DEFCON Conference To Target Voting Machines

An anonymous reader quotes a report from Politico: Hackers will target American voting machines -- as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar's Palace in Las Vegas at the end of July for DEFCON, the world's largest hacking conference, organizers are planning to have waiting what they call "a village" of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks. With all the attention on Russia's apparent attempts to meddle in American elections -- former President Barack Obama and aides have made many accusations toward Moscow, but insisted that there's no evidence of actual vote tampering -- voting machines were an obvious next target, said DEFCON founder Jeff Moss.

It's the voters, stupid!

[Anonymous Coward]

"Russians" didn't hack the voting machines (I don't know for sure, mind you, but it's pretty implausible). *If* they did anything (and this is far more plausible), then it was messing with the voter's brains, aka "social engineering", aka FUD, aka PsyOps.

Yes, the vulnerabilities in the voting machines are embarrasing. Yes, it's fun uncovering them. There are many other reasons for counting votes the "traditional" way, secure machines or not. Still: don't let all this geeky stuff detract from the elephant in the room: buying Facebook personal data in bulk and correlating it with past votes, then sending targeted fake news has done much more in the last big polls (at least for Brexit and for the US Presidentials it is *known*) than any "classical hacker" vote fraud could have done.

Hey, you USians even have a word for it, courtesy of one of your three-letter agencies: PsyOPS!

Re:

[AHuxley]

So now Russian military hackers have the skills to go wondering around city, state and parish election sites with "code" using a sneaker net?
The FBI never noticed all the "new" embassy workers flying into the USA and then flying and driving out all over the USA?
Every person working with or near the Russian embassy is on file and always tracked all over the USA.
The FBI surrounds everyone connected with the Russian embassy with a lot of and constant surveillance.
Any Russian embassy staff wondering around

Re:

[AHuxley]

AC the USA does not have a fully integrated, digital networked voting system. Locals results are counted locally and then sent up to the national level.
Staff and volunteers, sets of political party staff at a local level would see a difference or change between their very local count and some new "altered" all "digital" state and federal numbers.
So any efforts would have to be very local and any new mil looking strangers wondering secure voting areas around would get noticed.
Gerrymandering https://en.wi [wikipedia.org]

Re:It's the voters, stupid!

[VernonNemitz]

It's the vote- counting systems that need to be secured more than the actual voting machines. Some of those voting machines are not networked; they merely put data onto a data-transfer stick/card/chip, which is carried to another machine that supposedly accumulates the data as individual sticks are plugged into it. Obviously such vote-counting machines can be prime targets for remote hackers --change the accumulated data, change the outcome [snopes.com] of the voting process.

Re:

[Train0987]

"but Trump had far more social media bots and favorable fake news" is absurd. Anyone who paid attention knows the opposite is true - that's a big reason he won. David Brock spent millions on paid trolls, that is documented fact and it backfired in a big, big way. All the excuses (Russia, Russia, Russia!) are simply attempts to deflect criticism from the corrupt party leadership so they won't be held accountable and remain in charge. Just watch, they're going to run Clinton again in 2020.

Re:

[Train0987]

Why would they hack the voter rolls? Voter registration data is public information. There are websites that aggregate voter registration data from all states, match it to the USPS change of address system and then sell that data to anyone.

Re:

[Anonymous Coward]

I would suspend judgement before all the facts come out.

There are serious allegation that Russian military hackers (GRU) hacked the shit out of voter roll databases, and then laundered the data to analytics companies like Cambridge Analytics, who then cleaned and merged the stolen info with Facebook profiles to do microtargeting to steal the election for Trump.

Voter roll databases are public information so no hacking needed. The voter information does not need to be laundered. Cambridge Analytics did not clean clean the information the information was already clean. Micro targeting is nothing new. There are a number of companies that do what Cambridge Analytics does. Obama,s campaign did this in both presidential elections. Apart from the loaded language you are describing how elections work in the USA. Both the Republican and Democrat party maintain data bases

Re:It's the voters, stupid!

[vtcodger]

"There are many other reasons for counting votes the "traditional" way, secure machines or not."

There are other alternatives as well. For example the town I live in uses paper ballots, but counts them with OCR -- which allows for a quick total when the polls close, but still allows a recount if a problem in a miscount is suspected.

BTW, about 30 years ago, the town had a substantial number of blank ballots vanish on election day. Everyone is pretty sure they didn't end up in the vote count, but to this day no one knows where they went. if indeed they ever existed. It's remotely possible that the print run was somehow miscounted.

Re:

[h4ck7h3p14n37]

There are other alternatives as well. For example the town I live in uses paper ballots, but counts them with OCR -- which allows for a quick total when the polls close, but still allows a recount if a problem in a miscount is suspected.

My precinct uses those types of ballots which I am really happy I can use.

I tried using an electronic voting machine years ago and I'm pretty sure my vote didn't count. As I was submitting my ballot the machine threw up an error code about the built-in printer being out of paper. I notified a poll worker of the error and they just pulled the memory card that stores the ballot out of the machine and walked away. At that point the error message is replaced with another saying, "card removed too soon", and

Re:It's the voters, stupid!

[Nidi62]

"Russians" didn't hack the voting machines (I don't know for sure, mind you, but it's pretty implausible). *If* they did anything (and this is far more plausible), then it was messing with the voter's brains, aka "social engineering", aka FUD, aka PsyOps.

Is there anyone credible that has actually been arguing the Russians physically hacked the elections? The media and Democrats have all been arguing that it wasn't physical hacking but social engineering. It's the (minority of) Republicans that keep keep trying to push for the standard definition of hacking, since, you know, there's no evidence for that (because Russia didn't do that). Plenty of well-respected Republicans are on the side of the Democrats, that there seems to be some pretty decent evidence pointing to successful Russian influence in the election, and given the hubbub around the Trump campaign's ties and communication with Russia raises some serious concerns.

To be fair though, Russia has most likely been trying to influence our elections (and the elections of countless other state) since the 50s, just as we have theirs (and others). This is just the first time that their efforts seem to, at least visually, have had an impact. That, plus the fact that our president is a political neophyte who thinks running a country is no different than running a company-not realizing that you can't do backroom deals, ask for loyalty pledges,or try to ask people to drop/deny investigations-means that controversies that would have died and faded away with another politician at the head have instead flourished. To make matters worse, Trump has surrounded himself with people that, while they might be good (or at least lucky) with business, also have no idea how to run a country, and continue to allow Trump to run the country like a business. This is manifested by the inability of the administration to put out a coherent message on anything, and that the few people that might actually have a decent idea of what they are doing are constantly undercut by Trump himself who comes out a few hours later and completely destroys the narrative they had been putting out.

Re:

[Nidi62]

Russia has most likely been trying to influence our elections [...] since the 50s, just as we have theirs

Russia had elections in the 50s?

That's what happens when you post on Slashdot first thing in the morning. But ever since WWII the US has always been trying to interfere with Russian/USSR internal politics. And they've done the same with us.

Yes FBI confirmed hacks

[Anonymous Coward]

I think you have a short memory, Russia was confirmed to have hacked two election databases, and so FBI offered help to states to secure their voter machine networks (which some took up and others did not).:

http://www.nbcnews.com/news/us-news/russians-hacked-two-u-s-voter-databases-say-officials-n639551

"Hackers based in Russia were behind two recent attempts to breach state voter registration databases, fueling concerns the Russian government may be trying to interfere in the U.S. presidential election, U.S

DHS Hacked the Election!

[h4ck7h3p14n37]

The only confirmed hacking attempts were performed by DHS against Indiana's and Idaho's election systems.

Indiana joins Idaho in claiming DHS tried to hack their election systems [computerworld.com]

Re:It's the voters, stupid!

[jimbolauski]

When the Russians chose to use their PsyOps they had an option of choosing a person had received millions of dollars from speaking fees, business deals, donations to their charity, and campaign contributions from people with ties to Russia. The same person that signed off on allowing Russia to buy a controlling stake in a company that produces 1/5 of the US uranium production. Yet they choose the other guy?

I find it far more believable that any Russian PhyOps were aimed at undermining confidence in the election process, rather then them influencing the outcome of the next US president.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[wisnoskij]

We have no measurements at all on what any sort of fake news could of did. You cannot compare a nebulous quantity like this.

While we have real studies on the likely number of illegals who voted. Studies that show the numbers are in the hundreds of thousands to millions.

Meanwhile, half of the votes in the recounts we did, in Hillary majority districts, could not even be recounted because of problems.

Re:

[CrimsonAvenger]

We have no measurements at all on what any sort of fake news could of did.

Well, it obviously didn't teach you to spell. Or write grammatically.

"could've done", perhaps.

But "could of did"? Nope.

Re:

[chispito]

Your mommy shoulda done learnt you that ad hominem attacks hurt, not help.

Re:It's the voters, stupid!

[chispito]

Still: don't let all this geeky stuff detract from the elephant in the room: buying Facebook personal data in bulk and correlating it with past votes, then sending targeted fake news has done much more in the last big polls

The elephant in the room is that the opposing candidate was Hillary Clinton. The spite candidate prevailed in the primaries on both sides, except on the Republican side it was the voter's spite for their party, and on the Democratic side it was the party's spite for their voters.

Re:

[vtcodger]

Heck, I'm willing to believe that some voting machines are secure. However, my bet would be that secure voting machines are both expensive and not very widely used.

Re:

[garyoa1]

Seems to me it would be just the opposite. No wireless, no lan. Just stand alone machines. The only way they could be hacked would be by physical contact with each machine.

Re:

[Highdude702]

Let's hope to hell there is no networking option for them. Look what happens to everything else with a NIC. We should let that alone be the prime example of why to keep voting and machines off the internet or even networks all together. Should have to plug into each machine and then authenticate before it tells you or allows you to do anything.

Re:

[vtcodger]

As Winston Churchill might have said (but didn't). The possibility of a voting machine with a network interface no more entered into my mind than that of a battleship being launched without a bottom.â

Re:

[Nidi62]

Heck, I'm willing to believe that some voting machines are secure. However, my bet would be that secure voting machines are both expensive and not very widely used.

The secure machines are reserved for safely gerrymandered districts.

Re:

[airdrummer]

well, the states that hillary should have won (and dubya^3 has admitted the dems "should have won easily") all use un-auditable machines with no paper trail, so it's impossible to prove they weren't hacked. the margin in those states was 77k, so all they needed to do was have a few K deplorables pull the curtain & plug in a usb stick...

Why

[roninmagus]

I understand the sentiment, though I disagree with it. "Trump == BAD || Trump == OTHERPARTY" so let's do all we can to delegitimize the election."

But widespread hacking seems to me to be a near impossibility, due to the way the US election system is set up. For those outside the country: We don't have a central counting system. It's district-by-district, state-by-state. With different machines, people, safeguards, watchers, etc. Not impermeable, but pretty darn good.

If the Russians did "hack" the election, it was via propaganda to change the hearts and minds of voters. Which is exactly what our politicians do every day. So even if they were involved, even at the request of a given candidate, I don't quite see the problem. It's just the modus operandi, working as designed to fool the American public into voting for a particular candidate.

Re:

[AHuxley]

Fly into the states between the East and West elite coast.
Give a speech that the people in the fly over states enjoy and tell their friends who vote about.
Have some ability to connect to people all over the USA, talk and listen to their issues in each state.
Give a good speech and people will notice the difference and that political difference worked all around the USA.
More wars in other nations, sending more jobs outside the USA will not resonate with voters after decades of job losses and distant wars.

Re:Why

[drinkypoo]

But widespread hacking seems to me to be a near impossibility, due to the way the US election system is set up. For those outside the country: We don't have a central counting system. It's district-by-district, state-by-state. With different machines, people, safeguards, watchers, etc. Not impermeable, but pretty darn good.

You don't need widespread hacking. You only have to hack certain key swing locations.

Re:

[Gravis Zero]

I understand the sentiment, though I disagree with it. "Trump == BAD || Trump == OTHERPARTY" so let's do all we can to delegitimize the election."

You've jumped to a conclusion. Defcon is about exposing weaknesses for fun and has no political affiliations.

DEFCON

[Fire_Wraith]

Incidentally, this is one of the really cool things about DEFCON, and one of the reasons why I like to go. It really is a -hacking- conference, in the original sense of the word. There's all sorts of things you can get hands-on with, take apart, scan, mess with, etc. No releases, no NDAs, no "but don't really do anything that could break it." In the last two years I saw everything from cars to home appliances to ICS/SCADA systems and more. This is exactly the kind of thing that DEFCON is known for, and I look forward to messing with them myself (as well as watching what others do and find).

What's even more interesting is that from what I've seen, it's increasingly the companies and the government themselves bringing this stuff, because they're realizing the value of unleashing the curiousity and skill of the hacker mindset on some of these things, never-mind the PR value (Two years ago Tesla brought a Model S to the main ballroom, and let people hack away at it, while advertising their bug bounty program, for instance).

Re:

[Fire_Wraith]

Paranoia over voting machines and their susceptibility to hacking long predates this most recent election (not that you'd know it from the comments). That's probably why so many people jumped to that right away, too, because we've heard that story brought up in the past, in part because of things like the Diebold CEO's comments about electing Bush. Now, I haven't seen any real proof of any voting machine hacks in the USA, whether in 2016 or before, but just because nobody has exploited a piece of vulnerable

Go back to PAPER ballots!

[p51d007]

I NEVER cared for ANY electronic voting machines. It is way too easy to change electronics. All these hack attempts do is give whomever is the opposition in DC, a 30 second sound bite on TV, as to why they lost an election. To remove that, go back to paper ballots. To add to that, after you vote, you should dip your finger in that non removable ink also.

Other hacks

[bestweasel]

Have any of the official US agencies had a go at hacking these voting machines or is security left entirely to the manufacturer?

Tthey sould target those in charge of ballots

[SpectateSwamp]

The problem with politics is the process only allows for dishonest candidates.
They are there to outsource and sell off all our resources.

99% of candidates are corrupt and will never represent citizens.
Check out how many are Business types and Chamber of Commerce members (Way too many)

The corrupt political system makes it almost impossible for anyone honest to get on the ballot.

Re:But voter ID is raaaacist!!!!

[Anonymous Coward]

Because it's too hard to get an ID?

Indeed, that idea itself is most definitely racist, if you go by a reasonable definition of "racism". It implies that black people are incapable of obtaining a state-issued ID while everyone else who wants to vote has no problem doing it.

Apparently this is solely because they are black. It cannot be because of any concern about poverty because there are lots of poor white people (more in fact). Also, the proposed "solution" is always to abandon any voter ID requirement. To subsidize the small cost of state-issued IDs (the DMV fee/etc) or give them away for free to low-income people is never seriously proposed.

Of course, when the shoe is on the other foot, Dems sqauwk for voter ID:

If you were expecting a principled stance from any politician you are definitely going to be disappointed. They support whatever seems to be in their immediate interests at that particular time, no matter what they perceived to be in their interests in the past. The "Dems" are not unique in this respect. Power plus a lack of any real personal accountability seems to do this to people.

It won't change until we all realize that an honest, trustworthy voting/electoral process is in everyone's interests and that this is not a difficult problem to solve.

Re: But voter ID is raaaacist!!!!

[tysonedwards]

Of course, because mandating a separate photo ID for voting only, which expires after a single election, and is only able to be obtained from a limited number of locales, some of which disproportionately placed in affluent neighborhoods is in no way thinly veiled racism.

Re:

[Fire_Wraith]

I'm all for requiring ID, if you make it free and easy to get.

But that's not really what this is about, and claims to the contrary ignore both the factual evidence, as well as the long history in the U.S. of politically motivated hurdles to voting. Only in the USA do we actively make it HARDER for people to cast a ballot.

This is why, in states where they've mandated voter ID, those same legislatures have also closed down DMV offices and cut hours, making it actively harder for people to get that ID. Oh,

Re:

[Anonymous Coward]

Add to this, closing DMV offices in areas where minorities live. Add to that Kafka-esque requirements for how you document who you are before they give you an ID in the first place. Send people away with no idea for bureaucratic reasons for a couple of times. The obvious question is how big a problem is voter impersonation fraud. And when pressed, officials are only able to come up with a *very* small number of cases.

Re:

[Anonymous Coward]

Add to this, closing DMV offices in areas where minorities live. Add to that Kafka-esque requirements for how you document who you are before they give you an ID in the first place. Send people away with no idea for bureaucratic reasons for a couple of times.

The obvious question is how big a problem is voter impersonation fraud. And when pressed, officials are only able to come up with a *very* small number of cases.

How the hell can you know if there is any voter impersonation fraud when there's no requirement for a voter to actually identify himself?

Re: But voter ID is raaaacist!!!!

[Kierthos]

In-person voter fraud is shockingly rare. (Some states have mandated picture ID or other forms of identification to vote for years, by the way.) From 2000-2012, there were 2,068 cases of voter fraud. 10 of those were in-person voter fraud.

10.

So, the ostensible goal of most of these voter ID laws, that they need to be in place to stop voter fraud, is really a non-factor. This is a solution in search of a problem.

Then why do it?

Well, for one, it's an appeal to ignorance. "There has to be voter fraud, we don't have any way to stop it!" Except, of course, we do. Even states that don't require picture ID have methods of catching fraudulent ballots.

For another, it's clearly being used as a way to block certain types of voters (poor, minorities) from legally accessing one of their rights. It's not a coincidence that those blocks of voters tend towards voting for the Democratic party.

Now, don't get me wrong. I think it makes sense that everyone should have a picture ID. It's damn useful to be able to prove who you are to the cops, to potential employers, whatever.

But let's make it accessible. Don't close down places that provide picture ID, don't make it harder.

No political party with honest intent should be trying to restrict people from voting.

Re:

[dgatwood]

How do we know there isn't in-person fraud in the states that don't require picture ID?

Fraud in vote-by-mail is lower risk and easier. Why would anybody even attempt in-person voter fraud? It would be like stealing guns from a military armory when you could steal them from a random person's house while he or she is gone for the weekend.

Re:

[Kierthos]

That's because in-person voter fraud is so shockingly rare as to be non-existent. Depending on the state, it can be very easy to register to vote fraudulently, or send in a fraudulent mail ballot.

But in-person voter fraud, which is the only type of voter fraud that picture IDs would address, hardly ever happens. But it's the only type of voter fraud that gets fixated on by the GOP.

Re:

[Woldscum]

The problem is not suppressing the black vote it is allowing NONCITIZENS to vote.This is only because the Dems need that illegal voting bloc to win a national election. They had it this past election and STILL did not win. 30 + million illegals in the US. It is not a hardship to prove who you are and your citizen status. The only people arguing against voter ID is the Dems wanting the illegals vote. This has nothing to do with the black vote. That is used so the race card can be played.

Re:

[Woldscum]

Was not my candidate. Tell me WHY I should not need to prove my identity and my citizenship status to vote. I need to get a background check to exercise my Second amendment rights. I say voting is more important than that.

Re:

[MountainLogic]

Please cite one case, by name and location, where a non-citizen has been convicted of voting in a US election. Please cite a specific election where so many non-citizens have been convicted of voting that it could have conceivable changed the outcome in that election. Let me cite you substantial analysis that requiring ID keeps many citizens from voting

Brennen Center [brennancenter.org], Washington Post [washingtonpost.com], Atlantic [theatlantic.com], Mother Jones [motherjones.com], UCSD [ucsd.edu], UW [mattbarreto.com], Cornell [cornell.edu], Cambridge [cambridge.org]. There is a mix a academic original research and easily acces

Re:

[bigal123]

Here is an example
https://www.nytimes.com/2017/0... [nytimes.com]

And based on the comments she voted republican not democratic.

Re: But voter ID is raaaacist!!!!

[oobayly]

A bit like the lady who was so concerned about vote fraud - that her vote would be switched over to Clinton - that she decided to commit voter fraud...

https://www.washingtonpost.com... [washingtonpost.com]

Re:

[Woldscum]

Please show me where the Obama justice department even enforced the law. Just it is not enforced does not make it OK. Stupid argument. Being in the country should get them prosecuted and deported. But "Sanctuary Cities" and their voting blocks like LA.

Re:

[MountainLogic]

Most voter fraud would be prosecuted at the state level, so for example ask the republican Alabama Secretary of State, John Merril [alabama.gov], how many convictions he his state has for at poll voter impersonation.

Re:

[Anonymous Coward]

Apparently this is solely because they are black. It cannot be because of any concern about poverty because there are lots of poor white people (more in fact). Also, the proposed "solution" is always to abandon any voter ID requirement.

Percentage-wise, poverty disproportionately effects some races more than others, and while poverty in and of itself is not a protected class, race is. That's why it's used as a legal challenge.

Plus, in the US, we consider poverty to be a moral failing, unless we can excuse

Re:

[Khashishi]

Cops often steal ("confiscate") ID from homeless people just to mess with them.

Re:

[judoguy]

Of course it is. After all, African Americans can't be expected to be able to figure out how get an ID in 2017 America! Oh, wait, perhaps THAT is the actual racist viewpoint: Voter ID is racist! [youtube.com]