Every year the city of Las Vegas plays host to a hacker convention dubbed DEFCON.  Hackers of all ages and levels are invited to compete in various challenges, and are generally encouraged to try and break things.  This years DEFCON was especially focused on election security and voting machines, and it didn't surprise many at the convention just how fast replica voting terminals were hacked into, and overall vote tally's, including candidate names were replaced entirely.

Popular Hacking Methods Employed

Out of thousands of attendees this year, a group of young hackers aged 8 - 16 took part in attempting to hack 13 imitation sites linked to voting in key battleground states.  One of the hackers, named "Emmett Brewer", was able to hack into Florida secretary of state's website with relative ease.  He was one of about 50 children who were taking part in the "Defcon Voting Machine Hacking Village," which allowed kids the chance to change party names, candidates, and even vote totals.

Other experts who attended the convention noted that many of the most popular hacking methods were used to bypass the rudementory security offered by the State websites responsible for holding such sensitive data.  Methods such as SQL injection, or Brute Force methods.

  • The quickest exploit was performed by an 11-year old in 10 minutes.  After being given a walkthrough of performing a popular hacking method known as SQL injection, they were able to run with it and break into various sites.
  • Kids were able to change candidate names to things like "Richard Nixon's Head", and "Bob the Builder".  They were also able to effect total vote counts, giving one candidate billions of votes.
  • Using simple methods like SQL injection, many passwords were found in plain text and were set to be things like 'password', allowing them to gain administrative access to many of the websites.
  • ES&S Vote Counter Machines, which are popular among many counties to count ballots from certain districts, were found to have active Ethernet ports, exposing them to several forms of hacking.

Overall, 35 out of the 39 kids who participated at the DefCon Voting Machine Hacking Village were able to successfully hack and manipulate voting machines or websites linked to voting from key battle ground states.

It is noted that while these sites and voting machines are real and using the same security methods that would be used in the real world, that during elections voting machines are kept on unique networks and use custom-built databases with new and updated security protocols according to this.

Ways to Protect Yourself

Although the exercise that was taken part in still gives a good example as to how vulnerable these important systems can be.  Be it an election system, or a private company having the right tools and making use of rudimentary security measures can save you a lot of headache.  All of the methods employed above can be used on other vulnerable systems, including your own website, email, and data.

That is why it's important to have a team of experts that put your security first.  A managed IT security infrastructure can allow a team of experts to manage your IT and stop hacking and prevent viruses before they can effect your business (or election).