For the second year in a row, hackers at the Def Con computer security conference in Las Vegas set out to show just how vulnerable U.S. elections are to digital attacks. At one gathering geared for kids under 17, elementary school-aged hackers cracked into replicas of state election websites with apparent ease. At the Def Con Voting Village, a section of the conference that showcased hands-on hacks, security researchers picked apart voting machines and exposed new flaws that could potentially upend a race. And hackers got close to being able to manipulate a heavily-guarded mock voter registration database. But during the weekend-long hack-a-thon, these faux election hackers had a hard time winning over some of the people they wanted to reach most.
Election officials from the National Association of Secretaries of State (NASS) bristled at the demonstrations, saying they didn’t reflect what could actually happen on Election Day. So did voting machine vendors, which argued it would be difficult for adversaries to gain the level of access necessary to tamper with equipment.
The tension doesn’t bode well for the debate over how to boost election security as the threat of Russian election interference looms large ahead of the November midterms and 2020. Officials are wary about security researchers highlighting the vulnerabilities in their systems, fearing that they could discourage voters from showing up at the polls. But if they’re too dismissive about the threats, they risk alienating important allies as they push for more resources to upgrade voting equipment, patch vulnerabilities and hire more cybersecurity staff.
“We’re trying to help,” said Jake Braun, an organizer of the Voting Village and a former Obama White House liaison to the Department of Homeland Security. “We’re identifying for them things that they can do to demonstrate to the public that they’re making elections more secure.”
Full Article: The Cybersecurity 202: State officials bristle as researchers — and kids — at Def Con simulate election hacks – The Washington Post.