DEFCON Conference To Target Voting Machines

An anonymous reader quotes a report from Politico: Hackers will target American voting machines -- as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar's Palace in Las Vegas at the end of July for DEFCON, the world's largest hacking conference, organizers are planning to have waiting what they call "a village" of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks. With all the attention on Russia's apparent attempts to meddle in American elections -- former President Barack Obama and aides have made many accusations toward Moscow, but insisted that there's no evidence of actual vote tampering -- voting machines were an obvious next target, said DEFCON founder Jeff Moss.

It's the voters, stupid!

"Russians" didn't hack the voting machines (I don't know for sure, mind you, but it's pretty implausible). *If* they did anything (and this is far more plausible), then it was messing with the voter's brains, aka "social engineering", aka FUD, aka PsyOps.

Yes, the vulnerabilities in the voting machines are embarrasing. Yes, it's fun uncovering them. There are many other reasons for counting votes the "traditional" way, secure machines or not. Still: don't let all this geeky stuff detract from the elephant in the room: buying Facebook personal data in bulk and correlating it with past votes, then sending targeted fake news has done much more in the last big polls (at least for Brexit and for the US Presidentials it is *known*) than any "classical hacker" vote fraud could have done.

Hey, you USians even have a word for it, courtesy of one of your three-letter agencies: PsyOPS!

Re:It's the voters, stupid!

[vtcodger]

"There are many other reasons for counting votes the "traditional" way, secure machines or not."

There are other alternatives as well. For example the town I live in uses paper ballots, but counts them with OCR -- which allows for a quick total when the polls close, but still allows a recount if a problem in a miscount is suspected.

BTW, about 30 years ago, the town had a substantial number of blank ballots vanish on election day. Everyone is pretty sure they didn't end up in the vote count, but to this day no one knows where they went. if indeed they ever existed. It's remotely possible that the print run was somehow miscounted.

Re:It's the voters, stupid!

[jimbolauski]

When the Russians chose to use their PsyOps they had an option of choosing a person had received millions of dollars from speaking fees, business deals, donations to their charity, and campaign contributions from people with ties to Russia. The same person that signed off on allowing Russia to buy a controlling stake in a company that produces 1/5 of the US uranium production. Yet they choose the other guy?

I find it far more believable that any Russian PhyOps were aimed at undermining confidence in the election process, rather then them influencing the outcome of the next US president.

Re:But voter ID is raaaacist!!!!

Because it's too hard to get an ID?

Indeed, that idea itself is most definitely racist, if you go by a reasonable definition of "racism". It implies that black people are incapable of obtaining a state-issued ID while everyone else who wants to vote has no problem doing it.

Apparently this is solely because they are black. It cannot be because of any concern about poverty because there are lots of poor white people (more in fact). Also, the proposed "solution" is always to abandon any voter ID requirement. To subsidize the small cost of state-issued IDs (the DMV fee/etc) or give them away for free to low-income people is never seriously proposed.

Of course, when the shoe is on the other foot, Dems sqauwk for voter ID:

If you were expecting a principled stance from any politician you are definitely going to be disappointed. They support whatever seems to be in their immediate interests at that particular time, no matter what they perceived to be in their interests in the past. The "Dems" are not unique in this respect. Power plus a lack of any real personal accountability seems to do this to people.

It won't change until we all realize that an honest, trustworthy voting/electoral process is in everyone's interests and that this is not a difficult problem to solve.

Re:Why

[drinkypoo]

But widespread hacking seems to me to be a near impossibility, due to the way the US election system is set up. For those outside the country: We don't have a central counting system. It's district-by-district, state-by-state. With different machines, people, safeguards, watchers, etc. Not impermeable, but pretty darn good.

You don't need widespread hacking. You only have to hack certain key swing locations.

DEFCON

[Fire_Wraith]

Incidentally, this is one of the really cool things about DEFCON, and one of the reasons why I like to go. It really is a -hacking- conference, in the original sense of the word. There's all sorts of things you can get hands-on with, take apart, scan, mess with, etc. No releases, no NDAs, no "but don't really do anything that could break it." In the last two years I saw everything from cars to home appliances to ICS/SCADA systems and more. This is exactly the kind of thing that DEFCON is known for, and I look forward to messing with them myself (as well as watching what others do and find).

What's even more interesting is that from what I've seen, it's increasingly the companies and the government themselves bringing this stuff, because they're realizing the value of unleashing the curiousity and skill of the hacker mindset on some of these things, never-mind the PR value (Two years ago Tesla brought a Model S to the main ballroom, and let people hack away at it, while advertising their bug bounty program, for instance).

Re: But voter ID is raaaacist!!!!

[Kierthos]

In-person voter fraud is shockingly rare. (Some states have mandated picture ID or other forms of identification to vote for years, by the way.) From 2000-2012, there were 2,068 cases of voter fraud. 10 of those were in-person voter fraud.

10.

So, the ostensible goal of most of these voter ID laws, that they need to be in place to stop voter fraud, is really a non-factor. This is a solution in search of a problem.

Then why do it?

Well, for one, it's an appeal to ignorance. "There has to be voter fraud, we don't have any way to stop it!" Except, of course, we do. Even states that don't require picture ID have methods of catching fraudulent ballots.

For another, it's clearly being used as a way to block certain types of voters (poor, minorities) from legally accessing one of their rights. It's not a coincidence that those blocks of voters tend towards voting for the Democratic party.

Now, don't get me wrong. I think it makes sense that everyone should have a picture ID. It's damn useful to be able to prove who you are to the cops, to potential employers, whatever.

But let's make it accessible. Don't close down places that provide picture ID, don't make it harder.

No political party with honest intent should be trying to restrict people from voting.