After acquiring a decommissioned voting machine, Anne-Marie “Punky” Chun and her colleagues at Synack set out to hack it. It took them only a matter of hours. “Just looking at the security hygiene, it wasn’t very strong,” Chun told Take Two host A Martinez in an interview. “The encryption password, for example, was hard-coded as ‘ABCD.’ And it was used on the whole machine.” Chun and her team test cyber security in, arguably, the most effective way: by breaking in themselves. So when they though about the best way to check the security of election data, they knew they had to find a voting machine, and preferably an older one.
“We wanted to take a look at what was lying under the surface of these voting machines, and not just the voting machines from 2016,” said Chun. “We wanted to know how systemic some of the vulnerabilities were in the voting machines. So we actually procured a system that had been used in three presidential elections before 2016, and we set it up during lunch in our office, and had our researchers go at it.”
By the time we came back at the end of lunch, we had a plethora of vulnerabilities, and we were able to actually manipulate the vote tallies on the machine.
The machine they tested, a decommissioned WinVote from Virginia, had been in use since 2004. Chun found this alarming. “So looking backwards, you know, you have to wonder how long has this been a problem,” said Chun. “And why did it take us so long to actually discover the problem.