In a few short days citizens of the United States go to the polls to vote in national elections, so this event provides a convenient segue for me to write this column on the subject of DEF CON 26.
The computer hacker convention held earlier this summer is one of the oldest and largest continuously running events of its kind and every year thousands of attendees converge on Las Vegas to learn about security.
Technology professionals from banks, software companies and hardware manufacturers regularly attend DEF CON as do law enforcement agents from around the world. They are there to learn more about how hackers compromise security and to develop improved countermeasures. One thing to understand about DEF CON is that no criminal is going to come to demonstrate publicly how they do what they do. Many of the hackers there to demonstrate their prowess are often looking for a job or a consulting contract. Apple, Microsoft, the FBI, NSA, Interpol, etc. will be hiring.
In the United States, as well as other countries, governments put their faith in the accuracy and integrity of voting machines, depending on them for an accurate reporting of votes that are cast. The manufacturers of voting machines just say “trust us.” They boast that their security protections are impenetrable and that the accuracy of their vote tabulations is beyond any possibility of tampering. The reality is quite different.
The DEF CON convention features the “Voting Machine Hacking Village” where hackers and would-be hackers of all ages demonstrate their skill at penetrating those allegedly impenetrable voting systems. In fact, of the 39 participants aged 6-17, only four failed to successfully hack mock versions of voting systems. An 11-year-old boy pulled off the feat in less than ten minutes while an 11-year-old girl demonstrated how she could manipulate results to make it appear that a different candidate had won the Florida presidential vote in 2016. If 35 out of 39 children attending DEF CON quickly made mincemeat of voting systems’ security, then it is accurate to say that hacking elections actually is child’s play.
Manufacturers of voting machines are actively trying to sweep their failings under the rug, going so far as to send threatening letters to anyone who tries to sell used voting machines, falsely claiming this is illegal. The industry’s unwillingness to acknowledge the problems discovered at DEF CON only ensures that the “Voting Machine Hacking Village” will keep coming back every year with new and more worrisome hacks.
The proven mendacity of the companies that manufacture voting machines affords them absolutely zero credibility and as an industry they have an absolutely abominable record when it comes to security practices. Unfortunately, this is one of the real reasons that the integrity of free elections around the world are at risk.
Charles Miller is a freelance computer consultant with more than 20 years IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted through his Web site at SMAguru.com.