![]() ![]() “And we have to explain that no, these are physically secure up until Election Day, then they’re wiped. “You have to balance raising awareness of vulnerabilities and pushing vendors to make more secure projects, which is a lot of what DEFCON is trying to do, with the ability for vendors to react to that,” said DHS’s top cybersecurity official, Jeanette Manfra, who spoke at the conference Friday. One of Russia’s fundamental goals with such attacks, analysts stress, is undermining Americans’ faith in democracy itself. While a number of Russian tactics with a range of effects have been exposed - hacking and leaking Democrats’ emails, scanning state voter registration databases, and sending phishing emails to county employees - there is, as numerous agencies have repeatedly stated, no known evidence of foreign hackers ever changing a US vote tally. Since October 2016, when intelligence agencies first put forth a statement warning that Russia was attempting to interfere in the US election, the US government has walked a tightrope between warning that Russia was trying various tactics to influence the outcome and insisting that everyone’s vote was counted accurately. I think we’ve been very lucky, and I think there’s a little bit of a ticking time bomb here.” “We know these systems are wildly insecure, and there’s been precious little evidence of these vulnerabilities so far being exploited in real elections. “There’s an interesting paradox.” Blaze said. That said, the fact that a system has vulnerabilities in it, even incredibly serious vulnerabilities, is not the same as saying any given election has been tampered with.” “It’s only through scrutiny that we’re going to have confidence in elections. “I think the statement was misguided,” said Matt Blaze, a veteran election security researcher who helped organize the Voting Village. The conflict brings into sharp relief the contrast between how cybersecurity research is usually conducted and the stodginess of government-approved election vendors and their customers. “Providing conference attendees with unlimited physical access to voting machines,” NASS said, “does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day.” “Our main concern with the approach taken by DEFCON is that it uses a pseudo environment which in no way replicates state election systems, networks, or physical security,” it said. The National Association of Secretaries of State, the group that brings together each state’s top election official, issued an unusually testy statement against the Voting Village. Physical security measures make it extremely unlikely that an unauthorized person, or a person with malicious intent, could ever access a voting machine,” the company said. The day before the conference began, ES&S, one of the largest providers of election equipment in the US, sent an email to its customers assuring them that while “attendees will absolutely access some voting systems internal components. “As far as broad social impact,” said Jeff Moss, DEFCON’s founder, “it is Voting Village” that has achieved the most notoriety in the conference’s history.īut that attention has brought pushback. In a room set aside for kid hackers, an 11-year-old girl hacked a replica of the Florida secretary of state’s website within 10 minutes - and changed the results.īefore Russian hackers targeted the 2016 US election process, hacking voting equipment was a niche issue. ![]() This year’s Voting Village was bigger in every way, with equipment ranging from voting machines to tabulators to smart card readers, all currently in use in the US. Last year, conference attendees found new vulnerabilities for all five voting machines and a single e-poll book of registered voters over the course of the weekend, catching the attention of both senators introducing legislation and the general public. It was the second time the convention had featured a Voting Village, where organizers set up decommissioned election equipment and watch hackers find creative and alarming ways to break in. This weekend saw the 26th annual DEFCON gathering. But with the world finally watching at DEFCON, the world’s largest hacker conference, they have a new struggle: pointing out flaws without causing the public to doubt that their vote will count. Election hackers have spent years trying to bring attention to flaws in election equipment. ![]()
0 Comments
Leave a Reply. |