Hacking democracy was as easy as abcde. When Carsten Schurmann sat down to hack one of the voting machines used instead of paper ballots in the state of Virginia, he used a simple online tool to discover a flaw in the machine that had been public — and remained unfixed — for 14 years. And he already knew the password, because he had found that on the internet, too. The password was abcde. Wearing a short-sleeved shirt and wire-framed glasses, the Danish computer science professor described how simple it had been to get in to the WINvote machine, after which he was able to tamper with the vote tally. “The machines are all vulnerable,” he said. “I’m not a hacker but I tried the first thing and it worked.”
Not that he was doing it for real. Mr Schurmann was at last year’s Def Con, a cyber security conference, which assembled 25 pieces of election equipment and invited attendees to test their vulnerabilities. All 25 were hacked.
Virginia was one of the 21 states that the US government believes had their election systems targeted by Russian hackers in 2016. The state learnt from Mr Schurmann’s work and has banned this type of voting machine, requiring replacements before the midterm elections this November.
But Mr Schurmann believes not all states are as alert to the problem, and it alarms him. “This is a make or break election,” he said. “People need to trust the result.”