DefCon Forum For The Digital Voting Machines #Hackathon

Thu Jul 27 09:42:20 PDT 2017

https://forum.defcon.org/forum/defcon/dc25-official-unofficial-parties-social-gatherings-events-contests/dc25-villages/voting-machine-hacking-village/226138-new-for-def-con-25-voting-machine-hacking-village


On 07/27/2017 08:33 AM, Razer wrote:
> https://www.usatoday.com/story/tech/2017/07/26/voting-machines-hackers-election-hack/507071001/
>
> LAS VEGAS – Think of it as a stress test for democracy. Hackers plan to
> spend this weekend trying to break into more than 30 voting machines
> used in recent elections to see just how far they can get.
>
> U.S. election officials have consistently said that despite Russian
> attempts to affect the outcome of the 2016 presidential election, no
> votes were tampered with.
>
> Prove it, say organizers of DefCon, an annual hacker convention held in
> Las Vegas each July.
>
> The idea is to “start hacking on (the machines) to raise awareness and
> find out for ourselves what the deal is. I'm tired of reading
> misinformation about voting system security,” Jeff Moss, DefCon founder,
> wrote on the conference blog.
>
> One of the event organizers is Matt Blaze, a professor at the University
> of Pennsylvania who's been working on making election software more
> secure since the mid-2000s. The the best of his knowledge, this will be
> the first time a technical crowd will have the ability to look at the
> machines “on a large scale.”
>
> That’s in part because until 2015, it was illegal under the terms of the
> Digital Millennium Copyright Act to try to hack into voting machines.
>
> “The Library of Congress granted an exemption that explicitly allowed
> this type of research, to enable good faith research of security flaws,”
> said Stephanie Singer a project lead with Free & Fair, a Portland,
> Ore.-based election technology company.
>
> The event comes as  attempted election meddling has become a major
> geo-political issue both in the United States and worldwide.
>
> This week the Senate grilled the president’s son-in-law and adviser,
> Jared Kushner, on possible collusion in Russian attempts to influence
> the U.S. presidential election via hacking. (He denied collusion.)
>
> Prior to the 2016 presidential election, hackers probed election works
> in at least 39 states, according to a report by Bloomberg last month.
>
> Cyberattacks over the past year in Ukraine, Bulgaria, Estonia, Germany,
> France and Austria have attributes that linked them to suspected Russian
> hackers, according to former National Intelligence director James
> Clapper. They appeared to be aimed at influencing election results,
> sowing discord and undermining faith in public institutions that
> included government agencies, the media and elected officials.
>
> In all of this, there has been no indication that actual votes were
> changed, the FBI has said.  Election officials have cited the
> decentralized nature of the U.S. election system, which is state, county
> and sometimes even municipality-based.
>
> However, experts in election voting software say no states routinely
> perform post-election vote audits to ensure that the reported vote count
> tallies with ballots, Singer said.
>
> Moreover, there were no forensic examinations of any of the voting
> machines used in the 2016 presidential election, in part because many
> election-machine vendor contracts prohibit it, Singer said.
>
> That’s a red flag for hackers at DefCon.
>
> To see just how safe the voting machines that underpin democracy are,
> they're bringing more than 30 voting machines purchased on eBay and at
> government surplus sales to Las Vegas where they're setting up a “Voting
> Machine Hacking Village” at the conference at Caesar's Palace.
>
> There they'll spend the weekend probing the network connecting the
> machines, physically attempting to alter the machines and hacking into
> their hardware.
>
> The effort is being overseen by two well-known researchers in the field
> of election security, Blaze and Harri Hursti, a Finnish computer
> programer who in 2005 showed it was possible to hack into a Diebold
> voting machine and change vote tallies, a technique now known as “the
> Hursti Hack.”
>
> "You never know what that kind of a spark will ignite. My hope is that
> we’ll see a broadening of the community of people interesting in
> improving the security of our election system,” Blaze said.
>
> The program is just one of a week's worth of computer security
> conference events happening in Las Vegas. The first is Black Hat,
> followed by DefCon.
>
> Other workshop topics include how to hack a wind farm, defenses against
> drones (the French military is training eagles to pluck them out of the
> sky), the latest in car hacking and an in-depth look at just how hard it
> is to knock out the power grid (hint: not as hard as it should be.)
>
> --30--
>