Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Government Privacy Security The Internet Politics

11-Year-Old Changes Election Results On Florida's Website: Defcon 2018 (pbs.org) 202

UnknowingFool writes: At this year's DEFCON, a group of 50 children aged 8 to 16 participated in a hack of 13 imitation election websites. One 11-year-old boy changed the voting results in 10 minutes. A 11 year-old-girl was also able to change the voting results in 30 minutes. Overall, more than 30 of the 50 children were able to hack the websites in some form. The so-called "DEFCON Voting Machine Hacking Village" allowed kids the chance to manipulate vote tallies, party names, candidate names and vote count totals. The 11-year-old girl was able to triple the number of votes found on the website in under 15 minutes.

The National Association of Secretaries of State said in a statement that it is "ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections." But the organization expressed skepticism over the hackers' abilities to access the actual state websites. "It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols," it read. "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results."
This discussion has been archived. No new comments can be posted.

11-Year-Old Changes Election Results On Florida's Website: Defcon 2018

Comments Filter:
  • Misleading Title (Score:5, Insightful)

    by _Sharp'r_ ( 649297 ) <sharper AT booksunderreview DOT com> on Monday August 13, 2018 @02:23AM (#57114780) Homepage Journal

    11-Year-Old Changes Election Results On Florida's Website: Defcon 2018

    should actually be:

    11-Year-Old Changes Numbers Displayed On Faked Replica HTML Page Setup to be Changed by Kids: Defcon 2018

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Likely it is something like that. However, there is NO reason at all, none, not a single reason in the universe, to have any form of automated vote counting. To have electronic voting. To have mechanized voting. I mean, what the flying fuck.... you get a card, you mark an X on it, and you're done.

      Here we have representatives from each party, at each voting site, counting the vote together. And we have up to 6 or 7 legitimate parties, even in Federal elections! There is no benefit for mechanized or ele

      • by mark-t ( 151149 )

        Likely it is something like that. However, there is NO reason at all, none, not a single reason in the universe, to have any form of automated vote counting. ....

        If someone is going to blather on about "counting", ffs. It's not that hard, at all. We have all those parties, and we get counts an hour after polls close.

        I agree.... but just because it's not hard to do, and doesn't even take very long doesn't mean that it's not a reason.

        There is a difference between not having any reason and not having any g

    • Re:Misleading Title (Score:5, Interesting)

      by AmiMoJo ( 196126 ) on Monday August 13, 2018 @04:31AM (#57115092) Homepage Journal

      Which is normally how security demos work, because hacking the real site would be illegal.

      The point here is that those sites are vulnerable to literal script kiddie attacks. While the government tries to hand wave it away as just an attack on a site showing preliminary results and correctly points out that such a site would not be used to make the official determination of who won, that's missing the point.

      These days such a hack would spawn a brand new QAnon-style conspiracy theory, pushed on social media by the same people did the hack. It would further erode trust in the electoral system, which leads to lower turnout next time. It makes the whole process look like some dictatorship doing a bad job of rigging the votes.

      • by Anonymous Coward

        No, the sites aren't even replicas of the actual vote records and tallies, they are replicas of the systems used to display the results.

        Which, unsurprisingly, would exist even if voting was done on paper.

        • by Junta ( 36770 )

          It may be going too far to claim them to be 'replicas' and more like 'mockups of something that vaguely resembles the actual site'.

          At least, that is the claim of the government. Meaning one of: the government helped and admits their mockups aren't reflective of the genuine implementation, the government had nothing to do with it and thus the organizers were just making a mockup, or the government is lying.

          Given the age range, and the overwhelming success, but no 'the sky is falling' prior to the exercise d

    • by Anonymous Coward

      Hacking the displayed info is a legit issue. Its a sign that the rest of the infrastructure is likely to be similarly poorly defended. One-off systems — like tabulation and voter registration — are inherently more fragile than mass-market systems that have had hundreds millions of hours worth of real world deployment to work the bugs out.

      If they can't secure the most basic stuff, the stuff that everybody knows how to secure because its all common building blocks that have been vetted in hundr

      • Sure, but that's not what they did here. They made a faked mock-up designed to look similar to the actual site in the resulting html. That's where the resemblance to the real State website ended. The didn't replicate the architecture of the actual sites, it was basically a "If you do this, this happens" demo, then they let the kids play around with what they'd shown them in the demo environment.

        • Also, while having an insecure website is not a positive sign, it's possible the organization took the (arguably technically correct but incorrect from a public relations view) that the website, not being part of the actual vote counting apparatus, was not particularly important to secure. If the actual vote counting infrastructure provided a secure read-only access to the website, the organizatoin may have decided to spend limited development dollars on securing the actual voting machines rather than the
    • by asylumx ( 881307 )

      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.

      When I first read this, I tried to figure out which party was which. Then I realized it doesn't matter. Great quote.

    • by Toad-san ( 64810 )

      True that.

    • The response from The National Association of Secretaries of State was:
      "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results."

      I hate to say it, but that sure sounds like they just issued a challenge.

    • by BinBoy ( 164798 )

      Nobody would click on the honest title.

  • by Bruce66423 ( 1678196 ) on Monday August 13, 2018 @02:26AM (#57114784)

    Something like Bill Gates winning a House of Representatives seat for which he didn't stand with 100% of the vote. Until something that visible occurs, this will remain a phony war.

    • by Anonymous Coward on Monday August 13, 2018 @02:59AM (#57114880)

      OR.... hack an election with the paper audit trail type voting machines, then challenge the result. The recount of the paper trail vs the machine will show the fraudulent nature of the machine count.

      If you look at the current state of voting machine, you'll been dismayed. Pennsylvania still has paperless voting machines, it still cannot verify the election result and its not the only state to get unexpected voting results.

      https://www.buzzfeednews.com/article/kevincollier/the-voting-machines-in-pennsylvanias-18th-dont-leave-a

      The only fix for that is to show how the paper trail reveals the fraud, then block the use of these Fisher Price voting machines in court so trustable paper voting can be used.

      • We can make election machines verifiable; it requires some strict integrity protocols. You have no integrity if you don't have public observers and known-good ballot boxes.

        Today, we have black-box EVMs and poor public understanding of elections security, which has lead to people rushing back to paper ballots without even fully protecting paper ballot integrity. If you had proper handling procedures, you would start with known-good software images for EVMs (yes, that means those images are public, publi

    • by Opportunist ( 166417 ) on Monday August 13, 2018 @03:13AM (#57114918)

      And why would I do that when I could make Senator A president, become a billionaire in the process and get perpetual legal immunity? It sure beats being hunted down by every three-letter-agency in the US for showing that the emperor has no clothes and then spending the rest of my life in the worst kind of prison in an attempt to not only have the world forget me but also to send a message to everyone who'd dare to repeat my stunt.

    • Re: (Score:2, Informative)

      Why don't all American hackers get together to hack the election and get some ridiculous clown elected as president to prove how vulnerable the election system is?

      Hey..., wait... did you already do that?
      • Re: (Score:1, Insightful)

        by Anonymous Coward

        Try looking at the videos of Trump's election campaign speeches to see the size of the crowds that attended, versus the size of the crowds that attended Clinton's campaign speeches. Notice something? Trump had about FIVE TIMES as many people at his events. Why is that? Because you're an idiot who believes everything the media tells you, and you actually believe that Clinton had 50% of the population supporting her - she clearly did not - as proved by the best evidence possible - the number of people who att

        • I see nothing in your post that contradicts that some ridiculous clown was elected.
      • Why don't all American hackers get together to hack the election and get some ridiculous clown elected as president...

        Why? They didn't need to; Hillary came along. (I don't know anybody that voted for Trump... but there sure as fuck were a lot of legitimate votes against "Cankles McKlanswoman.")

    • Maybe something like 243% voter turnout [arstechnica.com]?
  • by 93 Escort Wagon ( 326346 ) on Monday August 13, 2018 @02:35AM (#57114806)

    ”The 11-year-old girl was able to triple the number of votes found on the website in under 15 minutes.”

    At last we know who to blame regarding the elephants in Africa!

  • Certainly impressive hacking skills, but how can anyone know that the "replica" of the Florida election site is identical to the real site. They need to be able to hack into the real site.
    • by sjames ( 1099 )

      Contributing to the delinquency of a minor, such as encouraging them to hack the real page, would be a crime. Suggestions?

      • Contributing to the delinquency of a minor, such as encouraging them to hack the real page, would be a crime. Suggestions?

        Seems to me that persuading a kid to challenge authority would be sufficient evidence in most courts of contributing to delinquency; the actual hacking attempt would just be symptomatic.

        • by sjames ( 1099 )

          It would be enough that the courts and prosecutor would WANT to find you guilty, but they'd still be stretching.

    • "They need to be able to hack into the real site"

      https://www.reuters.com/article/us-usa-election-security/u-s-senator-says-russians-have-penetrated-florida-election-systems-tampa-bay-times-idUSKBN1KU003

  • by Archtech ( 159117 ) on Monday August 13, 2018 @02:58AM (#57114874)

    "One 11-year-old boy changed the voting results in 10 minutes. A 11 year-old-girl was also able to change the voting results in 30 minutes".

    But is he Russian?

    That's all that matters.

  • The National Association of Secretaries of State said in a statement that it is "ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections."

    How about you do your f*cking job and secure our elections, or you get fired and/or imprisoned?

  • Relevant (Score:3, Informative)

    by NicknameUnavailable ( 4134147 ) on Monday August 13, 2018 @04:51AM (#57115136)
  • Minors are taking suffrage into their own hands, I see.

  • by misnohmer ( 1636461 ) on Monday August 13, 2018 @05:02AM (#57115146)

    Apparently manipulation what is being reported on election night isn't a big deal? What if for example seeing "Candidate A declared a projected winner by all stations" causes people planning to vote for the opponent to simply stay home thinking the election has already been decided?

    • That's not how election night (or general post-election) coverage works.

      First, election websites only show what polling locations report AFTER the polling locations are closed. All polling locations in a locality close at the same time (unless they stay open later for long lines, etc.) and then begin tallying and reporting to the election authorities. As the election authorities receive and validate results after the closure of all polling locations, they update the website. [Source: my best friend is an of

      • First, election websites only show what polling locations report AFTER the polling locations are closed. All polling locations in a locality close at the same time (unless they stay open later for long lines, etc.) and then begin tallying and reporting to the election authorities.

        Unless, of course, the "locality" is "the entire US". I have seen no issues claimed or reported with local elections producing early results, simply because local election boards understand the issue and have all their polling places close at the same time.

        The issue only comes up during US Presidential elections, where the local polling places span 7 time zones. And each media outlet is anxious to get street cred by announcing the right projected winner.

        Second, all (legitimate) news outlets refrain from projecting/declaring a winner until after all polls related to that election are closed to prevent this very thing.

        I'm so glad that you thought enough about the issue t

    • Isn't this what happened with the primaries?

    • planning to vote for the opponent to simply stay home thinking the election has already been decided

      OH -- you mean for national elections, not local. Yeah, Hawaii's always been screwed with that. Hours before their polls even close "the election's already been decided" by the mainland, and has been that way for years (decades.) I wonder why they bother to vote at all.

      Until ALL polling stations close the shouldn't report early results or guestimates. That wouldn't fly though, all the newscasters would all have heads, bladders, or lungs exploded by then from them holding it in for so long

      HEY, WAIT..

    • That doesn't work. Since I live in New York and it was decided for Clinton months before the election, I voted for Trump so you couldn't blame me. Didn't turn out well.

      Come to think of it, there was no scenario where the election could have turned out well.

  • quite a summary (Score:5, Informative)

    by cascadingstylesheet ( 140919 ) on Monday August 13, 2018 @07:43AM (#57115564) Journal

    11 year old changes election results! ... er no, news about results posted to a website ... er, no, not an actual website, a fake one ...

    Sheesh. I can always count on /.

    • by Junta ( 36770 )

      Yeah, as far as I can tell, this was an election themed kids hacking competition, designed for them to be able to succeed in large numbers.

  • It has been officially known for years that voting machines have zero security. Officially known that hacking them can be done by a bright 10 year old - 11 in this case. I've read open literature reports detailing the process in maybe 2002.

    It beggers all belief to think that a tool so simply accessed is not utilized.

    • Apparetly there is a slashdotter who believes that the truth is a troll action.

      A perfect illustration of people who despite all evidence to the contrary. begger the imagination.

  • Why is our sexist bias such that young women are not competitive in this sort of activity?

    So much slower than the young men! Sad!!

  • "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results." https://www.nass.org/node/1511 [nass.org]

    You're forgetting West Virginia that is allowing online voting with your smartphone. https://www.wired.com/story/sm... [wired.com]
  • From the summary

    While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.

    While the preliminary results are by definition not final and not official, they do matter. What people *think* the results are can lead to riots. If the preliminary results are radically different than the final results, people lose confidence in the election process. If results (accurate or not) are published prior to the polls closing, people supporting the "winning" candidate may opt not to vote at the last minute, whereas those in support of the "losing" candidate may rush to the polls.

    • by PPH ( 736903 )

      What people *think* the results are can lead to riots.

      Pretty sad. With a 51 to 49% result (whichever way you think it went), the losing side should just shrug and say "That's the way it goes." It's not like a despot with a few percent of the population backing him (her) got into office.

      This country is built on the principle of individual liberty. Someone got elected you don't like? Big deal. Just carry on and things will be OK. If you really are so dependent on a mommy state to care for you, there's always the Soviet Union ..... or maybe not.

  • Comment removed based on user account deletion
  • by Anonymous Coward

    Fake news. Misleading title, bullshit story that doesn't really mean what they pretend it does to get clicks. Things have kinda slid downhill around here.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...