11-Year-Old Hacks A State Election Replica Website In Under 10 Minutes At DEFCON

in #news6 years ago

 At DEFCON 26, the world’s largest hacking convention that recently  took place in Las Vegas, an 11-year-old boy managed to hack a replica of  the Florida state election website and change voting results in less  than 10 minutes. Organizers of the event said that at least 30 children  were able to hack similar replica websites in under a half hour,  including an 11-year-old girl who completed the job in just under 15  minutes. One of the attractions of the event was the “DEFCON Voting Machine  Hacking Village,” which allowed kids as young as 8 to take a shot at  stealing a simulated election. 

Nico Sell, co-founder of the non-profit r00tz Asylum, told the PBS NewsHour that these kids were able to hack sites that were exactly like those used for official elections in the United States. “These are very accurate replicas of all of the sites. These  things should not be easy enough for an 8-year-old kid to hack within 30  minutes, it’s negligent for us as a society,” Sell says. Sell said that when they first tried a similar challenge last year,  adult hackers were able to crack the websites in under five minutes. “So this year we decided to bring the voting village to the kids as well,” she said.   

However, the government is not ready to admit that they are using such vulnerable technology to conduct their elections. The National Association of Secretaries of State issued a statement saying that they were “ready  to work with civic-minded members of the DEFCON community wanting to  become part of a proactive team effort to secure our elections.” 

However, they also claimed that it is not possible to replicate an actual government election website. 

“It would be extremely difficult to replicate these systems since  many states utilize unique networks and custom-built databases with new  and updated security protocols. While it is undeniable websites are  vulnerable to hackers, election night reporting websites are only used  to publish preliminary, unofficial results for the public and the media.  The sites are not connected to vote-counting equipment and could never  change actual election results,”’ the statement read.

 In other words, they claim that they will still be able to retain the  actual results, even if a legitimate election website happens to be  tampered with. Sell pointed out that the response from election  officials shows that they either don’t understand or don’t care about  the chaos that can be caused by false election results being published,  even if they are corrected after the fact. 

“To me, that statement says that the secretaries of states are  not taking this seriously. Although it’s not the real voting results  it’s the results that get released to the public. And that could cause  complete chaos. The site may be a replica but the vulnerabilities that  these kids were exploiting were not replicas, they’re the real thing. I  think the general public does not understand how large a threat this is,  and how serious a situation that we’re in right now with our  democracy,” she said. 

Furthermore, Matt Blaze, a professor at the University of  Pennsylvania and one of the organizers of the “hacking village,” said  that these replica websites were actually designed to be more difficult  to hack than the official government sites. “It’s not surprising that these precocious, bright kids would be  able to do it because the websites that are on the internet are  vulnerable, we know they are vulnerable. What was interesting is just  how utterly quickly they were able to do it,” he said. 

Adult hackers were also able to break into actual voting machines during the convention. It has long been an open secret that election websites and even  voting machines are extremely vulnerable to hacking.

In fact, a study at  the Argonne National Laboratory in Illinois developed a hack to  manipulate voting machines just before the 2012 elections. The researchers who developed the hack were actually able to hijack a Diebold Accuvote TS electronic voting machine, one of the most popular voting systems at the time. 

Two of the lead researchers in the study were able to demonstrate a  number of different ways that voting machines could be hacked. They used  a $1.29 microprocessor and a circuit board that costs about $8, along  with a $15 remote control. 

They demonstrated that the cheap hack worked from over a half-mile away. “When the voter hits the ‘vote now’ button to register his votes,  we can blank the screen and then go back and vote differently and the  voter will be unaware that this has happened. Spend an extra four bucks  and get a better lock, you don’t have to have state-of-the-art security,  but you can do some things where it takes at least a little bit of  skill to get in,” Johnson said. As far as how easy the hack is, Johnson told Popsci that “I’ve been to high school science fairs where the kids had more sophisticated microprocessor projects.” 

Sort:  

Curated for #informationwar (by @commonlaw)

  • Our purpose is to encourage posts discussing Information War, Propaganda, Disinformation and other false narratives. We currently have over 7,500 Steem Power and 20+ people following the curation trail to support our mission.

  • Join our discord and chat with 200+ fellow Informationwar Activists.

  • Join our brand new reddit! and start sharing your Steemit posts directly to The_IW!

  • Connect with fellow Informationwar writers in our Roll Call! InformationWar - Contributing Writers/Supporters: Roll Call Pt 11

Ways you can help the @informationwar

  • Upvote this comment.
  • Delegate Steem Power. 25 SP 50 SP 100 SP
  • Join the curation trail here.
  • Tutorials on all ways to support us and useful resources here

I am really shocked how the kids are able to these complex things.

I sat here, at my desk, with my a completely dumbfounded look on my face. How is that kids can crack these sites? Now the article states they did not get into the actual voting systems, but they were able to change what the public and media can see. Just like the Kobach case, change what people see, and then say ooppps, my bad. The goal is not to change the results, but to change the perception of what can and cannot be trusted. This is mind boggling.

To listen to the audio version of this article click on the play image.

Brought to you by @tts. If you find it useful please consider upvoting this reply.

How i can attach audio like this in my post ?

Its really scary to realize that this voting machines are so vulnerable. Starting in Florida and Diebold enterprise (company related with Spain as well, after Bush jr. won the presidentials, they managed to change every ATM in Spain with a strange gob-arrangement), and continued now in Argentine. Recently, the neo-lib administration tried to put the debate on the table again... I hope they no succeed! Thanks for sharing, and sorry for my english

vicious, brutal reality, lol.

Not saying there's not a problem here but hacking a website on which election results are published is far different than hacking voting machines to change actual results.

indeed, that requires $26 dollars worth of components from Radio Shack and Radio Shack no longer exists.

But you also need physical access. Even paper ballets can be hacked with physical access. But it's not something any random hacker on the internet can do from their bedroom.

still though, imagine if the wrong election results were picked up by a news agency and went viral, then the government had to come back around and say that the results were wrong..it would create a shitstorm, to say the least

Maybe. But it's not like similar things haven't happened before. Remember when the election was called for Al Gore...and then Bush...and then too close to call...and then Bush? And that was without any hacking... Officials would be aware of actual election results regardless of what was on an informational public web page so I don't think there is much risk in that regard.

Exactly, this is not about changing the 'votes' it is about being able to change and further undermine the public's degree of trust concerning both the Candidates and the News.

just imagine...

not for the radio shack hack, you can do it from across the street from the polling place and it leaves no traces. Any random hacker can get the plans to make the device off the internet.

The voting machines I've used you have to fill in bubbles on paper which are then scanned so there is still paper as a backup. I don't know how all the other states work but I think it's pretty dumb not to have a paper backup.

indeed, that's how I vote as well, those machines are fairly secure too, in other places there is no paper record of a vote. That is pretty stupid, we are lucky that in real life few people are that interested in hacking voting machines illegally. It's the same thing that keeps us safe from mad bombers and people flying planes into things, it's super easy to do those things but there really are not many people who want to and that is what keeps us safe most of the time.

Plus the fact that, at least in most cases, it would take a coordinated attack of many voting machines to actually make a difference. Such a thing would probably be noticed. But yeah, having a paper backup is definitely the way to go.

luckily, we do have an army of elderly people watching our polls. paper ballots seem like the way to go.

was anyone still under the impression that these systems were secure?

"While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote-counting equipment and could never change actual election result"

But if people don't know who others voted for how will they know who to vote for? ;)

This is about creating distrust and paranoia. People who will get in there will sow distrust of the governmental official pages. If I were anyone in state government, I would be hardening these pages. This is as bad as buying votes.

I don't think the hacker kids want to create distrust and paranoia, just perhaps to highlight a vulnerability.

No it has nothing to do with the kids.

  1. The system is easy to hack - hence, a 10 y/o can do it
  2. The system does not touch actual voting mechanisms, but can be manipulated to report something that is not true.

did you read the article?

The only hope they got now is the blockchain.