The 26th annual DefCon gathering, one of the largest security conventions, served as a lab for breaking into voting machines on Friday to identify potential security flaws in technology that may be used for the upcoming November U.S. elections. The weekend Voting Village in Las Vegas aims to expose security issues in digital poll books and memory-card readers.
The first voting village was held last year when U.S. intelligence agencies suspected the Russian government used hacking to support Donald Trump’s 2016 candidacy for President. During this event, organizers set up decommissioned election equipment and watched hackers find ways to break in. Conference attendees found new vulnerabilities for all five voting machines and a single e-poll book of registered voters over the course of the weekend. A Danish researcher also figured out how to take control of a touchscreen voting system used in 2014 in a remote hack that could work from up to 1,000 feet away, according to Reuters.
In a room for kid hackers this year, an 11-year old girl was capable of hacking a replica of the Florida secretary of state’s website within 10 minutes and changed the results according to BuzzFeed News.
The National Association of Secretaries of State issued a statement against the Voting Village, stating “Our main concern with the approach taken by DefCon is that it uses a pseudo environment which in no way replicates state election systems, networks, or physical security.”
An election security researched who helped organize the Voting Village, Matt Blaze, responded, “I think the statement was misguided. It’s only through scrutiny that we’re going to have confidence in elections. That said, the fact that a system has vulnerabilities in it, even incredibly serious vulnerabilities, is not the same as saying any given election has been tampered with. There’s an interesting paradox. We know these systems are wildly insecure, and there’s been precious little evidence of these vulnerabilities so far being exploited in real elections. I think we’ve been very lucky, and I think there’s a little bit of a ticking time bomb here.”
A number of Russian tactics have been exposed since October 2016, including hacking and leaking Democrats’ emails, scanning state voter registration databases and sending phishing emails to county employees. One of Russia’s goals with these attacks is to undermine American faith in democracy, analysts stress.
An advocacy group that helped organize the weekend voting village, Verified Voting, said that some of the voting machine models being tests are still used to tally votes across the U.S. They said the Dominion Premier/Diebold AccuVote TSx system is used in 20 states and 23,784 precincts.