National: To make our voting tech more secure, policymakers may need to work with the people who can break in them | KPCC

After acquiring a decommissioned voting machine, Anne-Marie “Punky” Chun and her colleagues at Synack set out to hack it. It took them only a matter of hours. “Just looking at the security hygiene, it wasn’t very strong,” Chun told Take Two host A Martinez in an interview. “The encryption password, for example, was hard-coded as ‘ABCD.’ And it was used on the whole machine.” Chun and her team test cyber security in, arguably, the most effective way: by breaking in themselves. So when they though about the best way to check the security of election data, they knew they had to find a voting machine, and preferably an older one.

National: Every Voting Machine at This Hacking Conference Got Totally Pwned | Gizmodo

A noisy cheer went up from the crowd of hackers clustered around the voting machine tucked into the back corner of a casino conference room—they’d just managed to load Rick Astley’s “Never Gonna Give You Up” onto the WinVote, effectively rickrolling democracy. The hack was easy to execute. Two of the hackers working on the touchscreen voting machine, who identified only by their first names, Nick and Josh, had managed to install Windows Media Player on the machine and use it to play Astley’s classic-turned-trolling-track. … The security industry encourages regular software updates to patch bugs and keep machines as impenetrable as possible. But updating the machines used in voting systems isn’t as easy as installing a patch because the machines are subject to strict certification rules.

National: Hackers Demonstrate How Vulnerable Voting Machines Are | US News & World Report

We shouldn’t need another reminder, but the DefCon hacking conference in Las Vegas provided one over the weekend anyway: Voting machines are highly susceptible to electronic attacks. You might remember the topic of hacking elections from such recent presidential campaigns as: last year’s. And while – this is important – there’s no evidence that hackers manipulated actual vote tallies in 2016, there’s every reason to believe that cyber-malefactors will try to do just that in future. And the DefCon gang proved how easy that would be. The convention set up a Voting Machine Hacking Village where attendees could see what they could do against more than 30 voting machines (procured, no kidding, via eBay and government auctions). It took less than 90 minutes before a hacker was able to crack the poorly-secured Wi-Fi on one voting machine (which is, thankfully, outdated and was apparently last used in 2015); another programmed a machine to play Rick Astley’s ghastly song, “Never Gonna Give You Up.” Imagine casting your vote on Election Day and getting rickrolled for your trouble.

National: Hackers at DefCon conference exploit vulnerabilities in voting machines | USA Today

It took less than a day for attendees at the DefCon hacking conference to find and exploit vulnerabilities in five different voting machine types. “The first ones were discovered within an hour and 30 minutes. And none of these vulnerabilities has ever been found before, they’ll all new,” said Harri Hursti, co- coordinator of the event. One group even managed to rick-roll a touch screen voting machine, getting it to run Rick Astley’s song “Never Gonna Give You Up,” from 1987. … The groups weren’t able change votes, noted Hursti, a partner at Nordic Innovation Labs and an expert on election security issues. “That’s not what we’re trying to do here today. We want to look at the fundamental compromises that might be possible,” he said.

National: Hackers descend on Las Vegas to expose voting machine flaws | Politico

Election officials and voting machine manufacturers insist that the rites of American democracy are safe from hackers. But people like Carten Schurman need just a few minutes to raise doubts about that claim. Schurman, a professor of computer science at the University of Copenhagen in Denmark, used a laptop’s Wi-Fi connection Friday to gain access to the type of voting machine that Fairfax County, Virginia, used until just two years ago. Nearby, other would-be hackers took turns trying to poke into a simulated election computer network resembling the one used by Cook County, Illinois. …  Before the 2016 election, former FBI Director James Comey assuaged fears by telling Congress that the system was so “clunky” — comprised of a mishmash of different kinds of machines and networks, with each state’s results managed by a consortium of state and county officials — that its overall integrity was fairly safe. Election security advocates aren’t as confident. Barbara Simons, Board Chair of Verified Voting, a nonprofit that since 2003 has studied U.S. elections equipment, said that the vulnerabilities on display in Las Vegas only served to reiterate a need for the country to adopt a nationwide system of verifiable paper ballots and mandatory, statistically significant audits. While numerous states have starting moving in this direction, Simons worries it’s not enough.

National: These Hackers Reveal How Easy It Is To Hack US Voting Machines | Forbes

In a muggy little room in the far corner of Caesar’s Palace, wide-eyed and almost audibly buzzing is Carsten Schurmann. The German-born hacker has just broken into a U.S. voting machine with his Apple Mac in a matter of minutes. He can turn it on and off, he can read all the information stored within and if he felt like it, he could probably change some votes if the system was in use. “This is insane,” he says. But today, that machine is not in use, it’s being opened up for anyone to try what Schurmann did. A host of technically-minded folk have gathered at DEF CON’s Voting Machine Village, where they’re tinkering with more than 25 commonly used systems used across American elections. They might just save the next election from Russian hackers. Those machines are, co-organizer Matt Blaze says, horribly insecure. Blaze’s hope is the public will be made aware of their many, many flaws, and demand elections be protected from outside, illegal interference, following the much-documented attempts by Russia to install Donald Trump as president.

National: Hackers Scour Voting Machines for Election Bugs | VoA News

Hackers attending this weekend’s Def Con hacking convention in Las Vegas were invited to break into voting machines and voter databases in a bid to uncover vulnerabilities that could be exploited to sway election results. The 25-year-old conference’s first “hacker voting village” opened on Friday as part of an effort to raise awareness about the threat of election results being altered through hacking. Hackers crammed into a crowded conference room for the rare opportunity to examine and attempt to hack some 30 pieces of election equipment, much of it purchased over eBay, including some voting machines and digital voter registries that are currently in use.

National: Hackers breach each of dozens voting machines brought to conference | The Hill

One of the nation’s largest cybersecurity conferences is inviting attendees to get hands-on experience hacking a slew of voting machines, demonstrating to researchers how easy the process can be. “It took me only a few minutes to see how to hack it,” said security consultant Thomas Richards, glancing at a Premier Election Solutions machine currently in use in Georgia. The DEF CON cybersecurity conference is held annually in Las Vegas. This year, for the first time, the conference is hosting a “Voting Machine Village” where attendees can try to hack a number of systems and help catch vulnerabilities. The conference acquired 30 machines for hackers to toy with. Every voting machine in the village was hacked.

National: Defcon hackers break voting machines easily with old exploits | CNET

When the password for a voting machine is “abcde” and can’t be changed, the integrity of our democracy might be in trouble. The Advanced Voting Solutions WinVote machine, dubbed “America’s worst voting machine,” came equipped with this simple password even as it was used in some of the country’s most important elections. AVS went out of business in 2007, but Virginia used its insecure machines until 2015 before dropping them for scrap metal. That means this vulnerable hunk of technology was used in three presidential elections, starting with George W. Bush’s re-election in 2004 to Barack Obama’s in 2012. In addition to Virginia, Pennsylvania and Mississippi used the WinVote without knowing all the ways it could be hacked. Unlike other technology — your phone, your laptop, connected cars — security wasn’t really a focus. 

National: It took DEF CON hackers minutes to pwn these US voting machines | The Register

After the debacle of the 2000 presidential election count, the US invested heavily in electronic voting systems – but not, it seems, the security to protect them. This year at the DEF CON hacking conference in Las Vegas, 30 computer-powered ballot boxes used in American elections were set up in a simulated national White House race – and hackers got to work physically breaking the gear open to find out what was hidden inside. In less than 90 minutes, the first cracks in the systems’ defenses started appearing, revealing an embarrassing low level of security. Then one was hacked wirelessly. “Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we’ve uncovered even more about exactly how,” said Jake Braun, who sold DEF CON founder Jeff Moss on the idea earlier this year. “The scary thing is we also know that our foreign adversaries – including Russia, North Korea, Iran – possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security.”

National: Hackers plan to break into 30 voting machines to put election meddling to the test | USA Today

Think of it as a stress test for democracy. Hackers plan to spend this weekend trying to break into more than 30 voting machines used in recent elections to see just how far they can get. U.S. election officials have consistently said that despite Russian attempts to affect the outcome of the 2016 presidential election, no votes were tampered with. … However, experts in election voting software say no states routinely perform post-election vote audits to ensure that the reported vote count tallies with ballots, Singer said. Moreover, there were no forensic examinations of any of the voting machines used in the 2016 presidential election, in part because many election-machine vendor contracts prohibit it, Singer said. That’s a red flag for hackers at DefCon.

National: Five things to watch for at ‘hacker summer camp’ | The Hill

The largest cybersecurity event of the year kicks off this week, as the Black Hat, Def Con and BSides conferences launch back-to-back-to-back in Las Vegas. … In a subversive move, attendees at Def Con will be able to attend its first Voting Machine Village. The Village offers a side conference on voting machine insecurity and a playground of real voting machines for hackers to toy with.