Vulnerability Management

Def Con voter hacking village stirs backlash from states, vendors

Harsh words were expressed last week by the organizers of the Def Con Voting Village to one of the primary election voting machine manufacturers and the National Association of Secretaries of State (NASS) as the former group had eager show attendees spend time attempting to find flaws in 30 actively used voting machines.

Jake Braun, of University of Chicago and Cambridge Global Advisors, and a founder of the Voting Village, launched into a brief expletive-filled tirade against the NASS and the voting machine vendor Election Systems & Software (ES&S), each of which stated the Voting Village was doing a disservice to the country.

“We are IDing things local officials can address to make elections safer,” Braun said during a Def Con session while waving the letters he had received from the two groups prior to the show. 

One of the issues raised by the NASS was it believes the testing done at Def Con does not represent a real-world voting environment and thus any findings would be suspect.

“Our main concern with the approach taken by Def Con is that it utilizes a pseudo environment which in no way replicates state election systems, networks or physical security. Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use, does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day,” the NASS stated in its letter.

The Voting Village organizers strongly disagreed saying all 30 of the models studied in the village are currently in use and will be utilized during the upcoming mid-term election.

Harri Hursti, of Nordic Innovation Labs, said the goal of the Voting Village hack is not to do systematic research or testing, but to simply explore and gain information on possible problems with the machine.

“We are doing this in a responsible way,” he added, noting that while a mock election was held as part of the Def Con experience it was in no way supposed to represent a true voting experience.

Matt Blaze, of the University of Pennsylvania, also took exception to the points raised in the letters saying, “We are doing a critical service to democracy.”

ES&S explained its concerns over the Voting Village in a letter to its customers in which it accused the organizers of illegally using the software and firmware installed on the machines without a license, although it did admit the hardware itself was purchased legally online. The company also said allowing unfettered access to the machines, including disassembly, was unrealistic and does not resemble what happens in an actual polling place. The letter added that an actual polling place does have the security to stop anyone attempting such hacking actions on Election Day.

Blaze and Hursti told SC Media that all 30 machines in the village were purchased on eBay legally and both noted that in their opinion several of the machines were so insecure that they could be tampered with very quickly by people in a voting booth.

The village attracted a wide variety of government officials, ranging from county board of elections workers to California Secretary of State Alex Padilla.

A complete paper detailing all the results from the hackers will be forthcoming in around a month, but some basic findings were given out at the end of each day.

These included:

·       An ES&S vote counter machine that is used by counties to tally ballots were found to have an active Ethernet port.

·       Poll Book Machines Express Poll 5000 were found to be vulnerable to having their easily accessible memory cards removed from the top of the machine and replaced with a market purchased copy pre-loaded with alternative voting information.

·       The mock election held, conducted an AccuVote TSX, between George Washington and Benedict Arnold was hacked by pre-programming the memory cards with a pre-determined result, but which used the proper number of votes received. The winner was a third party called The Dark Tangent.

·       Other findings include machines that were disposed of without being reformatted and thus still contained voting information, CD ripping software was found on one unit and in one case a song was found in the memory of one unit.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.