DefCon attendees will have the opportunity to Hackathon 30 US Digital Voting Machines

Razer g2s at riseup.net
Thu Jul 27 08:33:09 PDT 2017 

https://www.usatoday.com/story/tech/2017/07/26/voting-machines-hackers-election-hack/507071001/

LAS VEGAS – Think of it as a stress test for democracy. Hackers plan to
spend this weekend trying to break into more than 30 voting machines
used in recent elections to see just how far they can get.

U.S. election officials have consistently said that despite Russian
attempts to affect the outcome of the 2016 presidential election, no
votes were tampered with.

Prove it, say organizers of DefCon, an annual hacker convention held in
Las Vegas each July.

The idea is to “start hacking on (the machines) to raise awareness and
find out for ourselves what the deal is. I'm tired of reading
misinformation about voting system security,” Jeff Moss, DefCon founder,
wrote on the conference blog.

One of the event organizers is Matt Blaze, a professor at the University
of Pennsylvania who's been working on making election software more
secure since the mid-2000s. The the best of his knowledge, this will be
the first time a technical crowd will have the ability to look at the
machines “on a large scale.”

That’s in part because until 2015, it was illegal under the terms of the
Digital Millennium Copyright Act to try to hack into voting machines.

“The Library of Congress granted an exemption that explicitly allowed
this type of research, to enable good faith research of security flaws,”
said Stephanie Singer a project lead with Free & Fair, a Portland,
Ore.-based election technology company.

The event comes as  attempted election meddling has become a major
geo-political issue both in the United States and worldwide.

This week the Senate grilled the president’s son-in-law and adviser,
Jared Kushner, on possible collusion in Russian attempts to influence
the U.S. presidential election via hacking. (He denied collusion.)

Prior to the 2016 presidential election, hackers probed election works
in at least 39 states, according to a report by Bloomberg last month.

Cyberattacks over the past year in Ukraine, Bulgaria, Estonia, Germany,
France and Austria have attributes that linked them to suspected Russian
hackers, according to former National Intelligence director James
Clapper. They appeared to be aimed at influencing election results,
sowing discord and undermining faith in public institutions that
included government agencies, the media and elected officials.

In all of this, there has been no indication that actual votes were
changed, the FBI has said.  Election officials have cited the
decentralized nature of the U.S. election system, which is state, county
and sometimes even municipality-based.

However, experts in election voting software say no states routinely
perform post-election vote audits to ensure that the reported vote count
tallies with ballots, Singer said.

Moreover, there were no forensic examinations of any of the voting
machines used in the 2016 presidential election, in part because many
election-machine vendor contracts prohibit it, Singer said.

That’s a red flag for hackers at DefCon.

To see just how safe the voting machines that underpin democracy are,
they're bringing more than 30 voting machines purchased on eBay and at
government surplus sales to Las Vegas where they're setting up a “Voting
Machine Hacking Village” at the conference at Caesar's Palace.

There they'll spend the weekend probing the network connecting the
machines, physically attempting to alter the machines and hacking into
their hardware.

The effort is being overseen by two well-known researchers in the field
of election security, Blaze and Harri Hursti, a Finnish computer
programer who in 2005 showed it was possible to hack into a Diebold
voting machine and change vote tallies, a technique now known as “the
Hursti Hack.”

"You never know what that kind of a spark will ignite. My hope is that
we’ll see a broadening of the community of people interesting in
improving the security of our election system,” Blaze said.

The program is just one of a week's worth of computer security
conference events happening in Las Vegas. The first is Black Hat,
followed by DefCon.

Other workshop topics include how to hack a wind farm, defenses against
drones (the French military is training eagles to pluck them out of the
sky), the latest in car hacking and an in-depth look at just how hard it
is to knock out the power grid (hint: not as hard as it should be.)

--30--

More information about the cypherpunks mailing list