Congress has used the Russia hacked the election meme as part of its excuse to levy increasingly hefty economic sanctions against the U.S.’s former Cold War foe. But if lawmakers were really concerned about American election integrity, they’d be in emergency mode attempting to flaws in electronic voting machines which leave them vulnerable to hackers with far fewer resources than a world superpower.
Despite the intelligence community’s best efforts, there’s still no actual indication that Russian hackers affected the U.S. election in any way via hacking.
But as Congress wastes time and inflames international relations with Russia with harsher economic sanctions based on the unproven theory that the nation did, it’s becoming clear that hacking an American election would be pretty easy– and that the nation would be better off working to protect electoral equipment from foes far less capable than Russia’s spies.
Hackers attending the Voter Hacking Village at Defcon in Las Vegas over the weekend had a go at working over popular American voting machines.
The results weren’t encouraging for election integrity fans.
While many people at the Voter Hacking Village zeroed in on the weak mechanical lock covering access to the machine’s USB port, Synack worked on two open USB ports right on the back. No lock picking was necessary.
The team plugged in a mouse and a keyboard — which didn’t require authentication — and got out of the voting software to standard Windows XP just by pressing “control-alt-delete.” The same thing you do to force close a program can be used to hack an election.
“It’s really just a matter of plugging your USB drive in for five seconds and the thing’s completely compromised at that point,” Synack co-founder Jay Kaplan said. “To the point where you can get remote access. It’s very simple.”
Synack’s team was able to access the voting machine from a mobile app by installing a remote desktop program on it.
Once you’re out of the voting program on the machine, it’s just like any old Windows XP computer, Synack found. In one case study, the company found a poll worker in Virginia had hacked the machine so she could play Minesweeper on it.
When you’re in the machine, changing votes is as simple as updating an Office document.
Back at the village, once a voting machine was hacked, it could be reset to its original state for the next person to try his or her hand at it. It was like messing up a Rubik’s Cube before passing it to the next person to solve.
On Friday afternoon, a hacker tapped into the Windows XP side of the AVS WinVote machine and installed Windows Media Player on it. He then rickrolled the room by playing Rick Astley’s “Never Gonna Give You Up” on the voting machine.
A hacker calling himself “Oyster” and his team tried to break into a Diebold voting machine on Friday after another team had successfully compromised it.
“I hope that we find a load of vulnerabilities in these just so we can open it up to the public to see how serious the problem is,” he said.
Diebold said it sold its voting machine business in September 2009, and declined to comment for the story.
In other words, the machines were hacked over and over by people who showed up for a conference.
That’s a bigger threat to U.S. elections than Russia could ever hope to be– and anyone saying otherwise is either stupid, or pushing a stupid political agenda.