Self-professed hackers and security researchers at a global conference this week made record time in remotely breaking into American voting machines, raising serious concerns about the ability of both foreign and domestic powers to subvert the democratic process. The machines, which were purchased second-hand via online auction sites like Ebay, formed the centerpiece of a hacking competition at the convention.
Held each year in Las Vegas, Nevada DEF CON has drawn both professionals and amateurs from the information science and computer security industry since its inaugural event in 1993. The convention is a notable draw for hackers from around the globe, who use the convention as an opportunity to socialize and participate in competitions. The event also featured talks from a number of notable figures, such as famed chess player and artificial intelligence hobbyist Gary Kasparov, along with Rhode Island Congressmen James Langevin. One talk, titled ‘Hacking Democracy,’ included a segment on the vulnerability and disadvantages of electronic voting.
This year’s convention included a “Voter Hacking Village” where attendees could experiment with hacking the machines. This culminated in a competitive time-trial to see which team could breach the machines the fastest. The winning team managed to remotely hack the voting machines in about 90 minutes, using relatively old and well-known exploits among the global hacking community. As if this wasn’t startling enough, the state of the machines, which had served in actual elections, revealed serious negligence on the part of voting officials.
Many of the machines still contained identifying voter data, which the hackers were easily able to access. County election authorities failed to wipe the machines of this information before releasing them to the secondary market, a serious breach of policy. Furthermore, many of the machines had unprotected Wi-Fi connections, physical ports vulnerable to intrusion, or were equipped with severely outdated operating systems with well-known weaknesses.
Overall, the conference raised important questions about the relationship between technology and information warfare, as well as the capacity for even amateur hackers to covertly impact elections, particularly in the United States. Claims of hacking and voter fraud have featured prominently in the past few presidential elections, with concerns over the security of voting machines first coming to prominence with the Gore-Bush election of 2000. Hopefully, the results of the contest will inspire state and federal authorities to take the issue more seriously. With voting machines by-and-large replacing traditional paper ballots throughout the country, a reexamining of security measures is vital.