11-Year-Old Hacks A State Election Replica Website In Under 10 Minutes At DEFCON
At DEFCON 26, the world’s largest hacking convention that recently took place in Las Vegas, an 11-year-old boy managed to hack a replica of the Florida state election website and change voting results in less than 10 minutes. Organizers of the event said that at least 30 children were able to hack similar replica websites in under a half hour, including an 11-year-old girl who completed the job in just under 15 minutes. One of the attractions of the event was the “DEFCON Voting Machine Hacking Village,” which allowed kids as young as 8 to take a shot at stealing a simulated election.
Nico Sell, co-founder of the non-profit r00tz Asylum, told the PBS NewsHour that these kids were able to hack sites that were exactly like those used for official elections in the United States. “These are very accurate replicas of all of the sites. These things should not be easy enough for an 8-year-old kid to hack within 30 minutes, it’s negligent for us as a society,” Sell says. Sell said that when they first tried a similar challenge last year, adult hackers were able to crack the websites in under five minutes. “So this year we decided to bring the voting village to the kids as well,” she said.
However, the government is not ready to admit that they are using such vulnerable technology to conduct their elections. The National Association of Secretaries of State issued a statement saying that they were “ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections.”
However, they also claimed that it is not possible to replicate an actual government election website.
“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols. While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote-counting equipment and could never change actual election results,”’ the statement read.
In other words, they claim that they will still be able to retain the actual results, even if a legitimate election website happens to be tampered with. Sell pointed out that the response from election officials shows that they either don’t understand or don’t care about the chaos that can be caused by false election results being published, even if they are corrected after the fact.
“To me, that statement says that the secretaries of states are not taking this seriously. Although it’s not the real voting results it’s the results that get released to the public. And that could cause complete chaos. The site may be a replica but the vulnerabilities that these kids were exploiting were not replicas, they’re the real thing. I think the general public does not understand how large a threat this is, and how serious a situation that we’re in right now with our democracy,” she said.
Furthermore, Matt Blaze, a professor at the University of Pennsylvania and one of the organizers of the “hacking village,” said that these replica websites were actually designed to be more difficult to hack than the official government sites. “It’s not surprising that these precocious, bright kids would be able to do it because the websites that are on the internet are vulnerable, we know they are vulnerable. What was interesting is just how utterly quickly they were able to do it,” he said.
Adult hackers were also able to break into actual voting machines during the convention. It has long been an open secret that election websites and even voting machines are extremely vulnerable to hacking.
In fact, a study at the Argonne National Laboratory in Illinois developed a hack to manipulate voting machines just before the 2012 elections. The researchers who developed the hack were actually able to hijack a Diebold Accuvote TS electronic voting machine, one of the most popular voting systems at the time.
Two of the lead researchers in the study were able to demonstrate a number of different ways that voting machines could be hacked. They used a $1.29 microprocessor and a circuit board that costs about $8, along with a $15 remote control.
They demonstrated that the cheap hack worked from over a half-mile away. “When the voter hits the ‘vote now’ button to register his votes, we can blank the screen and then go back and vote differently and the voter will be unaware that this has happened. Spend an extra four bucks and get a better lock, you don’t have to have state-of-the-art security, but you can do some things where it takes at least a little bit of skill to get in,” Johnson said. As far as how easy the hack is, Johnson told Popsci that “I’ve been to high school science fairs where the kids had more sophisticated microprocessor projects.”
Curated for #informationwar (by @commonlaw)
Our purpose is to encourage posts discussing Information War, Propaganda, Disinformation and other false narratives. We currently have over 7,500 Steem Power and 20+ people following the curation trail to support our mission.
Join our discord and chat with 200+ fellow Informationwar Activists.
Join our brand new reddit! and start sharing your Steemit posts directly to The_IW!
Connect with fellow Informationwar writers in our Roll Call! InformationWar - Contributing Writers/Supporters: Roll Call Pt 11
Ways you can help the @informationwar
I am really shocked how the kids are able to these complex things.
I sat here, at my desk, with my a completely dumbfounded look on my face. How is that kids can crack these sites? Now the article states they did not get into the actual voting systems, but they were able to change what the public and media can see. Just like the Kobach case, change what people see, and then say ooppps, my bad. The goal is not to change the results, but to change the perception of what can and cannot be trusted. This is mind boggling.
To listen to the audio version of this article click on the play image.
Brought to you by @tts. If you find it useful please consider upvoting this reply.
How i can attach audio like this in my post ?
Its really scary to realize that this voting machines are so vulnerable. Starting in Florida and Diebold enterprise (company related with Spain as well, after Bush jr. won the presidentials, they managed to change every ATM in Spain with a strange gob-arrangement), and continued now in Argentine. Recently, the neo-lib administration tried to put the debate on the table again... I hope they no succeed! Thanks for sharing, and sorry for my english
vicious, brutal reality, lol.
Not saying there's not a problem here but hacking a website on which election results are published is far different than hacking voting machines to change actual results.
indeed, that requires $26 dollars worth of components from Radio Shack and Radio Shack no longer exists.
But you also need physical access. Even paper ballets can be hacked with physical access. But it's not something any random hacker on the internet can do from their bedroom.
still though, imagine if the wrong election results were picked up by a news agency and went viral, then the government had to come back around and say that the results were wrong..it would create a shitstorm, to say the least
Maybe. But it's not like similar things haven't happened before. Remember when the election was called for Al Gore...and then Bush...and then too close to call...and then Bush? And that was without any hacking... Officials would be aware of actual election results regardless of what was on an informational public web page so I don't think there is much risk in that regard.
Exactly, this is not about changing the 'votes' it is about being able to change and further undermine the public's degree of trust concerning both the Candidates and the News.
just imagine...
not for the radio shack hack, you can do it from across the street from the polling place and it leaves no traces. Any random hacker can get the plans to make the device off the internet.
The voting machines I've used you have to fill in bubbles on paper which are then scanned so there is still paper as a backup. I don't know how all the other states work but I think it's pretty dumb not to have a paper backup.
indeed, that's how I vote as well, those machines are fairly secure too, in other places there is no paper record of a vote. That is pretty stupid, we are lucky that in real life few people are that interested in hacking voting machines illegally. It's the same thing that keeps us safe from mad bombers and people flying planes into things, it's super easy to do those things but there really are not many people who want to and that is what keeps us safe most of the time.
Plus the fact that, at least in most cases, it would take a coordinated attack of many voting machines to actually make a difference. Such a thing would probably be noticed. But yeah, having a paper backup is definitely the way to go.
luckily, we do have an army of elderly people watching our polls. paper ballots seem like the way to go.
was anyone still under the impression that these systems were secure?
But if people don't know who others voted for how will they know who to vote for? ;)
This is about creating distrust and paranoia. People who will get in there will sow distrust of the governmental official pages. If I were anyone in state government, I would be hardening these pages. This is as bad as buying votes.
I don't think the hacker kids want to create distrust and paranoia, just perhaps to highlight a vulnerability.
No it has nothing to do with the kids.
did you read the article?
The only hope they got now is the blockchain.