![]() Even where that’s not the case, the Department of Homeland Security, the federal agency in charge of election security, can help states or municipalities only if they request assistance, and its recommendations, like those of another federal agency, the Election Assistance Commission, are not mandatory. Offers of help from the federal government to “harden” voting systems have, in some cases, been met with suspicion by local and state officials wary of losing their autonomy. You get the muscle memory.”Īmerican elections are overseen by the states and administered by municipalities. “They can see through the eyes of the attacker, they see what this environment looks like when you are the bad guys. Only about a hundred had actually responded and shown up. “We’re using this to train the election officials who are here,” Harri Hursti, another organizer, had told me earlier, noting that some sixty-six hundred election officials had been invited to Vegas. (Hackers breached election systems in Illinois in 2016.) The idea was for attackers to try to break through the system’s firewalls and steal voter-registration data, and for defenders to try to stop them. Nearby, another group of hackers was gathered on what was being called the cyber range, a virtual state-election system, based partly on the one used in Cook County, Illinois. “It’s an incredible opportunity to expand the pool of experts who understand how they work and know how to evaluate them.”īlaze and I were in a windowless conference room on the lower level of Caesars, surrounded by dozens of people earnestly attempting to mess with the different voting-machine models, many of which are still in use around the country, despite well-known security flaws. (By lunchtime on the first day, one of the machines had been reprogrammed to project an image of the Illuminati.) “To me, the real value is that everyone who comes through here, the thousands of people, will be leaving with very specialized expertise that can be applied down the road to future systems,” Matt Blaze, another organizer, and a professor of computer science at the University of Pennsylvania, said. This year, the Voting Village featured nearly four dozen machines, and, again, their vulnerabilities were on full display. For last year’s conference, Braun and his colleagues purchased roughly two dozen voting machines from government auction sites and eBay, and every single one was successfully hacked, some within minutes. Def Con would bring more than twenty-five-thousand of the most avid hackers in the world together, jamming the halls of Caesars Palace, and organizers saw an opportunity to show the American public, still reeling from news of Russian interference in the 2016 Presidential election, how easily voting machines could be compromised. Last year, Braun and a group of other cybersecurity researchers created Def Con’s first-ever Voting Village, a conference within the conference, devoted to election security and its evil twin, election insecurity. “A nation-state is literally hacking our democracy-wouldn’t you want to take any help you could possibly get? If they don’t think that the Russians are not doing what we’re doing here all year, as opposed to just a weekend, then they are fucking idiots, right?” One of the organizers, Jake Braun, rolled his eyes when I asked him about the association’s letter. The day the conference began, as programmers were finishing coding the sites, the National Association of Secretaries of State issued a press release complaining that Def Con “utilizes a pseudo environment which in no way replicates state election systems, networks, or physical security.” That was true enough-these sites were only look-alikes-but they were constructed from data scraped from the actual state sites, and contained known vulnerabilities that had been exploited by hackers in the past. Lewis was visiting an event at the conference run by R00tz Asylum, a nonprofit that teaches hacking to kids, where organizers had replicated thirteen Secretary of State Web sites and invited kids to hack them. “First, you open the site,” she explained, “then you type a few lines of code into the search bar, and you can delete things and change votes. She’d already surreptitiously entered the site’s database through what is known as an SQL injection. Earlier this month, Bianca Lewis, who is eleven years old, was wearing a T-shirt printed with the words “No time for Barbie, there’s hacking to be done” and sitting in front of a computer at the annual Def Con hacking conference, in Las Vegas, meddling with a replica of the Florida Secretary of State’s election Web site.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |