Hackers will work with government, academia to make future elections secure
Last summer, a group of hackers showed how easy it is to infiltrate a bunch of voting machines. During a conference held in Las Vegas, they exposed flaws in election equipment currently used in the U.S.
Now, they want to make sure election infrastructure is better protected.
The DEFCON hacker conference in July hosted a Voting Machine Hacking Village, where hackers were encouraged to tinker with election equipment purchased off eBay. The room featured more than 25 pieces of equipment, such as voting machines and electronic poll books.
By the end of the conference, each piece of equipment had been successfully breached.
Researchers associated with event presented their findings at an Atlantic Council event on Tuesday. They announced that hackers in its community will form a coalition comprised of cyber and national security leaders, academic institutions, and government associations to focus on ways to make elections more secure on the federal, state and local level.
The Center for Internet Security, National Governors Association, National Conference of State Legislatures, and the Atlantic Council are among the groups involved with the new coalition.
It plans to release information for election security best practices in the next two months.
The Department of Homeland Security has said 21 states’ election-related systems were targeted by Russian hacking in the 2016 election, but clarified no vote tallies were altered or deleted. Jeff Moss, founder of DEFCON, said on Tuesday that the ability to hack voting machines is not new, but the attention around the issue is growing.
“Now, it’s not a conversation between us and state and local officials,” Moss said at the event. “This has to be a discussion at a higher, more national security level.”
As a part of the village, researchers at DEFCON hacked a decommissioned voting machine within minutes. They were able took control of the machine remotely. States stopped using the old machine, an AVS WinVote model, by 2014 — but the vulnerability the hacker used to get inside the machine was made public in 2003.
Further, hackers discovered that an electronic poll book was improperly decommissioned and contained personal data dating back to 2008 for more than 650,000 voters from Shelby County, Tennessee.
Hackers also found foreign-manufactured parts in the voting machines. Researchers said this presents a “serious possibility” of supply chain vulnerabilities, meaning a malicious actor could compromise parts before the machine comes off the production line.
However, most technologies contain foreign-made parts.
“The bottom line is: No matter the level of nation-state hacking or interference in 2016, if our enemy’s goal is to shake public confidence about the security of the vote, they may already be winning,” researchers wrote in the findings.
Researchers hope the voting village becomes a regular occurrence at DEFCON, joining other hacking villages like those focused on cars and healthcare. By sharing expertise, hackers, vendors and election officials can work together to prevent cybersecurity breaches.
Many people and organizations are working to prevent future election hacking. Democratic Senator Ron Wyden recently sent letters to six top voting machine manufacturers to find out their protocols for preventing hackers from breaking into their systems.
The new coalition joins other efforts to prevent cyberattacks on elections. Harvard University’s Kennedy School of Government launched Defending Digital Democracy in July, and Facebook is one of the initiative’s main sponsors.