From July 27-30, 25,000 hackers — yes, you read that right — convened in Las Vegas for the DEFCON hacking conference. One of the topics under discussion was the security of U.S. voting systems, especially apt in light of ongoing investigations into possible Russian hacking of the American electoral system during the 2016 presidential election.
At the conference, there was a gathering of voting hardware called “Voting Village” for hackers to check out and hack into, if they could. In September, DEFCON published the startling results of the Voting Village experiment at VerfiedVoting.org: Every single piece of voting hardware was successfully breached. The report was co-authored by DEFCON’s founder Jeff Moss.
Douglas E. Lute, former U.S. ambassador to NATO, and retired Lieutenant General of the U.S. Army wrote the preface to DEFCON’s report, explaining why he’s getting involved in electoral security:
The answer is simple: last year’s attack on America’s voting process is as serious a threat to our democracy as any I have ever seen in the last 40+ years — potentially more serious than any physical attack on our Nation. Loss of life and damage to property are tragic, but we are resilient and can recover. Losing confidence in the security of our voting process — the fundamental link between the American people and our government – could be much more damaging. In short, this is a serious national security issue that strikes at the core of our democracy.
In fact, what happened at Voting Village was even worse that it seems, since the hackers didn’t even possess the resources and tools a real-world hacker might have, such as “source code, operational data or other proprietary information,” according to the report.
And it didn’t require any special skill, either; hackers of all levels broke in just fine.Most of the equipment was purchased on eBay, though DEFCON has a special allowance that allows it to buy machines for research. Most current voting machines are made by just four manufacturers. All in all, there were 25 machines in Voting Village, including these:
- AVS WinVote DRE (software version 1.5.4 / hardware version N/A)
- Premier AccuVote TSx DRE (TS unit, model number AV – TSx, firmware 4.7.8)
- ES&S iVotronic DRE (ES&S Code IV 1.24.15.a, hardware revision 1.1)
- PEB version 1.7c – PEB – S
- Sequoia AVC Edge DRE (version 5.0.24)
- Diebold Express Poll 5000 electronic pollbook (version 2.1.1)
The DEFCON report reveals how stunningly weak the U.S. voting system is, with bold text added for emphasis:
The first voting machine to fall — an AVS WinVote model — was hacked and taken control of remotely in a matter of minutes, using a vulnerability from 2003, meaning that for the entire time this machine was used from 2003-2014 it could be completely controlled remotely, allowing changing votes, observing who voters voted for, and shutting down the system or otherwise incapacitating it.
That same machine was found to have an unchangeable, universal default password — found with a simple Google search — of “admin” and “abcde.”
An “electronic poll book”, the Diebold ExpressPoll 5000, used to check in voters at the polls, was found to have been improperly decommissioned…
The post A Hackathon Reveals Most Any Hacker Can Break Into Election Equipment appeared first on FeedBox.