Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT Technology

Hackers Break Into Voting Machines Within 2 Hours at Defcon (cbsnews.com) 37

Hackers from around the world had the rare opportunity to crack election-style voting machines this weekend in Las Vegas -- and they didn't disappoint. From a report: After nearly an hour and a half, Carsten Schurmann, an associate professor with IT-University of Copenhagen, successfully cracked into a voting machine at Las Vegas' Defcon convention on Friday night, CNET reports. Schurmann penetrated Advanced Voting Solutions' 2000 WinVote machine through its Wi-Fi system. Using a Windows XP exploit from 2003, he was able to remotely access the machine, CNET reports. Voting technology was thrust into the political spotlight when election systems in several states were targeted by Russian cyber attacks. The convention purchased more than 30 voting machines for the event, although, organizers didn't specify how many models those units represented.
This discussion has been archived. No new comments can be posted.

Hackers Break Into Voting Machines Within 2 Hours at Defcon

Comments Filter:
  • by Train0987 ( 1059246 ) on Monday July 30, 2018 @11:06AM (#57033374)

    This is why voting machines on not connected to the internet.

    • Re:So what? (Score:4, Informative)

      by Train0987 ( 1059246 ) on Monday July 30, 2018 @11:08AM (#57033400)

      I just realized these machines were known as exploitable and decertified years ago. Nice clickbait though.

    • Are you trolling?

  • How about hacked?

  • This news is one year old.

    DEF CON 26, the 2018 show, starts on the 9th of August this year...and will have a Voting Machine Village again.

    • Gotta keep "The Russians Hacked the Election!" myth alive at all costs. Even if it means publicizing the exploit a known vulnerable 15 year-old machine that's not in use anywhere.

    • by Nidi62 ( 1525137 )

      This news is one year old.

      DEF CON 26, the 2018 show, starts on the 9th of August this year...and will have a Voting Machine Village again.

      People keep complaining they want old Slashdot back. Posting incredibly out of date articles is classic Slashdot.

  • by TheDarkener ( 198348 ) on Monday July 30, 2018 @11:14AM (#57033466) Homepage

    I think all OG Slashdotters here realize that current voting machines deployed here in the U.S. are all shit, hackable, it's been like this for many elections. There's proof online. But will anything ever be done about it? The people that make the big decisions at the state/federal level have always been reluctant to take security seriously enough to do anything about it - after all, it's all about the Benjamins.

    So what next? Are we just going to keep holding elections that nobody really believes in, on outdated, vulnerable piece of shit voting machines? How will the people who actually understand the internals of machines like this convince the people who purchase and deploy them that they can't keep doing it this way?

    • I have no idea why we're not looking at paper ballots as an option. Fully Digital Voting is ripe for exploitation on a massive scale, the kind that would keep a dictator elected for life.

      Decentralized paper ballots are less prone to wide scale exploitation. Because it is "hard" doesn't seem like a good answer IMHO.

      • Paper ballots WERE the main way of doing things for decades prior to 2000, until Gore needed an excuse for delaying the vote certification in Florida and blamed hanging chads, butterfly ballots, etc. Every push for electronic voting machines can be traced directly back to that.

        • Saw an interesting post about hanging chads. Basically said that it was unlikely to be problem in the numbers being reported, unless someone was stuffing the ballot with bulk punched cards. Not that the chads were impossible, but rather that in the numbers that were reported was higher than statistically probable.

          • It wasn't a problem at all. Neither was the butterfly ballot debacle. That was all about the Gore team calling a bunch of elderly Jewish Democrats in West Palm Beach and convincing them that they had voted for Pat Buchanan by mistake. It was a delay tactic by the Gore team to hold up Florida from certifying their election results until they could come up with a better strategy to contest the entire 2000 election.

            I was there, deeply involved in that mess.

    • You are absolutely correct. Voting machines should never be computerized or networked. The old mechanical lever-style machines with manual counts work just fine and are as secure as you can get.

      What most people don't realize is that voting equipment is a very expensive burden for the local governments that are responsible for buying them. They get used one day every 2 years, maybe 4. That's why most eqpt is 50 years old and computerizing them is a bad idea (they won't be updated or replaced for decades,

  • I have my own views on this but I would like to hear from others what they think.

    There are ATM machines all across the world that handle billions of dollars of transactions -- a big percentage of it in cash -- and they are a network and the public has physical access to them 24/7. Many of them have more than $100K cash in them. If you ever had a great target for crooks to hack that would be it.

    Yes there are reports of them getting hacked or robbed now and then but by and large the companies that own a

    • Because voting machines sit unplugged in a box and only turned on once every few years, usually by volunteers who have no idea how to update or troubleshoot them. Would you like to pay an extra $5k in taxes per year for 24/7 maintenance and support for such equipment? That's about what it would cost.

      • Hey I know, how about a process to update them before they're used (not necessarily 24/7 care)? I wonder if voting machine manufacturers are smart enough to keep track of sold equipment, software revisions and therefore patches needed, update processes...Sounds familiar to me for some reason, it's almost like other companies do that kind of thing. Not sure if computers are smart enough yet to query a server for required updates though. Sounds so....futuristic.

        • Because it is prohibitively expensive. It's impossible for local governments to justify spending more money on a piece of equipment that's used once every four years instead of more pressing day to day things like sewer, water, trash pickup, etc. Taxdollars are a finite resource.

        • Why would a machine that has only one simple purpose counting votes) need to be updated /patched? If it works- it works, why try to introduce new problems? No way to connect to the real world= good.
          • You obviously have never worked in software development.

            • You obviously have never worked in software development.

              Yes, if it works, keep fixing it until it doesn't. Anyways, the UI's are *so* last millennium.

              • What I mean is, there will *always* be bugs to fix in software. "It works" isn't as simple of a goal as you are imagining.

  • Interesting how DEFcon doesn't start for a week & a half... And the date on this post is from July 2017. Way to go Slashdot editors.

    DEFcon will be running the Voting Machine Hacking village again this year. I fully expect they will be owning as many machines as quickly as they did a year ago. But it hasn't happened yet this year.

    • by ediron2 ( 246908 )

      The only thing more disappointing than slashdot editors not noticing the staleness of this article, is that the current frickin' slashdot owners & editors aren't VISCERALLY & PERSONALLY aware that Defcon is still more than a week away.

To stay youthful, stay useful.

Working...