It took less than a day for attendees at the DefCon hacking conference to find and exploit vulnerabilities in five different voting machine types. “The first ones were discovered within an hour and 30 minutes. And none of these vulnerabilities has ever been found before, they’ll all new,” said Harri Hursti, co- coordinator of the event. One group even managed to rick-roll a touch screen voting machine, getting it to run Rick Astley’s song “Never Gonna Give You Up,” from 1987. … The groups weren’t able change votes, noted Hursti, a partner at Nordic Innovation Labs and an expert on election security issues. “That’s not what we’re trying to do here today. We want to look at the fundamental compromises that might be possible,” he said.
Election officials and voting machine manufacturers insist that the rites of American democracy are safe from hackers. But people like Carten Schurman need just a few minutes to raise doubts about that claim. Schurman, a professor of computer science at the University of Copenhagen in Denmark, used a laptop’s Wi-Fi connection Friday to gain access to the type of voting machine that Fairfax County, Virginia, used until just two years ago. Nearby, other would-be hackers took turns trying to poke into a simulated election computer network resembling the one used by Cook County, Illinois. … Before the 2016 election, former FBI Director James Comey assuaged fears by telling Congress that the system was so “clunky” — comprised of a mishmash of different kinds of machines and networks, with each state’s results managed by a consortium of state and county officials — that its overall integrity was fairly safe. Election security advocates aren’t as confident. Barbara Simons, Board Chair of Verified Voting, a nonprofit that since 2003 has studied U.S. elections equipment, said that the vulnerabilities on display in Las Vegas only served to reiterate a need for the country to adopt a nationwide system of verifiable paper ballots and mandatory, statistically significant audits. While numerous states have starting moving in this direction, Simons worries it’s not enough.
In a muggy little room in the far corner of Caesar’s Palace, wide-eyed and almost audibly buzzing is Carsten Schurmann. The German-born hacker has just broken into a U.S. voting machine with his Apple Mac in a matter of minutes. He can turn it on and off, he can read all the information stored within and if he felt like it, he could probably change some votes if the system was in use. “This is insane,” he says. But today, that machine is not in use, it’s being opened up for anyone to try what Schurmann did. A host of technically-minded folk have gathered at DEF CON’s Voting Machine Village, where they’re tinkering with more than 25 commonly used systems used across American elections. They might just save the next election from Russian hackers. Those machines are, co-organizer Matt Blaze says, horribly insecure. Blaze’s hope is the public will be made aware of their many, many flaws, and demand elections be protected from outside, illegal interference, following the much-documented attempts by Russia to install Donald Trump as president.
Hackers attending this weekend’s Def Con hacking convention in Las Vegas were invited to break into voting machines and voter databases in a bid to uncover vulnerabilities that could be exploited to sway election results. The 25-year-old conference’s first “hacker voting village” opened on Friday as part of an effort to raise awareness about the threat of election results being altered through hacking. Hackers crammed into a crowded conference room for the rare opportunity to examine and attempt to hack some 30 pieces of election equipment, much of it purchased over eBay, including some voting machines and digital voter registries that are currently in use.
One of the nation’s largest cybersecurity conferences is inviting attendees to get hands-on experience hacking a slew of voting machines, demonstrating to researchers how easy the process can be. “It took me only a few minutes to see how to hack it,” said security consultant Thomas Richards, glancing at a Premier Election Solutions machine currently in use in Georgia. The DEF CON cybersecurity conference is held annually in Las Vegas. This year, for the first time, the conference is hosting a “Voting Machine Village” where attendees can try to hack a number of systems and help catch vulnerabilities. The conference acquired 30 machines for hackers to toy with. Every voting machine in the village was hacked.
When the password for a voting machine is “abcde” and can’t be changed, the integrity of our democracy might be in trouble. The Advanced Voting Solutions WinVote machine, dubbed “America’s worst voting machine,” came equipped with this simple password even as it was used in some of the country’s most important elections. AVS went out of business in 2007, but Virginia used its insecure machines until 2015 before dropping them for scrap metal. That means this vulnerable hunk of technology was used in three presidential elections, starting with George W. Bush’s re-election in 2004 to Barack Obama’s in 2012. In addition to Virginia, Pennsylvania and Mississippi used the WinVote without knowing all the ways it could be hacked. Unlike other technology — your phone, your laptop, connected cars — security wasn’t really a focus.
National: Leader Of Voter Fraud Probe Really Doesn’t Want To Release Trump Meeting Documents | HuffPost
Kansas Secretary of State Kris Kobach (R) continued to fight releasing documents from a meeting with President Donald Trump in November, saying that the public did not need to see them and that disclosing them would impede his ability to serve on Trump’s commission to investigate voter fraud. Kobach, who has lent support to Trump’s claims of widespread voter fraud and exaggerated instances of it in the past, made the argument with his lawyer in a Friday court filing as part of an ongoing lawsuit brought by the American Civil Liberties Union over a Kansas law requiring people to prove their citizenship to vote. As part of the lawsuit, the ACLU is requesting a Kansas federal judge unseal documents that Kobach was photographed holding when he met with Trump in November 2016, as well as a draft amendment to federal voting law, which circulated in his office. The documents contain potential amendments to the National Voter Registration Act, a 1993 law requiring motor vehicle and some other state agencies to provide opportunities to register to vote.
The day after last fall’s presidential election, Kris Kobach got to work. In an email plotting action items for the new Trump administration, Mr. Kobach, the Republican secretary of state in Kansas and a champion of voter suppression campaigns there and nationally, said he had “already started” drafting a key legislative change that would enable states to impose rules complicating registration for millions of new voters — exactly the sort of rules he had advanced in Kansas, with mixed success. Writing to a Trump transition official, Mr. Kobach said he was preparing an amendment to the National Voter Registration Act to allow states to demand documentary proof of citizenship for new registrants.
This week, hackers from across the globe are gathering in Las Vegas at the annual DEF CON conference for an exercise ripped straight from news headlines — trying to hack U.S. election systems. It’s a unique exercise that has raised a lot of eyebrows in the election community. For me, it’s yet another moment to focus on the topic of election system security and the need for constant vigilance. For all of the hype surrounding the DEF CON exercise and beyond the 2016 election system hacking attempts shaping news headlines these days, attempts to hack into government-controlled systems isn’t exactly a new concept or exercise. There were 10 federal agency cyber breaches in 2014, including targets such as the White House, State Department, Office of Personnel Management (OPM) and Nuclear Regulatory Commission. In fiscal 2016, OPM found federal agencies faced 31,000 “cyber incidents” that led to “compromise of information or system functionality.”
Alabama: Federal Judge Says Alabama Doesn’t Have To Tell Felons They May Now Be Able To Vote | HuffPost
Alabama election officials don’t have to immediately educate impacted people about a change in state voting qualifications that clarified tens of thousands of felons have the right to vote, a federal judge ruled Friday. The ruling came in response to a request from lawyers from the Campaign Legal Center, on behalf of 10 voters over a law that prohibited anyone who committed a “felony of moral turpitude” from voting. In May, Alabama Gov. Kay Ivey (R) signed a law defining exactly which offenses constituted a crime of moral turpitude, earning widespread praise. But Alabama Secretary of State John Merrill (R) told HuffPost in June the state wouldn’t undertake any effort to target people affected by the change and let them know they’re now eligible to vote.