Earlier this month, Bianca Lewis, who is eleven years old, was wearing a T-shirt printed with the words “No time for Barbie, there’s hacking to be done” and sitting in front of a computer at the annual Def Con hacking conference, in Las Vegas, meddling with a replica of the Florida Secretary of State’s election Web site. She’d already surreptitiously entered the site’s database through what is known as an SQL injection. “First, you open the site,” she explained, “then you type a few lines of code into the search bar, and you can delete things and change votes. I deleted Trump. I deleted every single vote for him.” Lewis was visiting an event at the conference run by R00tz Asylum, a nonprofit that teaches hacking to kids, where organizers had replicated thirteen Secretary of State Web sites and invited kids to hack them. The day the conference began, as programmers were finishing coding the sites, the National Association of Secretaries of State issued a press release complaining that Def Con “utilizes a pseudo environment which in no way replicates state election systems, networks, or physical security.” That was true enough—these sites were only look-alikes—but they were constructed from data scraped from the actual state sites, and contained known vulnerabilities that had been exploited by hackers in the past. One of the organizers, Jake Braun, rolled his eyes when I asked him about the association’s letter. “It’s totally tone-deaf,” he said. “A nation-state is literally hacking our democracy—wouldn’t you want to take any help you could possibly get? If they don’t think that the Russians are not doing what we’re doing here all year, as opposed to just a weekend, then they are fucking idiots, right?”
Last year, Braun and a group of other cybersecurity researchers created Def Con’s first-ever Voting Village, a conference within the conference, devoted to election security and its evil twin, election insecurity. Def Con would bring more than twenty-five-thousand of the most avid hackers in the world together, jamming the halls of Caesars Palace, and organizers saw an opportunity to show the American public, still reeling from news of Russian interference in the 2016 Presidential election, how easily voting machines could be compromised. For last year’s conference, Braun and his colleagues purchased roughly two dozen voting machines from government auction sites and eBay, and every single one was successfully hacked, some within minutes.
This year, the Voting Village featured nearly four dozen machines, and, again, their vulnerabilities were on full display. (By lunchtime on the first day, one of the machines had been reprogrammed to project an image of the Illuminati.) “To me, the real value is that everyone who comes through here, the thousands of people, will be leaving with very specialized expertise that can be applied down the road to future systems,” Matt Blaze, another organizer, and a professor of computer science at the University of Pennsylvania, said. “It’s an incredible opportunity to expand the pool of experts who understand how they work and know how to evaluate them.”
Full Article: Election-Hacking Lessons from the 2018 Def Con Hackers Conference | The New Yorker.