It is apparently so easy to hack into the US voting system that an 11-year-old could do it in just a few minutes. At this year’s 26th DEFCON, 47 kids participated in the election hacking contest organized by the Voting Machine Hacking Village.
89 percent of the youngsters reportedly managed to replica websites set up by Wickr and the Wall of Sheep Village.
For 11-year-old Emmett from Austin, Texas, it took a simple SQL injection and just 10 minutes to hack into the Florida Secretary of State replica site and alter election results.
Emmett has reportedly been attending DEFCON for the past four years and had some thoughts about how simple it is to hack into a voting system and change the tallies of election results.
“It’s actually kind of scary,” the 11-year-old said, TechCrunch reported. “People can easily hack into websites like these and they can probably do way more harmful things to these types of websites.”
Although the Voting Village competition highlighted current flawed voting systems used by the US, the National Association of Secretaries of State (NASS) had some harsh words for the event.
“Our main concern with the approach taken by DEFCON is that it utilizes a pseudo environment which in no way replicates state election systems, networks or physical security,” NASS said in a statement. “Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use, does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day.”
“While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results,” NASS added.
Matt Blaze, a veteran security researcher, who helped organize the Voting Village, responded to NASS’ statement by stressing the importance of scrutinizing election systems.
“I think the statement was misguided,” Blaze said, Buzzfeed reported. “It’s only through scrutiny that we’re going to have confidence in elections. That said, the fact that a system has vulnerabilities in it, even incredibly serious vulnerabilities, is not the same as saying any given election has been tampered with.”
“There’s an interesting paradox.” Blaze said. “We know these systems are wildly insecure, and there’s been precious little evidence of these vulnerabilities so far being exploited in real elections. I think we’ve been very lucky, and I think there’s a little bit of a ticking time bomb here.”
According to experts familiar with US election security, the stakes are truly high. Security experts and lawmakers have repeatedly voiced concerns over Russian attempts to interfere in the upcoming midterm elections in November.
In July, Microsoft revealed that it already detected evidence of election interference attempts by Russian hackers into three campaigns gearing up for the midterm 2018 elections.
It is still unclear whether the ongoing efforts of US states and law enforcement agencies to secure election systems against cyber attacks will be successful.