you want to pull at the seams of something until it works the way you want.
it to, how do you do that in a world where everyone's already playing that game?
You start breaking bigger, badder laws.
Stealing emails, violating privacy.
These are people who already have zero privacy.
Like, as Secretary of State, every single one of her emails is public record, essentially.
So she had a personal email account so that people couldn't read her public email.
that's not illegal.
Like 18 other serious politicians have come out saying that they also have that because they don't want their personal communications on the record.
And that's, I think, once you go into office, you should still be allowed to have some privacy.
But that same thing is what's costing people, or like what's costing them today is like it's like,
It's like if there is no more lines that you're not willing to step over,
if you're willing to put a camera inside someone's home
or record their confidential conversations
and then air them on public TV
and CNN will air them on public TV,
is that good political strategy? Probably.
Is it illegal? Absolutely.
And that's really where we're at today,
is that the social side of this is being manipulated
and has been for 100 years.
Like, this is not new.
It's just that given the new,
era of the cyber age, we have new ways to violate people's privacy.
So this literally just come down to the fact that we just generate so much more content
in 2016 than we did in 1992, that there's a lot more stuff that can be kind of thrown out
into the limelight? Sure, yeah, on the record content for sure. Like, just think about, like,
think about if every note you passed in junior high was documented, recorded, synced to the cloud,
and searchable by the NSA.
Like, imagine if your diary was a public blog now.
You know, we're removing the barriers to our privacy
as much as anyone else is,
but at the same time is that we're still putting
a ton of our confidential information
and private data into domains
where it can be accessed by hackers.
And I think that's really the thesis of what's going on in the social manipulation here is everything that's happening is a violation of privacy.
And it is social manipulation.
It's social engineering of the election.
But it's all coming from, you know, cybercrime.
There's no way that John Podesteg handed out his emails.
He might have.
And some trolls speculate he did.
In the case of Podesta, his emails weren't just vulnerable.
They were actually leaked.
How do you think that happened?
Oh, I think they probably...
My gut instinct is that he got fished.
What is fishing?
What is fishing?
Fishing is getting somebody to give you their information without them
knowing that they're not giving it to the right person.
Does that make sense?
Yeah, I think so.
So I masquerade as Google.
So, like, I think John Podesta had a Gmail account.
I'm not sure I haven't looked at this still in emails, but I'm pretty sure it was Gmail.
Never feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turned defenses on their head.
Organizations around the world saw headlines they never expected and cybersecurity teams were tested like never before.
But here's the thing.
These incidents aren't just news.
headlines. They're learning opportunities. And that's why Arctic Wolf is hosting a live webinar
on February 5th diving to the most impactful breaches of 2025. Their field CTO and security leaders
are going to unpack not just what happened, but why these attacks succeeded. And most importantly,
what businesses can do to fortify their defenses for it's too late. You're going to walk away with
real insights in how threat actors are evolving, how defenders are responding, and what strategies
can help you stay ahead of the next big breach. It's not fearmongering. It's practical, actionable,
intelligence from experts in the trenches.
Register now at arcticwolf.com slash hacked.
So I make an email look like it's coming from Gmail.
It says, hey, sir, we've noticed some suspicious activity on your account.
Click here to verify your personal settings.
It opens up a new window that says,
oh, we actually need you to log into your account.
you know, these are advanced recovery options that require you to authenticate into them.
He types in his email address and password.
We present him with a message that says his email account actually looks okay, thanks for checking.
He goes off on his merry way.
We now have his email address and password.
That's phishing.
So you can then log in, you can download all the emails, and then you could leak them out to the world,
which is exactly what happened.
Precisely.
Not precisely.
Potentially.
Hypothetically.
Hypothetically.
But that's not what happened to Hillary.
Nobody knows what happened to Hillary.
It seems to be wrapped in a constant error of suspicion.
Her emails have not been leaked.
But there's a lot of insinuation by people like Kim.com and the FBI even or a lot of the Reddit troll world.
Sorry, please don't hate us.
that is insinuating that someone is in possession of all of Hillary's emails
and they will be coming and that Julian Assange is about to leak them.
It's always like it's about to happen and it hasn't happened yet.
So I'm not sure if they actually do exist.
In your, like just your personal opinion,
if you were trying to hack an election,
do you think it's more effective to reveal secrets
or is it more effective to manufacture suspicion?
Depends how dirty the secrets are.
you know if it's you know if i go into jordan bloomman's personal email at box and find out that he
is living a shadow life and that shadow life is not one that will be accepted by the masses
is revealing that secret more powerful than creating a suspicion and i would say yes and so
that's just it is you know there's enough suspicion
around both Hillary and Donald, that revealing any secrets, even political strategy,
like the stuff that people have pointed at in Podesta's emails and been like, oh my God,
this proves this, is just basic communication strategy.
Like, it's nothing bad.
But the thing is, is that when taken out of context and looked at in a specific lens,
of course it looks bad because it's manipulating the public.
That is what advertising is.
That is what political strategists do.
That is what happens to you every time you watch a campaign ad.
Every time you listen to a speech, every time you watch the debate,
they've focused group, they've tested,
and they're manipulating you into believing and feeling fear or hope.
And, yeah, I don't even know where I'm going, but it's just the system.
We actually finished recording this episode today on November 7th because we wanted to get it out there before Election Day.
It should be launching tonight, meaning that most of you are going to be listening to this on November 8th, the day that you're hopefully voting.
We, Scott and I don't live in the U.S.
We're Canadian.
We are weighing in an election that is not ours.
And while some personal political leanings definitely leaked in the episode, I hope we kept it even-handed enough that even if you got the vibe you might disagree with one of us,
politically, there's still something meaningful for you in the discussion of what it means to hack an election in 2016.
Now, you guys have been dealing with a really, really, really intense super partisan election, and I think that there's still room for discourse between people that disagree on stuff.
And hopefully this was a cool way into a topic that, you know, affects everybody, regardless of your political leanings.
Everyone wants democracy to work properly.
And it's important to talk about what it looks like when that fails.
We've been gone for a really, really long time for a bunch of reasons.
The first is that we're bad at podcasting, but we're trying to get better.
And the second is that we've been working on a bunch of stuff for fans of hack that if it goes through
is going to mean that we get to tell way, way bigger stories for a much bigger audience.
I'm not going to say what, I won't go into it, but fingers crossed, we get to do it.
And hopefully it makes the giant absence make sense and be worth it.
A lot of people have written us with really, really kind words about the show.
But we've definitely heard your comments up with the giant gaps between episodes.
Right now, we're sitting on two already recorded, totally finished intro stories for two upcoming episodes.
More around the way.
The really cool topics, much more traditional hacked episodes than this one.
If this is your first time listening, we recommend jumping back an episode to get a better sense of what the show actually is.
I want to give a really big shout out to everyone who is stuck with hacked through this giant radio silence.
I promise you we've got some really cool stories from the world of hacking coming soon.
I hope you will stick around.
My name is Jordan Blumen.
And I'm Scott Weinder.
And this has been hacking and a lot of.
on this episode of Hacked.