Well...doesn't this make you feel all warm and fuzzy


An 11-year-old boy on Friday was able to hack into a replica of the Florida state election website and change voting results found there in under 10 minutes during the world’s largest yearly hacking convention, DEFCON 26, organizers of the event said.

Thousands of adult hackers attend the convention annually, while this year a group of children attempted to hack 13 imitation websites linked to voting in presidential battleground states.

The boy, who was identified by DEFCON officials as Emmett Brewer, accessed a replica of the Florida secretary of state’s website. He was one of about 50 children between the ages of 8 and 16 who were taking part in the so-called “DEFCON Voting Machine Hacking Village,” a portion of which allowed kids the chance to manipulate party names, candidate names and vote count totals.

Nico Sell, the co-founder of the the non-profit r00tz Asylum, which teaches children how to become hackers and helped organize the event, said an 11-year-old girl also managed to make changes to the same Florida replica website in about 15 minutes, tripling the number of votes found there.

Sell said more than 30 children hacked a variety of other similar state replica websites in under a half hour.

“These are very accurate replicas of all of the sites,” Sell told the PBS NewsHour on Sunday. “These things should not be easy enough for an 8-year-old kid to hack within 30 minutes, it’s negligent for us as a society.”

Sell said the idea for the event began last year, after adult hackers were able to access similar voting sites in less than five minutes.

“So this year we decided to bring the voting village to the kids as well,” she said.

About 50 children participated in the DEFCON hacking event for children on Friday and Saturday. More than 30 of them were able to hack into replicas of secretaries of states, where vote tallies are posted. Photo courtesy of r00tz Asylum
In a statement regarding the event, the National Association of Secretaries of State said it is “ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections.” But the organization expressed skepticism over the hackers’ abilities to access the actual state websites.

“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,” it read. “While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.”’

But Sell said the exercise the children took part in demonstrates the level of security vulnerabilities found in the U.S. election system.

“To me that statement says that the secretaries of states are not taking this seriously. Although it’s not the real voting results it’s the results that get released to the public. And that could cause complete chaos,” she said. “The site may be a replica but the vulnerabilities that these kids were exploiting were not replicas, they’re the real thing.”

“I think the general public does not understand how large a threat this is, and how serious a situation that we’re in right now with our democracy,” she said.

Matt Blaze, a professor of computer and information science at the University of Pennsylvania who helped organize the “hacking village,” said that thousands of adults including voting security experts also tried to access voting machines and other voting software currently being used in U.S. elections today to become “more knowledgeable about voter technology.”

He also noted that the children who participated in their own challenge last week were dealing with replicas that were in many cases created to be even more formidable to access than the actual websites used by secretaries of states across the nation.

“It’s not surprising that these precocious, bright kids would be able to do it because the websites that are on the internet are vulnerable, we know they are vulnerable,” he said. “What was interesting is just how utterly quickly they were able to do it.”


https://www.pbs.org/newshour/n...-in-under-10-minutes

Damn Russian kids these days.

No, no. The Russian kid wouldn't have told you they were successful.

Am I the only one that has a problem with teaching/encouraging children to be hackers?

I think the hope is that if you get them young you can sway them towards the "white hat".

quote:

Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?

I think it is like sex. You don't stop them from having sex by pretending it doesn't exist.

It wasn't the results, just the reporting.
We had an IT security discussion over this Monday.

There needs to be a check and balance in electronic voting. Corresponding paper ballots that can not be hacked and can verify the electronic machine vote.

quote:

Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?

No

quote:

Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?

I don't. These will be the adults in the field preventing the illegal hacking in the future.

Make sure he's a Trump supporter.

quote:

Originally posted by ScreamingCockatoo:
It wasn't the results, just the reporting.
We had an IT security discussion over this Monday.

Yep. Article clarifies that.

I am much more concerned about making sure voters are who they say they are via requiring strict voter ID laws, absentee ballot fraud, voter intimidation, and shenanigans that goes on at the precinct level (oops we found ten boxes of ballots in the closet), etc after the polls are closed. Such was discovered during the "Jill Stein vote audits" after the election results at inner city precincts but since election results were not changed I never heard any more about it of course.

"While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.”’"

quote:

the non-profit r00tz Asylum, which teaches children how to become hackers

Now, there's a noble cause

There is a fairly easy distinction between accepting that some bright kids might become criminals, and giving kids tutorials on crime.

A homeowner doesn't need training in breaking and entering to know that burglars will try to get in. Sure, alarm companies and window/door companies need to know B&E techniques to design alarms and resistant doors/windows. And I have no issue with the adults working in computer security firms getting familiar with the dark side.

But kids? No way. The usual theory in the criminal justice world is that kids get treated differently from adults because they aren't set up yet for this kind of moral judgement. Is that all wet?

quote:

Originally posted by PHPaul:
Am I the only one that has a problem with teaching/encouraging children to be hackers?

You shouldn't have a problem with it. Internet security is a reactive, not proactive process. How you gonna stop a hack until you know how you get hacked? Not teaching hacking techniques would be idiocy in spades.

quote:

Originally posted by grumpy1:

quote:

Originally posted by ScreamingCockatoo:
It wasn't the results, just the reporting.
We had an IT security discussion over this Monday.

Yep. Article clarifies that.

The usual leftist reactionaries(unimportant production drones) were screaming about Russian hacking before our meeting.
I wish I was allowed to tell them how I REALLY felt about their "opinions".

quote:

Originally posted by ScreamingCockatoo:
It wasn't the results, just the reporting.
We had an IT security discussion over this Monday.

Can you imagine what would have happened if they had reported Hillary winning and then had to change it to a Trump win

I get that preventing/blocking hacking requires knowing HOW to hack.

It just seems to me that this particular exercise rewarded the actual hacking, not the "find a security flaw" aspect.

Or maybe the article (or the portion of it posted) was just slanted that way.

Me thinks there were flaws set for them to find and demonstrate.
The article is just fluff.
The event is bullshit.

Hacking a replica site is not the same as hacking the actual site. I imagine there are security protocols that are not public and might be unknown to anyone setting up a replica site.

the solution is simple

go back to paper ballots

no more electronic machines

cast a vote and count it

paper can be hacked but its much harder