At the convention, hackers will probe different electronic and digital voting systems, seeking to discovery new vulnerabilities, which will allow technology developers to fix make appropriate fixes. The exercise is designed to go someway to addressing the concerns of some voters and politicians about the reliability of alternative voting systems in the context of cyberattacks.
Def Con is one of the world’s largest hacker conventions. The event, which has been running since 1993, is held annually in Las Vegas, Nevada. Delegates include computer security professionals, journalists, lawyers, and federal government employees. The areas covered a varied, ranging from software, to computer architecture; and from smartphone phreaking to hardware modification. ‘Def Con’ is also a play upon “defense readiness condition”, an alert state used by the U.S. Forces.
In April 2018, the U.S. Congress authorized $380 million to help states protect their voting systems from hacking. However, even with this cash injection, many voting systems remain vulnerable to attack and money itself cannot secure systems; the actual systems themselves need to be challenged by would-be hackers.
The focus of Def Con 2018 on hacking machines springs from the 2017 event. Last year, Carsten Schurmann, an experienced hacker, demonstrated that U.S. election equipment suffers from serious vulnerabilities. In one example, Schurmann needed just a few minutes to gain remote control of a WINVote machine. This type of voting technology has been used in several states. Through the hack, Schurmann gained access to all voter databases stored on the machine.
According Engadget voting machines: “are so badly maintained, notoriously backdoored and easily hacked that even Defcon hackers massively stress out in forums and chat spaces about their own local and federal voting process.”
Voting machines in the past have been shown to have vulnerabilities, as an article in CSO explains. Voting systems called out include ES&S, Dominion Voting, MicroVote and Unisyn Voting Solutions.
The new hack-tests at Def Con 2018 have received support from Verified Voting, an advocacy group. The group seeks to represent concerned citizens who are hesitant about electronic paperless voting. The Verified Voting Foundation has helped to support the new challenge tests organized the convention.
With the new hacks of voting machines being run across Def Con 2018, the exercise has received support from U.S. officials. Jeanette Manfra, assistant secretary of cybersecurity and communications at the U.S. Department of Homeland Security has told Reuteurs: “We see a lot of value in doing things like this. We think it’s important…The idea is, when we find things here, how do we connect them with the actual vendors and make sure that we are closing this loop back to a coordinated vulnerability disclosure process.”
