You voted during Trump’s campaign. Whether you voted for Trump, Bernie, or Clinton is none of our business, but we do want you to think about something for just a few moments as you read today’s post.
Are you certain that your vote was counted correctly, accurately, and without tampering after the fact? Did you vote using an electronic voting device?
If you answer “no” to the first question and “yes” to the second, we may have some bad news for you. An 11-year-old boy appears to have revealed just how easy it is to hack these machines, changing votes and swaying elections. All it took was a simple coding procedure known as an SQL injection.
Here’s what you need to know.
• The hacking attempt was purposeful, but not malicious. It occurred at Def Con, a yearly computer programming and hacking event for people of all ages. At Def Con, kids, teens, and adults practice their programming and coding skills by attempting to “break in” to mock systems.
• Before we explain the rest, it’s important for you to know that Def Con is not designed to harm or injure any person, system, or process. If and when attendees find vulnerabilities, they immediately turn the information over to the proper authorities. Their goal is only to learn and aid organizations with cybersecurity by helping them identify serious potential for harm.
• That said, this particular attempt may be somewhat questionable. Def Con administrators (specifically a start-up named Voatz) ran a workshop called “Vote Hacking Village.” Within the workshop, attendees attempted to access, hack, and modify the election reporting section of the Florida Secretary of State web page. This is where the Secretary of State would normally report election results after voting ends.
• One event attendant, an 11-year-old called Audrey, took up the challenge. The young girl was successfully able to hack into the normally inaccessible section of the mock website using an SQL injection, one of the simplest tools available to modern hackers. The entire process took less than 10 minutes.
• What is even more frightening is the fact that young Emmett was also able to manipulate and change information once she gained access – including the voting outcomes. But not everyone is convinced that the mock event represents a true risk rating for the government’s own systems.
• In fact, the National Association for the Secretaries of State (NASS) released a statement slamming the Def Con hacking village’s “replica” sites, saying they are ‘unrealistic” and a poor representation of reality.
• They also reminded the public that the section of the website hacked wasn’t attached to any voting machines, nor was it hosted on government services. It is only responsible for hosting unofficial results from each state.
• NASS did, however, extend an open hand to Def Con attendees and event managers. They’re willing to work with them to see if the vulnerabilities extend to other systems, but firmly do not believe the mock event has any realistic bearing on the American voting system. It isn’t yet clear if Def Con will accept the invitation to work together or not.