I Just Hacked a State Election. I'm 17. And I'm Not Even a Very Good Hacker.
Source: Politico
It took me around 10 minutes to crash the upcoming midterm elections. Once I accessed the shockingly simple and vulnerable set of tables that make up the state election boards database, I was able to shut down the website that would tally the votes, bringing the election to a screeching halt. The data were lost completely. And just like that, tens of thousands of votes vanished into thin air, throwing an entire election, and potentially control of the House or Senatenot to mention our already shaky confidence in the democratic process itselfinto even more confusion, doubt, and finger-pointing.
Im 17. And Im not even a very good hacker.
Ive attended the hacking convention DEF CON in Las Vegas for over five years now, since I was 11 years old. While I have a good conceptual understanding of how cyberspace and the internet work, Ive taken only a single Python programming class in middle school. When I found out that the Democratic National Committee was co-sponsoring a security competition for kids and teens, however, my interest in politics fed into curiosity about how easy it might be to mess with a U.S. election. Despite that limited experience, I understood immediately when I got to Las Vegas this year why the professionals tend to refer to state election security as childs play.
The Voting Machine Village at DEF CON, the aforementioned competition where attendees tackled vulnerabilities in state voting machines and databases, raised plenty of eyebrows among election boards and voting machine manufacturers alike. Its a hard pill to swallow for the public, too: No one wants to believe thatafter waiting in a lengthy line, taking time off from work or finding a babysitter in order to votetheir ballot could be thrown away, or even worse, altered.
https://www.politico.com/magazine/story/2018/08/21/i-just-hacked-a-state-election-17-not-a-good-hacker-219374
dem4decades
(11,304 posts)2naSalit
(86,780 posts)thwarting all efforts to protect the election, they can't win w/o cheating.
lagomorph777
(30,613 posts)They've put out a very public message to that effect.
2naSalit
(86,780 posts)mr_lebowski
(33,643 posts)1) The official vote tally would be unlikely to be performed by a 'website',
2) The website in question would likely have it's own set of local database tables, and those would populate what's physically shown on the site, but IRL those would be populated by a data feed (such as via webservice) from a separate, master database, which is also from whence the official tally would be derived, and thus data being 'lost' from the website's local tables would be immaterial (and said master database would not have likely been a part of this hacking simulation),
3) The election would not come to a screeching halt if the website showing the results was hacked, esp. given that government websites don't begin showing results until AFTER voting has completed,
4) A copy of the Website, made available to a 'Hacking Conference' would be unlikely to have all the same ancillary security measures that an official in-situ website (firewalls, etc) would have deployed to prevent hackers from getting in the first place.
shadowmayor
(1,325 posts)Why are we still subjected to this nightmare????
I think we aren't asking too much to have a verifiable paper trail for how we vote? The silence on the part of both political parties is stunning.
lagomorph777
(30,613 posts)That has to be a top priority after we take Congress.
FakeNoose
(32,751 posts)These kids (mostly high school and college age) are just getting together and trying stuff out at this convention. He's not saying what brand of machine he hacked, and they probably were only given one kind to practice on.
I think he's certainly reinforcing what we've been saying on DU: the electronic voting machines are not secure. The system was setup to be hacked and the entire idea was championed by the Republican Party. They know the machines can be hacked - or secretly reprogrammed - and it probably happens whenever they install an upgrade.
Paper ballots must be used in every state until these machines can be made secure. If they can't be made secure then trash them all.