DEFCON Conference To Target Voting Machines

An anonymous reader quotes a report from Politico: Hackers will target American voting machines -- as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar's Palace in Las Vegas at the end of July for DEFCON, the world's largest hacking conference, organizers are planning to have waiting what they call "a village" of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks. With all the attention on Russia's apparent attempts to meddle in American elections -- former President Barack Obama and aides have made many accusations toward Moscow, but insisted that there's no evidence of actual vote tampering -- voting machines were an obvious next target, said DEFCON founder Jeff Moss.

It's the voters, stupid!

"Russians" didn't hack the voting machines (I don't know for sure, mind you, but it's pretty implausible). *If* they did anything (and this is far more plausible), then it was messing with the voter's brains, aka "social engineering", aka FUD, aka PsyOps.

Yes, the vulnerabilities in the voting machines are embarrasing. Yes, it's fun uncovering them. There are many other reasons for counting votes the "traditional" way, secure machines or not. Still: don't let all this geeky stuff detract from the elephant in the room: buying Facebook personal data in bulk and correlating it with past votes, then sending targeted fake news has done much more in the last big polls (at least for Brexit and for the US Presidentials it is *known*) than any "classical hacker" vote fraud could have done.

Hey, you USians even have a word for it, courtesy of one of your three-letter agencies: PsyOPS!

Re:It's the voters, stupid!

[vtcodger]

"There are many other reasons for counting votes the "traditional" way, secure machines or not."

There are other alternatives as well. For example the town I live in uses paper ballots, but counts them with OCR -- which allows for a quick total when the polls close, but still allows a recount if a problem in a miscount is suspected.

BTW, about 30 years ago, the town had a substantial number of blank ballots vanish on election day. Everyone is pretty sure they didn't end up in the vote count, but to this day no one knows where they went. if indeed they ever existed. It's remotely possible that the print run was somehow miscounted.

Re:It's the voters, stupid!

[AHuxley]

So now Russian military hackers have the skills to go wondering around city, state and parish election sites with "code" using a sneaker net?
The FBI never noticed all the "new" embassy workers flying into the USA and then flying and driving out all over the USA?
Every person working with or near the Russian embassy is on file and always tracked all over the USA.
The FBI surrounds everyone connected with the Russian embassy with a lot of and constant surveillance.
Any Russian embassy staff wondering around a Louisiana would get noticed and be of great interest to the FBI.
All the Russian GRU applicants to get into secure election areas in most US states?
Or Russia flooded the US election system secretly with its own staff over the decades and the FBI never noticed?
The US election system is still stuck in groups doing local vote counts and then a final count.
AC Russian military hackers (GRU) wondering around every state in the USA would be noticed by both political parties, the US gov, US mil and the FBI.
AC also read up on the history of the GRU in Soviet Union and Russia. GRU is not the KGB or its successor.
Not many nations use or risk their military intelligence in areas well outside the military.
The US election system is local, regional and still very much hands on with staff who are well known.

Re:It's the voters, stupid!

[Nidi62]

"Russians" didn't hack the voting machines (I don't know for sure, mind you, but it's pretty implausible). *If* they did anything (and this is far more plausible), then it was messing with the voter's brains, aka "social engineering", aka FUD, aka PsyOps.

Is there anyone credible that has actually been arguing the Russians physically hacked the elections? The media and Democrats have all been arguing that it wasn't physical hacking but social engineering. It's the (minority of) Republicans that keep keep trying to push for the standard definition of hacking, since, you know, there's no evidence for that (because Russia didn't do that). Plenty of well-respected Republicans are on the side of the Democrats, that there seems to be some pretty decent evidence pointing to successful Russian influence in the election, and given the hubbub around the Trump campaign's ties and communication with Russia raises some serious concerns.

To be fair though, Russia has most likely been trying to influence our elections (and the elections of countless other state) since the 50s, just as we have theirs (and others). This is just the first time that their efforts seem to, at least visually, have had an impact. That, plus the fact that our president is a political neophyte who thinks running a country is no different than running a company-not realizing that you can't do backroom deals, ask for loyalty pledges,or try to ask people to drop/deny investigations-means that controversies that would have died and faded away with another politician at the head have instead flourished. To make matters worse, Trump has surrounded himself with people that, while they might be good (or at least lucky) with business, also have no idea how to run a country, and continue to allow Trump to run the country like a business. This is manifested by the inability of the administration to put out a coherent message on anything, and that the few people that might actually have a decent idea of what they are doing are constantly undercut by Trump himself who comes out a few hours later and completely destroys the narrative they had been putting out.

Re:It's the voters, stupid!

[VernonNemitz]

It's the vote- counting systems that need to be secured more than the actual voting machines. Some of those voting machines are not networked; they merely put data onto a data-transfer stick/card/chip, which is carried to another machine that supposedly accumulates the data as individual sticks are plugged into it. Obviously such vote-counting machines can be prime targets for remote hackers --change the accumulated data, change the outcome of the voting process.

Re:It's the voters, stupid!

[jimbolauski]

When the Russians chose to use their PsyOps they had an option of choosing a person had received millions of dollars from speaking fees, business deals, donations to their charity, and campaign contributions from people with ties to Russia. The same person that signed off on allowing Russia to buy a controlling stake in a company that produces 1/5 of the US uranium production. Yet they choose the other guy?

I find it far more believable that any Russian PhyOps were aimed at undermining confidence in the election process, rather then them influencing the outcome of the next US president.

Re:It's the voters, stupid!

[chispito]

Still: don't let all this geeky stuff detract from the elephant in the room: buying Facebook personal data in bulk and correlating it with past votes, then sending targeted fake news has done much more in the last big polls

The elephant in the room is that the opposing candidate was Hillary Clinton. The spite candidate prevailed in the primaries on both sides, except on the Republican side it was the voter's spite for their party, and on the Democratic side it was the party's spite for their voters.

Re:But voter ID is raaaacist!!!!

Because it's too hard to get an ID?

Indeed, that idea itself is most definitely racist, if you go by a reasonable definition of "racism". It implies that black people are incapable of obtaining a state-issued ID while everyone else who wants to vote has no problem doing it.

Apparently this is solely because they are black. It cannot be because of any concern about poverty because there are lots of poor white people (more in fact). Also, the proposed "solution" is always to abandon any voter ID requirement. To subsidize the small cost of state-issued IDs (the DMV fee/etc) or give them away for free to low-income people is never seriously proposed.

Of course, when the shoe is on the other foot, Dems sqauwk for voter ID:

If you were expecting a principled stance from any politician you are definitely going to be disappointed. They support whatever seems to be in their immediate interests at that particular time, no matter what they perceived to be in their interests in the past. The "Dems" are not unique in this respect. Power plus a lack of any real personal accountability seems to do this to people.

It won't change until we all realize that an honest, trustworthy voting/electoral process is in everyone's interests and that this is not a difficult problem to solve.

Re: But voter ID is raaaacist!!!!

[tysonedwards]

Of course, because mandating a separate photo ID for voting only, which expires after a single election, and is only able to be obtained from a limited number of locales, some of which disproportionately placed in affluent neighborhoods is in no way thinly veiled racism.

Re:Ten minutes

[Nidi62]

Heck, I'm willing to believe that some voting machines are secure. However, my bet would be that secure voting machines are both expensive and not very widely used.

The secure machines are reserved for safely gerrymandered districts.

Re:But voter ID is raaaacist!!!!

[Woldscum]

The problem is not suppressing the black vote it is allowing NONCITIZENS to vote.This is only because the Dems need that illegal voting bloc to win a national election. They had it this past election and STILL did not win. 30 + million illegals in the US. It is not a hardship to prove who you are and your citizen status. The only people arguing against voter ID is the Dems wanting the illegals vote. This has nothing to do with the black vote. That is used so the race card can be played.

Re: But voter ID is raaaacist!!!!

Add to this, closing DMV offices in areas where minorities live. Add to that Kafka-esque requirements for how you document who you are before they give you an ID in the first place. Send people away with no idea for bureaucratic reasons for a couple of times. The obvious question is how big a problem is voter impersonation fraud. And when pressed, officials are only able to come up with a *very* small number of cases.

Why

[roninmagus]

I understand the sentiment, though I disagree with it. "Trump == BAD || Trump == OTHERPARTY" so let's do all we can to delegitimize the election."

But widespread hacking seems to me to be a near impossibility, due to the way the US election system is set up. For those outside the country: We don't have a central counting system. It's district-by-district, state-by-state. With different machines, people, safeguards, watchers, etc. Not impermeable, but pretty darn good.

If the Russians did "hack" the election, it was via propaganda to change the hearts and minds of voters. Which is exactly what our politicians do every day. So even if they were involved, even at the request of a given candidate, I don't quite see the problem. It's just the modus operandi, working as designed to fool the American public into voting for a particular candidate.

Re:Why

[drinkypoo]

But widespread hacking seems to me to be a near impossibility, due to the way the US election system is set up. For those outside the country: We don't have a central counting system. It's district-by-district, state-by-state. With different machines, people, safeguards, watchers, etc. Not impermeable, but pretty darn good.

You don't need widespread hacking. You only have to hack certain key swing locations.

Re: But voter ID is raaaacist!!!!

Add to this, closing DMV offices in areas where minorities live. Add to that Kafka-esque requirements for how you document who you are before they give you an ID in the first place. Send people away with no idea for bureaucratic reasons for a couple of times.

The obvious question is how big a problem is voter impersonation fraud. And when pressed, officials are only able to come up with a *very* small number of cases.

How the hell can you know if there is any voter impersonation fraud when there's no requirement for a voter to actually identify himself?

DEFCON

[Fire_Wraith]

Incidentally, this is one of the really cool things about DEFCON, and one of the reasons why I like to go. It really is a -hacking- conference, in the original sense of the word. There's all sorts of things you can get hands-on with, take apart, scan, mess with, etc. No releases, no NDAs, no "but don't really do anything that could break it." In the last two years I saw everything from cars to home appliances to ICS/SCADA systems and more. This is exactly the kind of thing that DEFCON is known for, and I look forward to messing with them myself (as well as watching what others do and find).

What's even more interesting is that from what I've seen, it's increasingly the companies and the government themselves bringing this stuff, because they're realizing the value of unleashing the curiousity and skill of the hacker mindset on some of these things, never-mind the PR value (Two years ago Tesla brought a Model S to the main ballroom, and let people hack away at it, while advertising their bug bounty program, for instance).

Go back to PAPER ballots!

[p51d007]

I NEVER cared for ANY electronic voting machines. It is way too easy to change electronics. All these hack attempts do is give whomever is the opposition in DC, a 30 second sound bite on TV, as to why they lost an election. To remove that, go back to paper ballots. To add to that, after you vote, you should dip your finger in that non removable ink also.

Re: But voter ID is raaaacist!!!!

[Kierthos]

In-person voter fraud is shockingly rare. (Some states have mandated picture ID or other forms of identification to vote for years, by the way.) From 2000-2012, there were 2,068 cases of voter fraud. 10 of those were in-person voter fraud.

10.

So, the ostensible goal of most of these voter ID laws, that they need to be in place to stop voter fraud, is really a non-factor. This is a solution in search of a problem.

Then why do it?

Well, for one, it's an appeal to ignorance. "There has to be voter fraud, we don't have any way to stop it!" Except, of course, we do. Even states that don't require picture ID have methods of catching fraudulent ballots.

For another, it's clearly being used as a way to block certain types of voters (poor, minorities) from legally accessing one of their rights. It's not a coincidence that those blocks of voters tend towards voting for the Democratic party.

Now, don't get me wrong. I think it makes sense that everyone should have a picture ID. It's damn useful to be able to prove who you are to the cops, to potential employers, whatever.

But let's make it accessible. Don't close down places that provide picture ID, don't make it harder.

No political party with honest intent should be trying to restrict people from voting.