Most Read
Second Nexus © 2019
Kids at a Hacking Conference Just Exposed Serious Vulnerabilities In Our Election Systems
06 September 2018
At the DEFCON hacking conference in Las Vegas, kids aged 8-16 had the chance to hack into simulated US election systems — and they found it alarmingly quick and easy.
Emmett Brewer, an 11-year-old Texan, was able to access a duplicate of Florida’s state election website in under 10 minutes. Once inside, he changed the vote tallies in the site to award himself 239 billion votes in less than five minutes. An 11-year-old girl was able to perform the same hack in about 15 minutes.
<p><span style="font-weight: 400;">A 17-year-old from Washington went farther, using easily Googled shutdown commands to completely crash a midterm election simulation. All vote counts were lost, and the website presented an execution error. It took him 10 minutes. “</span><a href="https://www.politico.com/magazine/story/2018/08/21/i-just-hacked-a-state-election-17-not-a-good-hacker-219374"><span style="font-weight: 400;">And I’m not even a very good hacker</span></a><span style="font-weight: 400;">,” he said.</span></p><p><span style="font-weight: 400;">These election vulnerabilities were on show at DEFCON 26, an annual hacking conference in Las Vegas. This year, organizers launched the Voting Machine Village, and invited youth attendees to manipulate candidate names and vote totals in hardware and software used in several battleground states. About 50 kids participated in the Village, and they found plenty of vulnerabilities.</span></p><p><div data-conversation-spotlight=""></div></p><p><span style="font-weight: 400;">In the Diebold TSX machine,</span><a href="https://www.verifiedvoting.org/resources/voting-equipment/premier-diebold/accuvote-tsx/"> <span style="font-weight: 400;">widely deployed</span></a><span style="font-weight: 400;"> in hundreds of counties and cities nationwide (including the swing states of Pennsylvania, Ohio, Wisconsin and Virginia), hackers found SSL certificates that expired in 2013 which means each machine is subject to all vulnerabilities in that software cataloged in the past five years. One hacker was able to upload a Linux OS to a Diebold TSX and</span><a href="https://twitter.com/VotingVillageDC/status/1028103170864697345/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1028103170864697345&ref_url=https://www.pbs.org/newshour/nation/an-11-year-old-changed-election-results-on-a-replica-florida-state-website-in-under-10-minutes"> <span style="font-weight: 400;">then programmed</span></a><span style="font-weight: 400;"> the machine to play gifs and music.</span></p><p><span style="font-weight: 400;">The</span><a href="https://www.essvote.com/products/5/11/electronic-poll-books/expresspoll-5000%C2%AE/"> <span style="font-weight: 400;">Diebold Express Poll 5000</span></a><span style="font-weight: 400;"> was found to be even more vulnerable (</span><a href="https://www.inverse.com/article/34861-tj-horner-voting-machine-hack-defcon"><span style="font-weight: 400;">again</span></a><span style="font-weight: 400;">). That machine’s memory cards are easily accessible at the top of the machine, and another market-purchased card with alternative information and vote tallies can be inserted in its place. Switching the two cards can be done in less than five seconds. Once removed, the original cards can be accessed by a hacker to collect unencrypted supervisor passwords and voters’ personal data. Voter information gathered included home addresses, drivers’ license numbers, and the last four digits of Social Security Numbers. In the most embarrassing cases, the unencrypted password was “Password.” </span></p><p><span style="font-weight: 400;">All told, Voting Machine Village co-organizer Nico Sell said that more than 30 children were able to hack into other states’ website duplicates in half an hour or less. </span></p><p><span style="font-weight: 400;">“These are very accurate replicas of all of the sites,” Sell</span><a href="https://www.pbs.org/newshour/nation/an-11-year-old-changed-election-results-on-a-replica-florida-state-website-in-under-10-minutes"> <span style="font-weight: 400;">told the PBS NewsHour</span></a><span style="font-weight: 400;">. “These things should not be easy enough for an 8-year-old kid to hack within 30 minutes, it’s negligent for us as a society.”</span></p><p></p><p><span style="font-weight: 400;">In response to the event’s widespread publicity, the National Association of Secretaries of State (NASS) issued a statement re-confirming their states’ election security. </span></p><p><span style="font-weight: 400;">“While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results,” NASS said in a statement. They added that they welcome cooperation from the hacker community to eliminate any vulnerabilities.</span></p><p><span style="font-weight: 400;">The good news is that Brewer, the 11-year-old hacker from Texas,</span><a href="http://www.kcrg.com/content/news/11-year-old-hacks-mock-Florida-voting-website-wants-to-use-hacking-to-help-people-491209031.html"> <span style="font-weight: 400;">is on board</span></a><span style="font-weight: 400;"> with increasing voter security and confidence.</span></p><p><span style="font-weight: 400;">"I'm just trying to help the world," he said.</span></p>
Keep reading...
Show less