When things go really, really wrong, Roger Johnston has a really, really good day. After all, he’s usually the man who made them go wrong.
Johnston has a PhD, 10 patents to his name, and what every 10 year old kid would think is a dream job. As chief of the Vulnerability Assessment Team at Argonne National Laboratory outside Chicago, he has made it is his mission to crack into every security system labeled as foolproof by their creators.
“We need to be thinking like the bad guy,” said Johnston. “The unfortunate reality is that the bad guys get to define the problem. The good guys don’t.”
… One of the most frightening examples Johnston has turned up is in one of the nation’s most treasured franchises: the right to vote. He said he’s found that most voting machines have almost no security to reveal tampering. Thus, he said, it’s a fairly simple matter to tinker with the electronics while machines are in storage or being transported by the truckload. He has even demonstrated how he can turn cheating mechanisms in voting machines on and off by remote control.
“It’s much easier to steal the election, right at the electronic voting machine,” said Johnston. “In many cases, we see security devices or electronic voting machines where we really have to wonder, ‘Did anybody spend 60 seconds figuring out the security issues?”
… He is especially critical of what he calls “security theater;” precautions which are more show than substance and often glaringly ineffective.
“We see this time and again where it looks impressive, but it really doesn’t address the security problems of the device,” he lamented.