Little Rascals Hack Voting Machines Like A Bunch Of Crazy Ivans
While most people spent this weekend telling Nazi punks to fuck off, a couple 11-year-olds were in Las Vegas hacking into voting machines. Why? BECAUSE IT'S FUN!
As part of DEFCON 26, the world's largest annual hacking convention, the second Voting Machine Hacking Village was set up to encourage people of all ages to void warranties on some the most common voting machines that will be used in the 2018 election. The idea isn't so much about breaking stuff as it is fixing things -- hunting down software bugs and searching for security holes so researchers and election officials know where their vulnerabilities are, and how to patch them. It's also a chance for geeks to shame the ignorant legislators and officials who keep saying, "All is well!"
Perhaps the most notable headline was when an 11-year-old was able to gain access and control of a replica of the Florida Secretary of State website in 10 minutes using a common software exploit. Part of r00tz Asylum, a non-profit that teaches kids how to tinker with machines, more than 30 kids between the ages of 8-16 were able to use a combination of software and social engineering to modify election results, change party names, vote totals, even adding and changing candidate names to things like "Kim Jong Un," "Bob Da Builder" and "Richard Nixon's Head." Kids do the darndest things!
Though rugrats cracking into state election websites and goofing off was what grabbed the most attention, adults were busy causing an endless series of catastrofucks by hacking 13 of the most common voting machines people in 18 states will use this fall. Some of the nightmares found this year include:
The largest maker of voting machines, ES&S ( formerly Diebold), pushed back against charges that its machines are pitiful lumps of electronic trash in a statement that essentially says they expected HACKERS to break into their machines, but argued most people wouldn't do that because it's a violation of licensing agreements. They then pointed out how there's no security verification at DEFCON, so any 'ol Ivan could just waltz right into Caesar's Palace and get a master class in cyber-fuckery. In an effort to ensure that people don't lose faith in our elections, the National Association of Secretaries of State called DEFCON a "pseudo environment" that doesn't accurately replicate the security measures in place during actual elections. Leslie Reynolds, executive director of the NASS, scoffed at the WSJ and said, "Anybody could break into anything if you put it in the middle of a floor and gave them unlimited access and unlimited time."
At @defcon hacking conference and just learned how easy it is to physically gain admin access on a voting machine t… https://t.co/JwxwV6uZBC— Rachel Tobac (@Rachel Tobac)1534033649.0
Reynolds is right about one thing: the security in place at DEFCON certainly is different, in that it's arguably some of the best in the world. People relish the opportunity to break into unsecure systems, including hotels, restaurants, and personal devices, and cause some light havoc. There's even a giant wall of shame at the front of the convention that shows the names and IP addresses of people using unencrypted devices at the world's biggest hacker convention. Surely state officials and geriatric volunteers at polling stations will be enough to deter the most angst-ridden teenagers on election day.
A number of state election and cyber security officials in attendance noted that they simply need more money. They stressed that Congress has been pinching pennies while US adversaries relentlessly engage in multifaceted campaigns of information and cyber warfare. Alex Padilla, California's secretary of state, complained to Wired that the $380 million Congress reluctantly allocated to states for election security was "hanging chad money." Jeanette Manfra, the top DHS cybersecurity official, said state election officials have to "do a lot with not a lot of resources, and now they're on the front lines trying to deal with a lot of these issues. They can't do it alone."
Republicans in Congress
may be loath to do anything that might jeopardize their power, let alone admit there is a problem, but you can take solace in the fact over a dozen battleground states have election systems that are so fucked that even a child could break in and elect "Richard Nixon's Head" for governor.
- Republicans Won't Fund Election Security Because It's Not Like ... ›
- Russia Hacking Electric Utility Computers Now, Not That It's ... ›
- In Total Coincidence, Georgia Destroys Election Data Days After ... ›
- Hackers Are Holding All The Voter Rolls In California Hostage ... ›
- FBI Sucker Punches Russian Hackers, Steals Their Lunch Money ... ›