Think of it as a stress test for democracy. Hackers plan to spend this weekend trying to break into more than 30 voting machines used in recent elections to see just how far they can get.
U.S. election officials have consistently said that despite Russian attempts to affect the outcome of the 2016 presidential election, no votes were tampered with.
Prove it, say organizers of DefCon, an annual hacker convention held in Las Vegas each July.
The idea is to “start hacking on (the machines) to raise awareness and find out for ourselves what the deal is. I’m tired of reading misinformation about voting system security,” Jeff Moss, DefCon founder, wrote on the conference blog.
One of the event organizers is Matt Blaze, a professor at the University of Pennsylvania who’s been working on making election software more secure since the mid-2000s. The the best of his knowledge, this will be the first time a technical crowd will have the ability to look at the machines “on a large scale.”
That’s in part because until 2015, it was illegal under the terms of the Digital Millennium Copyright Act to try to hack into voting machines.
“The Library of Congress granted an exemption that explicitly allowed this type of research, to enable good faith research of security flaws,” said Stephanie Singer a project lead with Free & Fair, a Portland, Ore.-based election technology company.
The event comes as attempted election meddling has become a major geo-political issue both in the United States and worldwide.
This week the Senate grilled the president’s son-in-law and adviser, Jared Kushner, on possible collusion in Russian attempts to influence the U.S. presidential election via hacking. (He denied collusion.)
Cyberattacks over the past year in Ukraine, Bulgaria, Estonia, Germany, France and Austria have attributes that linked them to suspected Russian hackers, according to former National Intelligence director James Clapper. They appeared to be aimed at influencing election results, sowing discord and undermining faith in public institutions that included government agencies, the media and elected officials.
In all of this, there has been no indication that actual votes were changed, the FBI has said. Election officials have cited the decentralized nature of the U.S. election system, which is state, county and sometimes even municipality-based.
However, experts in election voting software say no states routinely perform post-election vote audits to ensure that the reported vote count tallies with ballots, Singer said.
Moreover, there were no forensic examinations of any of the voting machines used in the 2016 presidential election, in part because many election-machine vendor contracts prohibit it, Singer said.
That’s a red flag for hackers at DefCon.
To see just how safe the voting machines that underpin democracy are, they’re bringing more than 30 voting machines purchased on eBay and at government surplus sales to Las Vegas where they’re setting up a “Voting Machine Hacking Village” at the conference at Caesar’s Palace.
Read the complete article at usatoday.com
Elizabeth Weise covers computer security, technology and Silicon Valley out of USA TODAY’s San Francisco bureau.