The toughest thing to convey to newcomers at the DefCon Voting Village in Las Vegas this weekend? Just how far they could go with hacking the voting machines set up on site. “Break things, just try to pace yourself,” said Matt Blaze, a security researcher from the University of Pennsylvania who co-organized the workshop. DefCon veterans were way ahead of him. From the moment the doors opened, they had cracked open plastic cases and tried to hot-wire devices that wouldn’t boot. Within two minutes, democracy-tech researcher Carsten Schürmann used a novel vulnerability to get remote access to a WINVote machine. The Voting Village organizers—including Harri Hursti, an election technology researcher from Finland, and Sandy Clark from the University of Pennsylvania—had set up about a dozen US digital voting machines for conference attendees to mess with. Some of the models were used in elections until recently and have since been decommissioned; some are still in use. Over three days, attendees probed, deconstructed and, yes, even broke the equipment in an effort to understand how it works and how it could be compromised by attackers. Their findings were impressive, but more importantly, they represented a first step toward familiarizing the security community with voting machines and creating momentum for developing necessary defenses.
… Chris Gallizzi, a hardware hacker who works for a video game company, sat down with an ExpressPoll that had been left open with its internal components exposed and starting inspecting the chipset. “This is pretty surprising,” he said. “I would think that they would hire manufacturers to custom-build these chips, but they’re all standard, off the shelf. For hardcore copyists it would probably take them about three months and maybe $4,000 or $5,000 to make an imposter machine. You could easily make a prototype.”
… DefCon hopes that the discussion and collaboration that began at the conference will spawn independent projects and further research around the country. For one weekend in Las Vegas, though, a single exchange encapsulated the urgency of turning experimentation into action.
“No one’s going to be able to do that during an election,” one attendee said to a colleague, dismissing an idea at the end of the first day.
The other replied: “Why the fuck not?”