August 14, 2018, 04:09 PM
olfuzzyAn 11-year-old changed election results on a replica Florida state website in under 10 minutes
Well...doesn't this make you feel all warm and fuzzy
An 11-year-old boy on Friday was able to hack into a replica of the Florida state election website and change voting results found there in under 10 minutes during the world’s largest yearly hacking convention, DEFCON 26, organizers of the event said.
Thousands of adult hackers attend the convention annually, while this year a group of children attempted to hack 13 imitation websites linked to voting in presidential battleground states.
The boy, who was identified by DEFCON officials as Emmett Brewer, accessed a replica of the Florida secretary of state’s website. He was one of about 50 children between the ages of 8 and 16 who were taking part in the so-called “DEFCON Voting Machine Hacking Village,” a portion of which allowed kids the chance to manipulate party names, candidate names and vote count totals.
Nico Sell, the co-founder of the the non-profit r00tz Asylum, which teaches children how to become hackers and helped organize the event, said an 11-year-old girl also managed to make changes to the same Florida replica website in about 15 minutes, tripling the number of votes found there.
Sell said more than 30 children hacked a variety of other similar state replica websites in under a half hour.
“These are very accurate replicas of all of the sites,” Sell told the PBS NewsHour on Sunday. “These things should not be easy enough for an 8-year-old kid to hack within 30 minutes, it’s negligent for us as a society.”
Sell said the idea for the event began last year, after adult hackers were able to access similar voting sites in less than five minutes.
“So this year we decided to bring the voting village to the kids as well,” she said.
About 50 children participated in the DEFCON hacking event for children on Friday and Saturday. More than 30 of them were able to hack into replicas of secretaries of states, where vote tallies are posted. Photo courtesy of r00tz Asylum
In a statement regarding the event, the National Association of Secretaries of State said it is “ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections.” But the organization expressed skepticism over the hackers’ abilities to access the actual state websites.
“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,” it read. “While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.”’
But Sell said the exercise the children took part in demonstrates the level of security vulnerabilities found in the U.S. election system.
“To me that statement says that the secretaries of states are not taking this seriously. Although it’s not the real voting results it’s the results that get released to the public. And that could cause complete chaos,” she said. “The site may be a replica but the vulnerabilities that these kids were exploiting were not replicas, they’re the real thing.”
“I think the general public does not understand how large a threat this is, and how serious a situation that we’re in right now with our democracy,” she said.
Matt Blaze, a professor of computer and information science at the University of Pennsylvania who helped organize the “hacking village,” said that thousands of adults including voting security experts also tried to access voting machines and other voting software currently being used in U.S. elections today to become “more knowledgeable about voter technology.”
He also noted that the children who participated in their own challenge last week were dealing with replicas that were in many cases created to be even more formidable to access than the actual websites used by secretaries of states across the nation.
“It’s not surprising that these precocious, bright kids would be able to do it because the websites that are on the internet are vulnerable, we know they are vulnerable,” he said. “What was interesting is just how utterly quickly they were able to do it.”
https://www.pbs.org/newshour/n...-in-under-10-minutesAugust 14, 2018, 04:21 PM
saigonsmugglerDamn Russian kids these days.
August 14, 2018, 04:28 PM
Skull LeaderNo, no. The Russian kid wouldn't have told you they were successful.
August 14, 2018, 04:44 PM
PHPaulAm I the only one that has a problem with teaching/encouraging children to be hackers?
August 14, 2018, 04:45 PM
Skull LeaderI think the hope is that if you get them young you can sway them towards the "white hat".
August 14, 2018, 04:49 PM
jhe888quote:
Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?
I think it is like sex. You don't stop them from having sex by pretending it doesn't exist.
August 14, 2018, 04:49 PM
ScreamingCockatooIt wasn't the results, just the reporting.
We had an IT security discussion over this Monday.
August 14, 2018, 04:52 PM
wcb6092There needs to be a check and balance in electronic voting. Corresponding paper ballots that can not be hacked and can verify the electronic machine vote.
August 14, 2018, 04:57 PM
arfmelquote:
Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?
No
August 14, 2018, 05:00 PM
dsietsquote:
Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?
I don't. These will be the adults in the field preventing the illegal hacking in the future.
August 14, 2018, 05:03 PM
Sig2340Make sure he's a Trump supporter.
August 14, 2018, 05:26 PM
grumpy1quote:
Originally posted by ScreamingCockatoo:
It wasn't the results, just the reporting.
We had an IT security discussion over this Monday.
Yep. Article clarifies that.
I am much more concerned about making sure voters are who they say they are via requiring strict voter ID laws, absentee ballot fraud, voter intimidation, and shenanigans that goes on at the precinct level (oops we found ten boxes of ballots in the closet), etc after the polls are closed. Such was discovered during the "Jill Stein vote audits" after the election results at inner city precincts but since election results were not changed I never heard any more about it of course.
"While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.”’"
August 14, 2018, 05:31 PM
joel9507quote:
the non-profit r00tz Asylum, which teaches children how to become hackers
Now, there's a noble cause
There is a fairly easy distinction between accepting that some bright kids might become criminals, and giving kids tutorials on crime.
A homeowner doesn't need training in breaking and entering to know that burglars will try to get in. Sure, alarm companies and window/door companies need to know B&E techniques to design alarms and resistant doors/windows. And I have no issue with the adults working in computer security firms getting familiar with the dark side.
But kids? No way. The usual theory in the criminal justice world is that kids get treated differently from adults because they aren't set up yet for this kind of moral judgement. Is that all wet?
August 14, 2018, 06:11 PM
Bytesquote:
Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?
You shouldn't have a problem with it. Internet security is a reactive, not proactive process. How you gonna stop a hack until you know how you get hacked? Not teaching hacking techniques would be idiocy in spades.
August 14, 2018, 06:25 PM
ScreamingCockatooquote:
Originally posted by grumpy1:
quote:
Originally posted by ScreamingCockatoo:
It wasn't the results, just the reporting.
We had an IT security discussion over this Monday.
Yep. Article clarifies that.
The usual leftist reactionaries(unimportant production drones) were screaming about Russian hacking before our meeting.
I wish I was allowed to tell them how I REALLY felt about their "opinions".
August 14, 2018, 06:34 PM
olfuzzyquote:
Originally posted by ScreamingCockatoo:
It wasn't the results, just the reporting.
We had an IT security discussion over this Monday.
Can you imagine what would have happened if they had reported Hillary winning and then had to change it to a Trump win
August 14, 2018, 06:38 PM
PHPaulI get that preventing/blocking hacking requires knowing HOW to hack.
It just seems to me that this particular exercise rewarded the actual hacking, not the "find a security flaw" aspect.
Or maybe the article (or the portion of it posted) was just slanted that way.
August 14, 2018, 06:40 PM
ScreamingCockatooMe thinks there were flaws set for them to find and demonstrate.
The article is just fluff.
The event is bullshit.
August 14, 2018, 07:10 PM
ChicagoSigManHacking a replica site is not the same as hacking the actual site. I imagine there are security protocols that are not public and might be unknown to anyone setting up a replica site.
August 14, 2018, 08:07 PM
nhtagmemberthe solution is simple
go back to paper ballots
no more electronic machines
cast a vote and count it
paper can be hacked but its much harder