• Part I – Election Integrity Taking a Back Seat

    It sounds a bit like the premise of a Bond (or possible Austin Powers?) movie:

    Hoards of the best (and worst) hackers descend upon Las Vegas in a pair of events shrouded in silence and mystery with one nefarious purpose: hack the election.

    In this case though, the events are called Black Hat USA and DEF CON, and they recently wrapped up on the 12th of August, 2018.  DEF CON, and its more nefarious sibling, Black Hat, were back-to-back conferences for those interested in . . . let’s say “computer security and best practices.”

    Oh, and the circumvention thereof.

    This year’s DEF CON, the 26th, was themed “1983: The View from Dystopia’s Edge,” and true to this glaringly obvious tagline, the premise was about governmental security and the use of technology to control people (and their collective attention span).  Speakers had topics such as “A Journey Into Hexagon: Dissecting a Qualcomm Baseband” and “Hacking PLCs and Causing Havoc on Critical Infrastructures.”

    We all know the stereotypes.  Reclusive hackers with bad personal grooming and worse morals.  To be fair, in aggregate, those only fit in movies and in “presidential” debates that include He Who Will Not Be Named.  But with topics like these, it’s not a far stretch to imagine that the typical event-goer was of a different sort.

    Now, with all of this info, you might be tempted to box this passel of “nerds” away in your head as a means of dismissing them, but these folks are the real deal.  One of the headline speakers was Rob Joyce, Senior Advisor for Cybersecurity StrategyFor the NSA.  And if the NSA takes these people seriously, it’s a pretty solid indication that so should you.

    This year and last, DEF CON included a “Voting Village” made up of retired (but standard issue) voting machines used in elections around the United States.  The aged Diebold TSX machines (still in use in Georgia, by the by) were there, as well as others such as ES&S and WinVote.  It should inspire no confidence when you read the following headlines, then:

    To be fair, the 11-year-old hacker didn’t actually change the results of Florida’s presidential vote; she changed the displayed tally which, upon any further inspection, would have been shown to be incorrect.  And the 17-year-old hacker didn’t actually hack a state election; he used the same machines that are currently being used by various states in our union, and was able to fully modify votes, change candidate names, and even gave Gary Johnson (remember him?) 90 billion votes In one state.

    In case the lines weren’t drawn clearly enough for you: tweens and teens hacked regulation election equipment in under an hour.  What chance do our elections stand, as is, against a hostile nation? Now, I do not wish to dismiss the talent of these two young computer enthusiasts in the least, but they were in all likelihood far from the best hackers at either conference, and their efforts were part of a very public showing of how poor the computer and operational security is/was surrounding our voting machines.

    This type of activity, attempting to break, characterize flaws, and publish, is inherent to something called “white hat hacking,” and although this type of work might sometimes irk companies and institutions (who are often the very public recipients of shame for easy or trivial hacks, such as those on display at the Voting Village), the sum total of these activities is positive: they force a change that increases our security.

    Earlier on, I mentioned that DEF CON was part of a pair of conferences, the other being Black Hat.  Two guesses as to the intent of that conference?

Comments are closed.