Following the recent declaration by the U.S. National Security Agency that Russian hackers tried to infiltrate the electronic voting machines used in the last U.S. presidential election, many people are calling for a lot of things especially for the electronic voting machines to be scrapped. Although the Russians did not succeed, more questions are still left on the table. U.S. senators looking for answers have constituted a committee and is hoping to pass a bipartisan bill called the Securing America’s Voting Equipment (SAVE) Act. The bill will enlist help from the Department of Homeland Security to organize an event like the one held at the DEFCON hackers conference in July, themed the “Voting Machine Hacking Village.”
Want better security of election voting results? Use paper. With the US almost halfway between the last national election and the 2018 mid-terms, not nearly enough has been done yet to improve the demonstrated insecurity of current electronic voting systems. Multiple experts say one obvious, fundamental move should be to ensure there is a paper trail for every vote. That was a major recommendation at a panel discussion this past week that included representatives of the hacker conference DefCon and the Atlantic Council think tank, which concluded that while there is progress, it is slow.
A new report pushes recommendations based on the research done into voting machine hacking at DEFCON 25, including basic cybersecurity guidelines, collaboration with local officials and an offer of free voting machine penetration testing. It took less than an hour for hackers to break into the first voting machine at the DEFCON conference in July. This week, DEFCON organizers released a new report that details the results from the Voting Village and the steps needed to ensure election security in the future. Douglas Lute, former U.S. ambassador to NATO and retired U.S. Army lieutenant general, wrote in the report that “last year’s attack on America’s voting process is as serious a threat to our democracy as any I have ever seen in the last 40+ years – potentially more serious than any physical attack on our Nation. Loss of life and damage to property are tragic, but we are resilient and can recover. Losing confidence in the security of our voting process — the fundamental link between the American people and our government — could be much more damaging,” Lute wrote. “In short, this is a serious national security issue that strikes at the core of our democracy.”
The political instability that has resulted from Russian meddling in the 2016 US presidential elections has put the focus on voting machines as a national security vulnerability, Douglas Lute, a former US permanent representative to NATO, said at the Atlantic Council on October 10. “I don’t think I’ve seen a more severe threat to American national security than the election hacking experience of 2016,” said Lute. There is a “fundamental democratic connection between the individual voter and the democratic outcome” of an election, he said, adding: “If you can undermine that, you don’t need to attack America with planes and ships. You can attack democracy from the inside.” … Lute delivered a keynote address at the Atlantic Council to call for a sense of urgency among policymakers and all stakeholders able to play a role in the solution to insecure voting machines. He also highlighted the findings presented in the DEF CON Report on Cyber Vulnerabilities in US Election Equipment, Databases, and Infrastructure, launched at the Council, which help to shed light on the technological dimensions of this national security threat. Ultimately, as Lute writes in the foreword, “this report makes one key point: our voting systems are not secure.”
When attendees at the July DEFCON conference breached every poll book and voting machine that event organizers had in the Voting Machine Hacking Village, elections officials took notice. A new report from DEFCON, the National Governors Association, the Atlantic Council, the Center for Internet Security and a number of universities and top technology vendors provides a more detailed look at just how vulnerable the entire U.S. election system – equipment, databases and infrastructure — is to hacking and urges policymakers to shore up security gaps. Vulnerabilities start with an insecure supply chain. Many parts used in voting machines are manufactured overseas, and the report authors suggested that bad actors could compromise the equipment “well before that voting machine rolls off the production line.” Voting Village participants found voting machines with universal default passwords and ones that broadcast their own Wi-Fi access point, which would allow hackers to connect. Once hackers gained access, they could escalate their privileges so they could run code, change votes in the database or turn the machine off remotely. Additionally, unprotected, uncovered USB ports provided easy inputs for thumb drives or keyboards.
You don’t even have to know much about voting machines to hack some of the systems that are still in use across the country. A new report published on Tuesday outlines how amateur hackers were able to “effectively breach” voting equipment, in some cases in a matter of minutes or hours, over just four days in July at DEFCON, an annual hacker conference. The report underscores the vulnerability of U.S. election systems. It also highlights the need for states to improve their security protocols after the Department of Homeland Security said Russian hackers attempted to target them during the 2016 election. “The DEFCON Voting Village showed that technical minds with little or no previous knowledge about voting machines, without even being provided proper documentation or tools, can still learn how to hack the machines within tens of minutes or a few hours,” the report says.
Organizers of the long-running DEFCON hacking conference have teamed with a variety of groups, including the National Governors Association, on an initiative to boost electoral security. The new coalition comes on the heels of a new report highlighting how insecure many voting machines really are. The DEFCON hacking conference, which has existed in one form or another for nearly a quarter century, is getting into the election security business—with the help of a number of associations and nonprofits. A September report [PDF] outlines the results of the first-ever “Voting Machine Hacking Village,” held at the DEFCON conference in Las Vegas last summer. The exercise revealed significant vulnerabilities in digital voting machines and in the ways they’re used to tally votes. And this week it led to the announcement of a coalition on election security that includes the National Governors Association, the Atlantic Council, the Center for Internet Security, and a variety of academic groups, among others.
The electronic voting machine, now used to some degree in all 50 states, is the functional equivalent of an unoccupied Lamborghini left running at midnight with vanity plates that say STEALME. This summer, hobbyist hackers with no specialized expertise who attended a convention called Defcon were able to compromise four different voting machines, one in less than 30 minutes. “Unfortunately, they were much easier than, say, a home router or mobile device,” says Defcon organizer Jeff Moss. … Online voting is hardly a fix. “There are so many problems and insecurities in internet voting, it’s not something we should even begin to consider in the next ten years,” says Princeton University professor of computer science Andrew Appel.
Hackers could have easily infiltrated US voting machines in 2016 and are likely to try again in light of vulnerabilities in electronic polling systems, a group of researchers said Tuesday. A report with detailed findings from a July hacker conference which demonstrated how voting machines could be manipulated concluded that numerous vulnerabilities exist, posing a national security threat. The researchers analyzed the results of the “voting village” hacking contest at the DefCon gathering of hackers in Las Vegas this year, which showed how ballot machines could be compromised within minutes. “These machines were pretty easy to hack,” said Jeff Moss, the DefCon founder who presented the report at the Atlantic Council in Washington. “The problem is not going away. It’s only going to accelerate.”
Hacking and national security experts say that U.S. voting machines are vulnerable and could allow Russia to access to them, according to a new report out of DEFCON, one of the world’s longest-running hacker conferences. The report concludes that it is incredibly easy to hack U.S. voting machines, and the system is not nearly as safe as it’s portrayed by election officials because many voting machines contain foreign-manufactured internal parts that may be susceptible to tampering. Hackers also do not need advanced knowledge of voting machines to hack them — it would take only a few minutes or hours for someone with the technical knowledge to infiltrate the machines. At the Voting Village conference in July, DEFCON set up a hacking village to draw attention to cyber vulnerabilities in U.S. election infrastructure. It invited participants to hack 25 pieces of election equipment including voting machines and electronic poll books, and produced a report afterwards.