It happened in Las Vegas, but the weaknesses in U.S. voting equipment uncovered during a summer hackathon are too important to stay there, experts say. They’re a matter of national security. A new report breaks down the lessons learned at the DEF CON 25 hacking conference, which amounted to a concentrated attack—orchestrated in the name of public safety—on the programming and machinery used in U.S. elections. “The results were sobering,” according to a copy of the report provided by the Atlantic Council, an international affairs think tank. “By the end of the conference, every piece of equipment in the Voting Village was effectively breached in some manner. Participants with little prior knowledge and only limited tools and resources were quite capable of undermining the confidentiality, integrity, and availability of these systems.” … Researchers found the susceptibilities exposed by the hackers controverted manufacturers’ long-standing claims that their products were designed to thwart tampering. “If a voting machine can be hacked by a relative novice in a matter of minutes at DEFCON, imagine what a savvy and well-resourced adversary could do with months or years,” the researchers wrote.
Voter databases in individual states, which keep records and run elections in the non-centralized U.S. system with various kinds of both software and hardware, reportedly have been targeted as well.
… One of the authors of the report, Joseph Hall of the Center for Democracy & Technology, tweeted a warning against overinterpreting the scope of the threat, if not its urgency.
Responding to one published claim that the Russians could remotely take over the entire U.S. election system, Hall, the center’s chief technologist, decried the “breathless hysteria” of the coverage and remarked, “I wrote a lot of the dang thing, and it doesn’t make a claim like that.”