August 20, 2018 at
11-year old Florida student Emmett Brewer, one of the 39 children who tampered an exact replica of the Florida State Election results, took part in a hacking event at the world’s largest hacking conference in Las Vegas, DEF CON.
It took only 10 minutes for the 11-year old to hack into the website, a replica of the Florida Secretary of State website, changing the results and giving himself over 239 billion votes in under approximately 5 minutes. 35 of the 39 children were successful in undermining the website’s security and were able to tamper candidate and party names along with the voting tallies, all within 30 minutes.
As a result of the exposition’s event, the DEF CON participants were able to discover that the voting systems were vulnerable due to expired Secure Sockets Layer (SSL) certificates. These certificates, designed to create secure connections between the user and the server, were the point of vulnerability within the system.
Validity of the findings and vulnerabilities
Defending the website’s supposed vulnerability, several skeptics have stated that these mock websites are incapable of the same kinds of security used by the actual websites and servers. “Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day,” the National Association of Secretaries of State said, in an official statement.
These state-established cyber protections and security include databases that are custom-built for the vote as well as the utilization of unique networks, including security protocols and SSL certificates designed for or otherwise acquired for the voting system on election day.
Regardless of criticisms, many agree that most (if not all) websites on the internet are vulnerable. Matt Blaze told PBS,
What was interesting is just how utterly quickly they were able to do it.
Among other findings at the DEF CON convention, officials discovered popular song files from China in a voting machine recently used in a Las Vegas election as well as discovering how easy it is to modify and/or corrupt the voting machines and systems.
Electronic poll books could similarly be corrupted, and administrative passwords were unencrypted and stored in plain .txt format files, including the common and insecure “password” password. These files were stored within removable memory cards. The optical scanners used for paper ballots of absentees (which constitute over half of all voters in the United States) could have the entire system corrupted by overwriting its files through the insertion of a USB drive in the powered off state containing a .zip with an “update” named file.