https://forum.defcon.org/forum/defcon/dc25-official-unofficial-parties-socia... On 07/27/2017 08:33 AM, Razer wrote:

https://www.usatoday.com/story/tech/2017/07/26/voting-machines-hackers-elect...

LAS VEGAS – Think of it as a stress test for democracy. Hackers plan to spend this weekend trying to break into more than 30 voting machines used in recent elections to see just how far they can get.

U.S. election officials have consistently said that despite Russian attempts to affect the outcome of the 2016 presidential election, no votes were tampered with.

Prove it, say organizers of DefCon, an annual hacker convention held in Las Vegas each July.

The idea is to “start hacking on (the machines) to raise awareness and find out for ourselves what the deal is. I'm tired of reading misinformation about voting system security,” Jeff Moss, DefCon founder, wrote on the conference blog.

One of the event organizers is Matt Blaze, a professor at the University of Pennsylvania who's been working on making election software more secure since the mid-2000s. The the best of his knowledge, this will be the first time a technical crowd will have the ability to look at the machines “on a large scale.”

That’s in part because until 2015, it was illegal under the terms of the Digital Millennium Copyright Act to try to hack into voting machines.

“The Library of Congress granted an exemption that explicitly allowed this type of research, to enable good faith research of security flaws,” said Stephanie Singer a project lead with Free & Fair, a Portland, Ore.-based election technology company.

The event comes as attempted election meddling has become a major geo-political issue both in the United States and worldwide.

This week the Senate grilled the president’s son-in-law and adviser, Jared Kushner, on possible collusion in Russian attempts to influence the U.S. presidential election via hacking. (He denied collusion.)

Prior to the 2016 presidential election, hackers probed election works in at least 39 states, according to a report by Bloomberg last month.

Cyberattacks over the past year in Ukraine, Bulgaria, Estonia, Germany, France and Austria have attributes that linked them to suspected Russian hackers, according to former National Intelligence director James Clapper. They appeared to be aimed at influencing election results, sowing discord and undermining faith in public institutions that included government agencies, the media and elected officials.

In all of this, there has been no indication that actual votes were changed, the FBI has said. Election officials have cited the decentralized nature of the U.S. election system, which is state, county and sometimes even municipality-based.

However, experts in election voting software say no states routinely perform post-election vote audits to ensure that the reported vote count tallies with ballots, Singer said.

Moreover, there were no forensic examinations of any of the voting machines used in the 2016 presidential election, in part because many election-machine vendor contracts prohibit it, Singer said.

That’s a red flag for hackers at DefCon.

To see just how safe the voting machines that underpin democracy are, they're bringing more than 30 voting machines purchased on eBay and at government surplus sales to Las Vegas where they're setting up a “Voting Machine Hacking Village” at the conference at Caesar's Palace.

There they'll spend the weekend probing the network connecting the machines, physically attempting to alter the machines and hacking into their hardware.

The effort is being overseen by two well-known researchers in the field of election security, Blaze and Harri Hursti, a Finnish computer programer who in 2005 showed it was possible to hack into a Diebold voting machine and change vote tallies, a technique now known as “the Hursti Hack.”

"You never know what that kind of a spark will ignite. My hope is that we’ll see a broadening of the community of people interesting in improving the security of our election system,” Blaze said.

The program is just one of a week's worth of computer security conference events happening in Las Vegas. The first is Black Hat, followed by DefCon.

Other workshop topics include how to hack a wind farm, defenses against drones (the French military is training eagles to pluck them out of the sky), the latest in car hacking and an in-depth look at just how hard it is to knock out the power grid (hint: not as hard as it should be.)

--30--