By Heather Hamilton, contributing writer
Computer hackers took less than two hours to break into U.S. voting machines at the annual DefCon conference, one of the world’s largest hacker conventions, reports The Register. The event, which takes place in Las Vegas, attracts cybersecurity specialists from across the globe.
Conference founder, Jeff Moss, told USA Today prior to the event that he wanted to find out what the deal was for himself. “I’m tired of reading misinformation about voting system security,” he said.
DefCon participants put together a Voter Hacking Village, breaking voter machines from Diebold, Sequoia, and WinVote in a variety of ways, including physically taking them apart and gaining access via Wi-Fi networks to upload malware to them. Fortune notes that the wireless hacks are clearly more troubling because of their stealthy nature. “People are apt to notice someone taking a screwdriver to a polling place,” they write.
This is a first for DefCon, likely given the prominence of voter hacking in the news. And while it hasn’t been proven that Russian hackers impacted vote count, there is evidence of interference. The experts at DefCon wanted to see if it was possible to compromise votes and affect outcomes in this way.
Within 90’ minutes, Danish researcher Carsten Schürmann used a 14-year-old exploit in Microsoft Windows XP to obtain remote access to an unpatched machine. CNET reports that this would allow him to change the tally of votes from any remote location. Many machines were running outdated software, and others had physical ports open that could be used to install malicious software.
In an interview with The Register, Jake Braun, who is the CEO of Cambridge Global Advisors and suggested the event to organizers earlier in the year, said, “Thanks to the contributions of the hacker community today, we’ve uncovered even more about exactly how. The scary thing is [that] we also know that our foreign adversaries — including Russia, North Korea, [and] Iran — possess the capabilities to hack them, too, in the process undermining principles of democracy and threatening our national security.”
In an interesting twist, it turns out that one of the hacked machines, which was purchased on eBay, also contained around 650,000 unsecured voter records, according to Gizmodo. This included name, address, birthday, political party, whether or not they voted absentee, and whether they were asked to provide identification.
U.S. government workers are responsible for wiping voter information from the memory of voting devices that are decommissioned and auctioned to the public, and it is unclear why this one fell through the cracks — but it is unlikely that it is the only instance.
The Register reports that they were told that the hacked machine accessed via Wi-Fi was not fully secured and the intrusion would have been detected and logged. Furthermore, not all attacked equipment would be used in today’s election. Still, the event reveals the potential damage if those overseeing elections are not vigilant about security.
Douglas Lute, principal at Cambridge Global Advisors and former U.S. Ambassador to NATO, warns, “This is now a grave national security concern that isn't going away. In the words of former FBI Director James Comey, ‘They're coming after America. They will be back.’”
Sources: The Register,USA Today,Fortune,CNET,Gizmodo
Image Source: CC by 2.0 Image Arcata City Hall polling place courtesy of Bob Doran on Flickr
Learn more about Electronic Products Magazine