Hack the Vote: The Simulation of Vote Hacking at DEF CON

This entry was posted on Thursday, August 30th, 2018.

DEF CON, started in 1992 by the Dark Tangent, is the world’s largest running and underground hacking conference held annually at Caesar’s Palace in Las Vegas. It is a convention attended by various people from hackers, to journalists, to lawyers, to cybersecurity professionals, to federal government employees. At the second annual DEF CON Voting Village, a part of the convention that seeks to exploit voting machines to better understand vulnerabilities, an 11-year old boy managed to hack into a replica of the Florida state election website, making it appear that 2016 independent presidential candidate Darrell Castle won the state. An 11-year-old girl also managed to make changes to the same Florida replica site in about 15 minutes, tripling the number of votes there.

Nevertheless, it has to be noted that the National Association of Secretaries of State (NASS), which represents officials in charge of counting votes in most states, said the access hackers at DEF CON are given to experiment with voting machines do not reflect real world conditions. “It would be extremely difficult to replicate these systems, since many states utilize unique networks and custom-built databases with new and updated security protocols,” according to a statement by the NASS.

Election Machine

Moreover, hackers attempting to hack voting machines, which were equipped with Windows XP, found that the attack could only be done in-person. In other words, one can not remotely hack into a voting machine from a faraway location.

Nevertheles, Nico Sell, the co-founder of r00tz Aslyum, a non-profit organization that teaches children how to become hackers and the organizer of the Voting Village, said that the exercise the children took part it demonstrates the level of security vulnerabilities found in the US election system.

“Although it’s not the real voting results, it’s the results that get released to the public. And that could cause complete chaos,” Sell said. “The site may be a replica but the vulnerabilities that these kids were exploiting were not replicas, they’re the real thing.”

While the US Congress in March appropriate $380 million for state and local officials to beef up election security, Steven Melendez believes that the funds are merely a flash in the pan and are not enough to replace all the digital-only machines still in use.

The Bottom Line

Attendees at DEF CON have been exploring different ways to exploit and manipulate devices and services to do something beyond their capacities. At the Voting Village, attendees have been investigating ways election machines can be hacked, a speculative topic that has been hotly debated in the wake of the US Presidential Election of 2016. While it is important to note that the 11-year-old children managed to change the results of the election results in Florida was only a simulation, the organizer of the Voting Village maintains that the fact that an election can be easily hacked has very damning implications for the future of democracy.