Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security United States Politics Technology

No, a Teen Did Not Hack a State Election (propublica.org) 73

Headlines from Def Con, a hacking conference held this month in Las Vegas, might have left some thinking that infiltrating state election websites and affecting the 2018 midterm results would be child's play. Articles reported that teenage hackers at the event were able to "crash the upcoming midterm elections" and that it had taken "an 11-year-old hacker just 10 minutes to change election results." A first-person account by a 17-year-old in Politico Magazine described how he shut down a website that would tally votes in November, "bringing the election to a screeching halt." But now, elections experts are raising concerns that misunderstandings about the event -- many of them stoked by its organizers -- have left people with a distorted sense of its implications. From a report: In a website published before r00tz Asylum, the youth section of Def Con, organizers indicated that students would attempt to hack exact duplicates of state election websites, referring to them as "replicas" or "exact clones." (The language was scaled back after the conference to simply say "clones.") Instead, students were working with look-alikes created for the event that had vulnerabilities they were coached to find. Organizers provided them with cheat sheets, and adults walked the students through the challenges they would encounter. Josh Franklin, an elections expert formerly at the National Institute of Standards and Technology and a speaker at Def Con, called the websites "fake." "When I learned that they were not using exact copies and pains hadn't been taken to more properly replicate the underlying infrastructure, I was definitely saddened," Franklin said. Franklin and David Becker, the executive director of the Center for Election Innovation & Research, also pointed out that while state election websites report voting results, they do not actually tabulate votes. This information is kept separately and would not be affected if hackers got into sites that display vote totals.
This discussion has been archived. No new comments can be posted.

No, a Teen Did Not Hack a State Election

Comments Filter:
  • by Anonymous Coward

    Linux geeks and programmers on Slashdot, we known damn well they hacked the website, not the voting machine and we also know damn well that any voting machine without a paper audit trail, reports whatever the votes the Russian hacker says it should report.

    Stop the PR effort against auditability, and help get the last of the states still using non-auditable voting machines to get their shit together.

    There should *not* be a single voting machine now that cannot be audited, yet Florida and Pennsylvania, both s

    • by kenh ( 9056 )

      Stop the PR effort against auditability, and help get the last of the states still using non-auditable voting machines to get their shit together.

      Simple question - Imagine you are running an election, and you have electronic polls that create and audit trail and a tally. What do you do when the total and the audit trail don't match?

      If you always trust the audit trail, then why have the automated tally?

  • by joe_frisch ( 1366229 ) on Saturday August 25, 2018 @07:09AM (#57191672)

    Sometimes people feel so strongly about a cause, for example the dangers of electronic voting, that they think its ok to distort information or even outright lie for that cause. Its becoming very common - and I think its always wrong.

    • by Anonymous Coward

      It's not about the dangers of electronic voting. Democrats don't care about that - you can tell because their bills for "securing" the election are never about the voting machines but instead about hiring private contractors to secure servers "against foreign cyber threads" AKA "Russian hackers."

      This has nothing to do with showing flaws with voting machines. If it did, they would be hacking voting machines. No, this is part of a continued left-wing effort to convince people that our elections are fraudulent

    • by kenh ( 9056 )

      Sometimes people feel so strongly about a cause, for example the dangers of electronic voting, that they think its ok to distort information or even outright lie for that cause.

      We see this play out all the time in the mainstream press, how many "racist/homophobic/sexist customer" insulted me on the CC receipt claims have proven to be false? How about the black students that put nooses around campus to alert everyone to the rampant racism on campus? Or the lesbian couple that wrote anti-homosexual slurs on their own garage door, to prove their neighbors were anti-gay? The list, literally goes on and on.

      The latest trend is for elected officials to claim police harassment/mistreatmen

  • by Junta ( 36770 ) on Saturday August 25, 2018 @07:24AM (#57191702)

    While the organizers of the event themselves stoked the misunderstanding, everything about it smelled like a kids hacking competition with an election theme rather than a real thing. Even if you assumed that the headliner child was some sort of once in a lifetime super genius, it certainly wouldn't have been the case for the majority of the participants to succeed, which did occur.

    If the real thing were so trivial so that an 11 year old could casually do it, then one of the *huge* number of veteran security researchers would have found those problems for real in the real sites.

    • by kenh ( 9056 )

      It was "Day of Code" meets "Election Hacking" - the kids were all but handed step-by-step instructions on how to "compromise" the websites in question - websites which apparently were little more that public results websites, the hacking of which proves nothing.

  • You mean an 11-year-old boy and 11-year-old girl didn't just hack all-der-voting-machines with their mad-crazy l33t hacking skills alone?!?

    You lied to me AGAIN, media! DAMN YOUR HOUSE OF LIES!

  • by davide marney ( 231845 ) on Saturday August 25, 2018 @08:09AM (#57191866) Journal

    As I commented in another thread on election security, unless you have run an actual election, you probably don't appreciate the sheer scale of what's involved in securing an election. I am an election officer in Virginia. Let me shed some light on the subject.

    An election is a massively live event involving hundreds of millions of individuals spread out over 7 time zones (don't forget Guam) and an entire continent-sized geographic area.

    51 independent elections are held, each with their own rules of procedure, equipment, and personnel, with the exception of some common rules for federal elections.

    Within these 51 elections there are thousands of individual voting precincts where the actual votes are counted. Each one of those 51 x 000s precincts are under the complete supervision and control of volunteers. No politician or government worker ever administers the casting of a vote. This is done by your neighbors, a veritable small army of people.

    A voter can only vote in the same physical place where they are a resident. You cannot vote remotely.

    Before you can cast your vote, in most states you must prove your identity and residency. In all states, this process is entirely disconnected from the actual casting of a ballot.

    Except in two states that allow mail-in voting (shame on them), your vote is completely private. No one can force you to vote against your conscience. No one can force you to prove how you voted.

    The threat surface of such an undertaking is massive. There is the possibility of fraud in registering voters. There is possible fraud in selecting and configuring equipment. There is possible fraud in authentication. There is possible fraud in training (or lack thereof). There is possible fraud in counting. There is possible fraud in administration and reporting. And on and on.

    There is no "this one thing" that can defeat an election. To successfully throw an election is a non-trivial task of monumental proportions. Of course that doesn't stop people from trying.

    The gold standard preventative tools we use to secure a vote are:

    - Contemporaneous, independent protocols recording the votes, such as scanned paper ballots, hourly running call logs of the number of voters voting, and duplicate end-of-day reports placed under court custody
    - 100% Chain-of-custody controls of equipment
    - Black-box testing
    - Training, training, training
    - Aggressive de-duplication and data cleansing.

    Anyone who tells you that some 11 year-old can "throw" an election with a hack on some copy of a reporting web site is just trying to sell you something or gain some internet fame.

    • There is no "this one thing" that can defeat an election.

      No, you need two things; "this one thing" plus illegal halting of a legitimate recount.

  • by lucasnate1 ( 4682951 ) on Saturday August 25, 2018 @08:33AM (#57191926) Homepage

    Only exist in film.

    • by Mashiki ( 184564 )

      Oh come on now. Don't ya know they're so skilled they can hack the Gibson.

    • Are you suggesting that all the 11 year olds who get in trouble for hacking their school computers are all just victims of some vast conspiracy?

      Is it aliens? Please tell me it has aliens.

  • ...Headlines from Def Con, a hacking conference held this month in Las Vegas, might have left some thinking ...

    ... but all the articles I read on the topic left me with the impression that it was a duplicate copy of the election system, not the real, live election system itself.

  • Comment removed based on user account deletion

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...