Hackers in Def Con’s “voting village” managed to swap out software, wrest control of tabulation and manipulate the behavior of voting machines that will likely be used in midterm elections.
Their efforts put at least one major company on the defensive, reported The Wall Street Journal.
The voting machines were put to the test at the second annual conference in Las Vegas last weekend. The goal: To give tech companies some insight into flaws that should be addressed before voters head to the polls.
One workshop of child hackers managed to manipulate counts and messages about polling locations on mock versions of official election websites. The BBC called it “child’s play.”
But a leading manufacturer of voting equipment complained that the exercise wasn’t a fair test of vulnerabilities to real-world hackers who would have to do their worst remotely and get past additional security hurdles.
Hackers “will absolutely access some voting systems’ internal components because they will have full and unfettered access to a unit without the advantage of trained poll workers, locks, tamper-evident seals, passwords and other security measures that are in place in an actual voting situation,” Election Systems & Software wrote in a letter sent to customers and seen by the Journal.
The company also said that making voting equipment available to “potential bad actors, foreign or otherwise,” could harm national security, a spokeswoman told the newspaper.
The National Association of Secretaries of State, which represents the top state officials in charge of elections, also criticized the “pseudo” exercise, saying it “in no way replicates state election systems, networks or physical security,” CNN reported. Even still, a number of election officials from across the country attended the conference.
Noah Praetz, director of elections for Cook County in Illinois, spent his time at Def Con trying to learn everything he could about both hacking and disinformation campaigns.
“Obviously, we look at what happened in 2016,” Praetz said, referring to Russian interference in the U.S. presidential election. “What we should expect in the future is a two-pronged attack.”
Some election officials and hackers complained that uncooperative voting machine companies were more interested in protecting their income than in securing America’s votes. However, Jake Braun, one the organizers of the voting village, said it would be naive to assume that Russia wasn’t already doing the same kind of hackathons. He also implied that companies who chose not to put their machines to the test at the conference were being negligent.
Clarification: A previous version of this story implied the Cook County director of elections also supervised elections in Chicago, which in fact has its own elections board.