Our country revolves around voting and elections. Voting is how we voice our opinions and choose who we want to lead our communities, cities, states and country as a whole. We are told that even the voice of one individual can make an impact. Voting is our privilege, our right but what if the will of an eleven year old could change all of that in a matter of minutes, is our voice really heard?
All it took was 10 minutes for an eleven year old to hack into Florida Secretary of State mock website and change election results. At DEF CON, the world’s largest hacking conference, a group of 39 children between the ages of 6 and 17 took part in changing party names, election results, and candidate names not only on one mock website but six. The kids were given an introductory walkthrough of how to carry out an SQL, a single database program available everywhere. The 39 children wanted to show how effortless it was to change the voting results. Out of 39 children, 35 were able to hack the mock database. The quickest hack was completed in 10 minutes and was able to alter voting tallies, party names, candidate names and more. Total vote counts were adjusted to numbers exceeding twelve billion and candidate names were changed to things such as “Bob Da Builder” or “Richard Nixon’s Head.”
The active Diebold TSX voting machines were extremely weak making it easily hackable. One of the hackers was able to program the Diebold TSX to broadcast gifs and music after voters voted at poll book machines. These acts represented how unreliable the systems were. Another easy way to hack into the mock website was through the Express Poll 5000. They were found to be defenseless and easily obtainable memory cards removed from the top of the machine and replaced with a market purchased copy preloaded with alternative poll information which could be hacked within 5 seconds using a diverse method or by any poll worker with access to all machines. The 35 children were also able to figure out the supervisor passwords using the Express Poll 500 as the passwords were kept on the cards and were listed in patent text. These poll book machines also keep personal records for all voters including social security numbers, driver’s license numbers and address which were completely unencoded. The hackers discovered that the administrative password were stored in the device, clear as water. We were all taught to never use the word “password” for a password, but apparently it is okay for supervisors to use.
Granted that this action was done to a mock website, it still voices the question of whether or not the voting results are actually verifiable or if altered. In a matter of minutes a child not even in high school yet was able to manipulate the site to make it appear that libertarian candidate Darrell Castle has won Florida’s presidential vote in 2016. All of this was done by River O’Connor as he states the reason why was to inform everyone on how easy it is to hack any voting register and hopes this prevents something like this from happening in real life. O’Connor states himself that he was not a good hacker and had very limited knowledge about how to complete an operation this intense. We need something more securable that can stop a 17-year-old with basic command life skills and ten free minutes between classes.
River O’Connor was able to shut down the public facing website that tallies the votes in less than five minutes with using Google to look up a list of common hacker commands. This is a hard pill to swallow for the public. No one wants to believe that after waiting in a lengthy line, taking time from work in order to vote, when their vote could be thrown away or altered. This scenario tackles the vulnerabilities in state voting machines and databases. People started to take notice of this report and with technology as advanced as it is today introducing electronic voting, leaders were unable to keep up with the rapid advances in cybersecurity. The database stores data in simple tables containing columns and rows. Once gaining such access damage could be done. Most of the hacking came down to entering no more than two lines of codes. Out of 39 children about a quarter were able to rename or delete other candidates and their parties from the list.
The fact that someone with very little knowledge of cyber hacking was theoretically able to bring down an entire election with nothing but Google search should be a wake-up call. While inflating Gary Johnson’s vote tally to over 90 billion is a good laugh but could do real damage not to mention how fast any team of well-funded and highly skilled hackers could do this in the real world. Someone with such little skills should have not stood a chance against a professionally website. Unfortunately the people who have the power to do something about this issue are in denial but this does not change the facts on the ground. America is supposed to set a world standard for free and open elections, this is a part of our identity. The failure to address such a widespread and well-documented effort by foreign powers to compromise that principle puts our democracy and our position of leadership at risk.