Just how secure are the nation’s voting machines, and how much should you worry about a hacker changing voting results? Based on what a group of hackers in Las Vegas, the machines are easily hacked, and voting results are not secure.
Every year, there is a conference held in Las Vegas, called DEF CON, where ethical hackers are invited to come and show off their unique skills. This year, one of the attractions was the “Voting Village”, where hackers were presented with voting equipment used throughout the United States, and invited to break into them to discover vulnerabilities.
The results were startling. While glaring security vulnerabilities were exposed by the hackers within 90 minutes, some of the machines succumbed to hacking within minutes. Although all of the machines had all data wiped before being turned over to the hacker teams, in some cases, voting information from the last vote tallied could be recovered. Some hackers were able to gain administrative access and actually change voting results.
It will surprise no one who works with hardware or software that most of the hackers exploited well-known vulnerabilities to gain access, such as known issues with unpatched firmware. Plugging in a mouse and keyboard to exposed USB ports and hitting CTRL-ALT-DELETE would exit the voting program and give hackers direct access to the operating system, where data files could be found and modified. Using default passwords gave administrative access to systems and allowed changes to data.
Jake Braun, the CEO of Cambridge Global Advisors and advisor to the Department of Homeland Security during the Obama administration, and the designer of the “Voting Village” challenge, said, “Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we’ve uncovered even more about exactly how.”
Kevin Collier, a writer for Politico, quoted Braun as saying, “The bad guys can get in.” Braun added, “One thing that’s been very unfortunate in the way a lot of election officials have talked about the breaches is saying the phrase we have no evidence that X, Y, or Z happened. However, the real answer is they have no idea what happened, or [way] of knowing. I’m not suggesting votes were switched or voters were deleted from voter files, but the point is the security is so lax and so bad that they have no way of going back and doing the forensics and saying one way or the other.” (Read the full article by clicking here.)