Election Hacking Thread


#1

This thread was originally titled: How the Vote Hacking Was Done at DefCon25

But it’s become more about election hacking in general, so I changed the title. Enjoy.

The White Hats over at AlienVault provide a play by play of how they were able to hack the ExpressPoll 5000 a voter registry lookup device that is supposed to allow election workers to verify voters in a precinct, and print voting cards at the polling station.

They conclude that “All it would take is one naive or malicious poll worker, at any level, to compromise an election in this fashion.”

Since DefCon25, Wired Magazine released this list of recommendations.

Now this all seems like bad news and it is, but it gets worse, in January the House moved to eliminate the commission overseeing voting system security called the Election Assistance Commission or EAC even though the Department of Homeland Security in the same month, designated election systems as “critical infrastructure”

Here is H.R.634 - Election Assistance Commission Termination Act in it’s entirety.

We need to start a major push to secure our voting infrastructure, this is clearly a nonpartisan issue and an essential part of preserving our democracy.


(Matt Kiser) #2

This stuff is fascinating. It’s rare for voting machines to get out into the wild for this kind of testing, let alone 30 of them…


#3

I became interested when I read that piece on WTF and started digging. It’s a much bigger problem than I anticipated.

"A compact flash card was found, containing a SQLite database of some 600,000 voter records in Tennessee, formatted for the ExpressPoll. Someone sold a Diebold ExpressPoll 5000, containing this card, on eBay.

The very presence of this card at DEF CON, a well-known hacker conference, or indeed anywhere outside of an incinerator, is a huge vulnerability, as it indicates that personal and voter records are clearly not treated with respect, or any sort of security. The entries within this database could be altered, deleted, or appended to, demonstrating that even voter records used in an actual election could be altered by anybody with access to basic hardware."

Anyone can purchase these machines and parts on eBay, which means there’s probably another unseen market elsewhere. This issue needs more attention from the public.


(Matt Kiser) #4

that’s incredible.


#5

Wtf, right?!


(Boundless Informant) #6

I have to laugh so I don’t cry.

These were some hackers messing around in their free time. A targeted state-sponsored program could easily and massively tamper with the vote with these glaring flaws. It makes me wonder: how could it not have happened? :confused:


#7

Wow that is completely terrifying.


(Boundless Informant) #8

Attempting to address this subject in a slightly more “positive” manner… by “positive” I mean speaking in terms of what should be done rather than simply complaining about the way things are right now…

It’s worth noting that information security professionals more or less universally agree that voting shouldn’t be done electronically at all. Technology is just too problematic.

(I know, I know… “electronic voting bad” is still kind of “negative” framing…)


#9

Wait what?! From the Times


#10

Update from Politico, official report coming Tuesday.


#11

Defcon 25 full report on voting machine hacking. Have a glass of something pleasant before you read this one.


#12

So what do you think the likelihood is that this will ever be fixed?


(Ashley ) #13

zero to none.

:roll_eyes:


#14

@celena @mouseam I conquer. This topic isn’t getting the attention it deserves and this government wouldn’t act unless they it was in their best interest. #sad


#15

The New York Times follows up on this issue. It’s not enough but at least it’s a start…


#16

Plaintiffs in the lawsuit, who are mostly Georgia voters, want to scrap the state’s 15-year-old vote-management system — particularly its 27,000 AccuVote touchscreen voting machines, hackable devices that don’t use paper ballots or keep hardcopy proof of voter intent. The plaintiffs were counting on an independent security review of the Kennesaw server, which held electronic poll book data and ballot definitions for counties, to demonstrate the system’s unreliability.

:woman_facepalming:t2:


#17

Samatha Bee has more on this story


#18

This is the best explainer video yet. Watch :point_down:


#19

Step 4: Sip coffee and wait

My brain can’t figure out whether to laugh or cry :joy_cat:

The special elections (and Virginia, etc.) give me so much hope that we can overcome some obstacles like gerrymandering and fake inflammatory news, but also no fucking way are we gonna be able to be ready for mid terms unless every state commits to paper backups. I don’t expect that to happen, but man November is a long time to wait on pins and needles in anticipation of wtf will go down.


#20

Just request an absentee paper ballot. :point_down: click here to request yours today. :nerd_face: