Home / News & Analysis / Hacking the websites responsible for election information is so easy an 11 year-old did it

Hacking the websites responsible for election information is so easy an 11 year-old did it

It’s time to talk about election security.

Over the weekend at Def Con, the annual hacker convention in Las Vegas to discuss some of the latest and greatest (or scariest) trends in the wild world of hacking, a pair of election security hacking demonstrations set up for adults and kids alike offered up some frightening revelations about America’s voting infrastructure. (I’m not even going to begin to touch Voatz.)

Voatz: a tale of a terrible, horrible, no-good, very bad idea

For 11 year-old Emmett from Austin, hacking the website for the Florida Secretary of State was as easy as a simple SQL injection.

While it took Emmett only 10 minutes to break into the election reporting section of the Florida Secretary of State web page, it’s important to note that these pages were set up as replicas.

The idea, according to event organizers from Wickr (a secure communications platform), “was mainly focused on breaking into the portions of the websites that are critical to the election process, [so] the kids worked against the replicas of the webpages where election results are reported by secretaries of state.”

The replicas were built by the team at Wall of Sheep Village and they issued the following statement: “The main issues with the live sites we are creating the replicas of are related to poor coding practices. They have popped up across the industry and are not vendor specific.”

And while the National Association for the Secretaries of State had some choice words for the Voting Machine Hacking Village, they didn’t address the hacks the kids made on their actual web sites.

Well this is interesting. National Association of Secretaries of State issues statement against the Def Con Voting Village. Says its attempt to recreate (and likely hack the shit out of) a connected mockup of the election process isn't realistic. pic.twitter.com/c1uy694UPA

— Kevin Collier (@kevincollier) August 9, 2018

In all, some 47 kids participated in the election hacking contest and 89% of them managed to get in to the virtual web sites set up by Wickr and Wall of Sheep Village.

Emmett, whose dad works in cybersecurity and who has been attending Def Con now for four years, has some thoughts on how easy it was for him to get into the system and change the vote tallies for election results.

“It’s actually kind of scary,” the 11 year-old said. “People can easily hack in to websites like these and they can probably do way more harmful things to these types of websites.”

The point, according to Wickr’s (badass) founder Nico Sell, is to bring attention to just how flawed security operations remain at the state level in areas that are vital to the nation’s democracy.

“The really important reason why we’re doing this is because we’re not taking the problem serious enough how significantly someone can mess with our elections,” said Sell. “And by showing this with eight year old kids we can call attention to the problem in such a way that we can fix the system so our democracy isn’t ruined.”

Some executives at big corporations share the same concerns. For Hugh Thompson, the chief technology officer at Symantec, the risks are real — even if the problems won’t manifest in the most important elections.

As Thompson (who worked on election security in the early 2000s) told The Financial Times, “The risk that I think most of us worried about at that time is still the biggest one: someone goes into a state or a county that doesn’t really matter in the grand scheme of the election, is not going to change the balance on x, y or z, but then publishes details of the attack,” he said. “Undermining confidence in the vote is scary.”

Stakes are incredibly high, according to experts familiar with election security. Despite the indictments that Robert Mueller, the special counsel investigating Russian interference, issued against 12 Russian nationals for targeting the 2016 US election, Russian hacking remains a threat in the current election cycle.

Microsoft has already said that it has detected evidence of attempted Russian interference into three campaigns already in the 2018 election cycle.

As Fortune reported in July, Microsoft’s vice president for customer security, said that researchers at the company had discovered phishing campaigns that were linked to the GRU, the Russian military intelligence unit tied to the DNC election hacks from 2016.

For security officers working on the websites for the secretaries of state in the battleground states that the tween and teen hackers targeted during Def Con, young Emmett has some advice.

“Use more protection. Upgrade your security and obviously test your own websites against some of the common vulnerabilities,” the 11 year-old advised.

Check Also

Y Combinator is launching a startup program in China

U.S. accelerator Y Combinator is expanding to China after it announced the hiring of former Microsoft and Baidu Qi Lu who will develop a standalone startup program that runs on Chinese soil. Shanghai-born Lu spent 11 years with Yahoo and eight years with Microsoft before a short spell with Baidu, where he was COO and head of the firm’s AI research division. Now he becomes founding CEO of YC China while he’s also stepping into the role of Head of YC Research. YC will also expand its research team with an office in Seattle, where Lu has plenty of links. There’s no immediate timeframe for when YC will launch its China program, which represents its first global expansion, but YC President Sam Altman told TechCrunch in an interview that the program will be based in Beijing once it is up and running. Altman said Lu will use his network and YC’s growing presence in China — it ran its first ‘Startup School’ event in Beijing earlier this year — to recruit prospects who will be put into the upcoming winter program in the U.S.. Following that, YC will work to launch the China-based program as soon as possible. It appears that the details are still being sketched out, although Altman did confirm it will run independently but may lean on local partners for help. The YC President he envisages batch programming in the U.S. and China overlapping to a point with visitors, shared mentors and potentially other interaction between the two. China’s startup scene has grown massively in recent years, numerous reports peg it close to that of the U.S., so it makes sense that YC, as an ‘ecosystem builder,’ wants to in. But Altman believes that the benefits extend beyond YC and will strengthen its network of founders, which spans more than 1,700 startups. “The number one asset YC has is a very special founder community,” he told TechCrunch. “The opportunity to include a lot more Chinese founders seems super valuable to everyone. Over the next decade, a significant portion of the tech companies started will be from the U.S. or China [so operating a] network across both is a huge deal.” Altman said he’s also banking on Lu being the man to make YC China happen. He revealed that he’s spent a decade trying to hire Lu, who he described as “one of the most impressive technologists I know.” Y Combinator President Sam Altman has often spoken of his desire to get into the Chinese market Entering China as a foreign entity is never easy, and in the venture world it is particularly tricky because China already has an advanced ecosystem of firms with their own networks for founders, particularly in the early-stage space. But Altman is confident that YC’s global reach and roster of founders and mentors appeals to startups in China. YC has been working to add Chinese startups to its U.S.-based programs for some time. Altman has long been keen on an expansion to China, as he discussed at our Disrupt event last year, and partner Eric Migicovsky — who co-founder Pebble — has been busy developing networks and arranging events like the Beijing one to raise its profile. That’s seen some progress with more teams from China — and other parts of the world — taking part in YC batches, which have never been more diverse. But YC is still missing out on global talent. According to its own data, fewer than 10 Chinese companies have passed through its corridors but that list looks like it is missing some names so the number may be higher. Clearly, though, admission are skewed towards the U.S. — the question is whether Qi Lu and creation of YC China can significantly alter that.

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.