SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    An 11-year-old changed election results on a replica Florida state website in under 10 minutes
Page 1 2 
Go
New
Find
Notify
Tools
Reply
  
An 11-year-old changed election results on a replica Florida state website in under 10 minutes Login/Join 
Member
Picture of olfuzzy
posted
Well...doesn't this make you feel all warm and fuzzy Roll Eyes


An 11-year-old boy on Friday was able to hack into a replica of the Florida state election website and change voting results found there in under 10 minutes during the world’s largest yearly hacking convention, DEFCON 26, organizers of the event said.

Thousands of adult hackers attend the convention annually, while this year a group of children attempted to hack 13 imitation websites linked to voting in presidential battleground states.

The boy, who was identified by DEFCON officials as Emmett Brewer, accessed a replica of the Florida secretary of state’s website. He was one of about 50 children between the ages of 8 and 16 who were taking part in the so-called “DEFCON Voting Machine Hacking Village,” a portion of which allowed kids the chance to manipulate party names, candidate names and vote count totals.

Nico Sell, the co-founder of the the non-profit r00tz Asylum, which teaches children how to become hackers and helped organize the event, said an 11-year-old girl also managed to make changes to the same Florida replica website in about 15 minutes, tripling the number of votes found there.

Sell said more than 30 children hacked a variety of other similar state replica websites in under a half hour.

“These are very accurate replicas of all of the sites,” Sell told the PBS NewsHour on Sunday. “These things should not be easy enough for an 8-year-old kid to hack within 30 minutes, it’s negligent for us as a society.”

Sell said the idea for the event began last year, after adult hackers were able to access similar voting sites in less than five minutes.

“So this year we decided to bring the voting village to the kids as well,” she said.

About 50 children participated in the DEFCON hacking event for children on Friday and Saturday. More than 30 of them were able to hack into replicas of secretaries of states, where vote tallies are posted. Photo courtesy of r00tz Asylum
In a statement regarding the event, the National Association of Secretaries of State said it is “ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections.” But the organization expressed skepticism over the hackers’ abilities to access the actual state websites.

“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,” it read. “While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.”’

But Sell said the exercise the children took part in demonstrates the level of security vulnerabilities found in the U.S. election system.

“To me that statement says that the secretaries of states are not taking this seriously. Although it’s not the real voting results it’s the results that get released to the public. And that could cause complete chaos,” she said. “The site may be a replica but the vulnerabilities that these kids were exploiting were not replicas, they’re the real thing.”

“I think the general public does not understand how large a threat this is, and how serious a situation that we’re in right now with our democracy,” she said.

Matt Blaze, a professor of computer and information science at the University of Pennsylvania who helped organize the “hacking village,” said that thousands of adults including voting security experts also tried to access voting machines and other voting software currently being used in U.S. elections today to become “more knowledgeable about voter technology.”

He also noted that the children who participated in their own challenge last week were dealing with replicas that were in many cases created to be even more formidable to access than the actual websites used by secretaries of states across the nation.

“It’s not surprising that these precocious, bright kids would be able to do it because the websites that are on the internet are vulnerable, we know they are vulnerable,” he said. “What was interesting is just how utterly quickly they were able to do it.”


https://www.pbs.org/newshour/n...-in-under-10-minutes
 
Posts: 5181 | Location: 20 miles north of hell | Registered: November 07, 2012Reply With QuoteReport This Post
Member
posted Hide Post
Damn Russian kids these days.
 
Posts: 1803 | Location: Austin TX | Registered: October 30, 2003Reply With QuoteReport This Post
Help! Help!
I'm being repressed!

Picture of Skull Leader
posted Hide Post
No, no. The Russian kid wouldn't have told you they were successful.
 
Posts: 11152 | Location: Big Sky Country | Registered: November 20, 2004Reply With QuoteReport This Post
Three Generations
of Service
Picture of PHPaul
posted Hide Post
Am I the only one that has a problem with teaching/encouraging children to be hackers?




Be careful when following the masses. Sometimes the M is silent.
 
Posts: 15181 | Location: Downeast Maine | Registered: March 10, 2010Reply With QuoteReport This Post
Help! Help!
I'm being repressed!

Picture of Skull Leader
posted Hide Post
I think the hope is that if you get them young you can sway them towards the "white hat".
 
Posts: 11152 | Location: Big Sky Country | Registered: November 20, 2004Reply With QuoteReport This Post
Little ray
of sunshine
Picture of jhe888
posted Hide Post
quote:
Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?


I think it is like sex. You don't stop them from having sex by pretending it doesn't exist.




The fish is mute, expressionless. The fish doesn't think because the fish knows everything.
 
Posts: 53118 | Location: Texas | Registered: February 10, 2004Reply With QuoteReport This Post
Shaman
Picture of ScreamingCockatoo
posted Hide Post
It wasn't the results, just the reporting.
We had an IT security discussion over this Monday.





He who fights with monsters might take care lest he thereby become a monster.
 
Posts: 39716 | Location: Atop the cockatoo tree | Registered: July 27, 2002Reply With QuoteReport This Post
Member
posted Hide Post
There needs to be a check and balance in electronic voting. Corresponding paper ballots that can not be hacked and can verify the electronic machine vote.


_________________________
"Sometimes I wonder whether the world is being run by smart people who are putting us on or by imbeciles who really mean it."
Mark Twain
 
Posts: 12581 | Registered: January 17, 2011Reply With QuoteReport This Post
Not really from Vienna
Picture of arfmel
posted Hide Post
quote:
Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?


No
 
Posts: 26852 | Location: Jerkwater, Texas | Registered: January 30, 2007Reply With QuoteReport This Post
Member
Picture of dsiets
posted Hide Post
quote:
Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?


I don't. These will be the adults in the field preventing the illegal hacking in the future.
 
Posts: 7320 | Location: MI | Registered: May 22, 2007Reply With QuoteReport This Post
Step by step walk the thousand mile road
Picture of Sig2340
posted Hide Post
Make sure he's a Trump supporter.





Nice is overrated

"It's every freedom-loving individual's duty to lie to the government."
Airsoftguy, June 29, 2018
 
Posts: 31383 | Location: Loudoun County, Virginia | Registered: May 17, 2006Reply With QuoteReport This Post
Member
Picture of grumpy1
posted Hide Post
quote:
Originally posted by ScreamingCockatoo:
It wasn't the results, just the reporting.
We had an IT security discussion over this Monday.


Yep. Article clarifies that.

I am much more concerned about making sure voters are who they say they are via requiring strict voter ID laws, absentee ballot fraud, voter intimidation, and shenanigans that goes on at the precinct level (oops we found ten boxes of ballots in the closet), etc after the polls are closed. Such was discovered during the "Jill Stein vote audits" after the election results at inner city precincts but since election results were not changed I never heard any more about it of course.

"While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.”’"
 
Posts: 9730 | Location: Northern Illinois | Registered: March 20, 2009Reply With QuoteReport This Post
Don't Panic
Picture of joel9507
posted Hide Post
quote:
the non-profit r00tz Asylum, which teaches children how to become hackers

Now, there's a noble cause Roll Eyes

There is a fairly easy distinction between accepting that some bright kids might become criminals, and giving kids tutorials on crime. Wink

A homeowner doesn't need training in breaking and entering to know that burglars will try to get in. Sure, alarm companies and window/door companies need to know B&E techniques to design alarms and resistant doors/windows. And I have no issue with the adults working in computer security firms getting familiar with the dark side.

But kids? No way. The usual theory in the criminal justice world is that kids get treated differently from adults because they aren't set up yet for this kind of moral judgement. Is that all wet?
 
Posts: 15001 | Location: North Carolina | Registered: October 15, 2007Reply With QuoteReport This Post
Member
posted Hide Post
quote:
Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?


You shouldn't have a problem with it. Internet security is a reactive, not proactive process. How you gonna stop a hack until you know how you get hacked? Not teaching hacking techniques would be idiocy in spades.
 
Posts: 7524 | Registered: October 31, 2008Reply With QuoteReport This Post
Shaman
Picture of ScreamingCockatoo
posted Hide Post
quote:
Originally posted by grumpy1:
quote:
Originally posted by ScreamingCockatoo:
It wasn't the results, just the reporting.
We had an IT security discussion over this Monday.


Yep. Article clarifies that.


The usual leftist reactionaries(unimportant production drones) were screaming about Russian hacking before our meeting.
I wish I was allowed to tell them how I REALLY felt about their "opinions".





He who fights with monsters might take care lest he thereby become a monster.
 
Posts: 39716 | Location: Atop the cockatoo tree | Registered: July 27, 2002Reply With QuoteReport This Post
Member
Picture of olfuzzy
posted Hide Post
quote:
Originally posted by ScreamingCockatoo:
It wasn't the results, just the reporting.
We had an IT security discussion over this Monday.


Can you imagine what would have happened if they had reported Hillary winning and then had to change it to a Trump win Big Grin
 
Posts: 5181 | Location: 20 miles north of hell | Registered: November 07, 2012Reply With QuoteReport This Post
Three Generations
of Service
Picture of PHPaul
posted Hide Post
I get that preventing/blocking hacking requires knowing HOW to hack.

It just seems to me that this particular exercise rewarded the actual hacking, not the "find a security flaw" aspect.

Or maybe the article (or the portion of it posted) was just slanted that way.




Be careful when following the masses. Sometimes the M is silent.
 
Posts: 15181 | Location: Downeast Maine | Registered: March 10, 2010Reply With QuoteReport This Post
Shaman
Picture of ScreamingCockatoo
posted Hide Post
Me thinks there were flaws set for them to find and demonstrate.
The article is just fluff.
The event is bullshit.





He who fights with monsters might take care lest he thereby become a monster.
 
Posts: 39716 | Location: Atop the cockatoo tree | Registered: July 27, 2002Reply With QuoteReport This Post
Now in Florida
Picture of ChicagoSigMan
posted Hide Post
Hacking a replica site is not the same as hacking the actual site. I imagine there are security protocols that are not public and might be unknown to anyone setting up a replica site.
 
Posts: 6061 | Location: FL | Registered: March 09, 2009Reply With QuoteReport This Post
Political Cynic
Picture of nhtagmember
posted Hide Post
the solution is simple

go back to paper ballots

no more electronic machines

cast a vote and count it

paper can be hacked but its much harder



[B] Against ALL enemies, foreign and DOMESTIC


 
Posts: 53086 | Location: Tucson Arizona | Registered: January 16, 2002Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    An 11-year-old changed election results on a replica Florida state website in under 10 minutes

© SIGforum 2024