Thursday 19 April 2018

Hacker teams use cover of conference to break into voting machines and databases

Michael Berna uses a functional antenna attached to his helmet to monitor wi-fi networks during the Def Con hacker convention in Las Vegas, Nevada. Photo: REUTERS/Steve Marcus
Michael Berna uses a functional antenna attached to his helmet to monitor wi-fi networks during the Def Con hacker convention in Las Vegas, Nevada. Photo: REUTERS/Steve Marcus

Jim Finkle

Hackers attending this weekend's Def Con hacking convention in Las Vegas were invited to break into voting machines and voter databases in a bid to uncover vulnerabilities that could be exploited to sway election results.

The 25-year-old conference's first "hacker voting village" opened on Friday as part of an effort to raise awareness about the threat of election results being altered through hacking.

Hackers crammed into a crowded conference room for the rare opportunity to examine and attempt to hack some 30 pieces of election equipment, much of it purchased over eBay, including some voting machines and digital voter registries that are currently in use.

"We encourage you to do stuff that if you did on election day they would probably arrest you," said Johns Hopkins computer scientist Matt Blaze.

The exercise featured a "cyber range" simulator where blue teams were tasked with defending a mock local election system from red team hackers. Concerns about election hacking have surged since US intelligence agencies claimed Russian President Vladimir Putin ordered the hacking of Democratic Party emails to help Republican Donald Trump win the 2016 US presidential election.

A Department of Homeland Security official told Congress in June that Russian hackers had targeted 21 US state election systems in the presidential race and a small number were breached, but there was no evidence any votes had been manipulated. Russia has denied the accusations.

Kyle (no last name provided) of the UK-based Secarma, an ethical hacking company, competes in a capture the flag competition during the Def Con convention in Las Vegas, Nevada. Photo: REUTERS/Steve Marcus
Kyle (no last name provided) of the UK-based Secarma, an ethical hacking company, competes in a capture the flag competition during the Def Con convention in Las Vegas, Nevada. Photo: REUTERS/Steve Marcus

Exposure

"The exposure of those devices to the people who do bug bounties or actually look at these kind of devices has been fairly limited," said Brian Knopf, a security researcher for Neustar, a security analysis company. "So Defcon is a great opportunity for those of us who hack hardware and firmware to look to these kind of devices and really answer that question, 'Are they hackable?'"

After just about an hour-and-a-half, the answer was an emphatic "yes". The hackers cracked the first of the 30 voting machines being tested in less time than it takes to watch a movie.

One of the organisers, Jake Braun, said he believed the hacker voting village would convince participants that hacking could be used to sway an election.

"There's been a lot of claims that our election system is unhackable. That's BS," said Mr Braun. "Only a fool or liar would try to claim that their database or machine was unhackable."

Barbara Simons, president of advocacy group Verified Voting, said she expects Russia to try to influence the US 2018 midterm election and 2020 elections. To counter such threats, she called for requiring use of paper ballots and mandatory auditing computers to count them.

Irish Independent

Business Newsletter

Read the leading stories from the world of Business.

Also in Business