At the DEF CON conference in Las Vegas this past weekend, conference attendees demonstrated just how terrifyingly easy it is to hack into the United States' voting systems, something that particularly resonates in light of potential Russian interference in last year's presidential elections.
At DEF CON, a worldwide hacking convention, a "Voter Hacking Village" was set up for conference attendees to see if they could hack U.S. voting machines electronically. All of the 30 machines featured in this simulation had been used during previous U.S. elections — most were purchased on eBay.
Unfortunately, for the sake of election security, attendees were seemingly able to hack the voting machines relatively easily and quickly. According to Forbes, co-organizer Matt Blaze characterized the machines as "horribly insecure." Indeed, in just a number of hours, many of the machines were indeed hacked, some physically and some wirelessly. While both forms of hacking are certainly disquieting, the latter wireless scenario is particularly disconcerting, as it means that someone could potentially access and alter election results without ever even having physical access to a voting machine.
As Newsweek reported, there were myriad means by which hackers at the conference were able to access the machines, as "some devices had remote ports, which could be used to insert devices with malicious software, others insecure WiFi connections, or outdated software such as Windows XP, rendering them exposed to hacking attacks." The Register, a British tech publication, noted that it only took hackers about 90 minutes to access some of the systems.
According to CNET, many of the hackers present at the Voter Hacking Village said they wished to use the event to highlight the vulnerabilities in U.S. election machinery and hoped that their endeavors would lead to changes to election technology ahead of the 2020 presidential election.
Noted one attendee, Anne-Marie Hwang:
Hacking it is good because it's able to inform politicians and people in Congress about what they should do with voting machines. If no one ever hacked them, we might be still using things like this.
Blaze, one of the aforementioned co-organizers, added via Forbes:
We want to make the problems public, so they can be fixed, so the public will know what the problems are and will be able to demand their systems be improved. Anything that helps informs the public qualifies as good faith here. The stakeholders for voting machines are everyone in the country. So it's important the problems get fixed.
As many news outlets pointed out, the vulnerabilities discovered by hackers at DEF CON are particularly worrisome in light of reports earlier this year that Russia may have tried to interfere in the 2016 presidential election — and following warnings from former FBI Director James Comey that foreign hackers "will be back" for future elections. As Forbes noted, hopefully the issues discovered by the DEF CON attendees will cause regulators of U.S. voting machinery to "take note" and shift to a system that is more secure.
Indeed, some voting security advocates, including Barbara Simmons of Verified Voting, believe that a return to marked paper ballots, coupled with post-election audits, constitutes the ideal way to addressing these issues and making sure votes are secure and untouchable by outside forces.
Hopefully the learnings from DEF CON will serve as an eye-opener to inspire regulators to take veritable action when it comes to increasing voting security, especially as the much-anticipated 2018 mid-term elections are rapidly approaching.