Hackers Break Into Voting Machines Within 2 Hours at Defcon (cbsnews.com) 37
Hackers from around the world had the rare opportunity to crack election-style voting machines this weekend in Las Vegas -- and they didn't disappoint. From a report: After nearly an hour and a half, Carsten Schurmann, an associate professor with IT-University of Copenhagen, successfully cracked into a voting machine at Las Vegas' Defcon convention on Friday night, CNET reports. Schurmann penetrated Advanced Voting Solutions' 2000 WinVote machine through its Wi-Fi system. Using a Windows XP exploit from 2003, he was able to remotely access the machine, CNET reports. Voting technology was thrust into the political spotlight when election systems in several states were targeted by Russian cyber attacks. The convention purchased more than 30 voting machines for the event, although, organizers didn't specify how many models those units represented.
So what? (Score:3)
This is why voting machines on not connected to the internet.
Re: (Score:2)
Depends on the machine. In 2000 most printed a paper ticket that was input and tallied by hand into the central Sec of State's office. Or an SD card. Some even had LAN capabilities but back in 2000 I never heard of anyone using that. It's possible I suppose, but these machines were not widely deployed anywhere.
P.S. I used to work in the electronic voting world.
Re: (Score:2)
I meant to say *after 2000*. This machine and the push for electronic voting in general was a response to the 2000 Presidential recount debacle in Florida.
Re: (Score:2)
Ah, 2000. That was before Americans outsourced their election fraud to Russia.
Re:So what? (Score:4, Informative)
I just realized these machines were known as exploitable and decertified years ago. Nice clickbait though.
Re: (Score:2)
Are you familiar with internal LAN's that aren't connected to the internet? They were a thing when this machine was built 15 years ago.
Re: (Score:3)
Are you trolling?
Cracked (Score:2)
How about hacked?
Re: (Score:2)
How about hacked?
Considering many polling places are in schools I doubt they would let you walk in with a machete so they are safe there.
Re: (Score:1)
apps
Last Year's News (Score:2)
This news is one year old.
DEF CON 26, the 2018 show, starts on the 9th of August this year...and will have a Voting Machine Village again.
Re: (Score:3)
Gotta keep "The Russians Hacked the Election!" myth alive at all costs. Even if it means publicizing the exploit a known vulnerable 15 year-old machine that's not in use anywhere.
Re: (Score:2)
This news is one year old.
DEF CON 26, the 2018 show, starts on the 9th of August this year...and will have a Voting Machine Village again.
People keep complaining they want old Slashdot back. Posting incredibly out of date articles is classic Slashdot.
Re: (Score:2)
The machine is from 2001-2003ish.
Brave new world (Score:3)
I think all OG Slashdotters here realize that current voting machines deployed here in the U.S. are all shit, hackable, it's been like this for many elections. There's proof online. But will anything ever be done about it? The people that make the big decisions at the state/federal level have always been reluctant to take security seriously enough to do anything about it - after all, it's all about the Benjamins.
So what next? Are we just going to keep holding elections that nobody really believes in, on outdated, vulnerable piece of shit voting machines? How will the people who actually understand the internals of machines like this convince the people who purchase and deploy them that they can't keep doing it this way?
Re: (Score:2)
I have no idea why we're not looking at paper ballots as an option. Fully Digital Voting is ripe for exploitation on a massive scale, the kind that would keep a dictator elected for life.
Decentralized paper ballots are less prone to wide scale exploitation. Because it is "hard" doesn't seem like a good answer IMHO.
Re: (Score:2)
Paper ballots WERE the main way of doing things for decades prior to 2000, until Gore needed an excuse for delaying the vote certification in Florida and blamed hanging chads, butterfly ballots, etc. Every push for electronic voting machines can be traced directly back to that.
Re: (Score:2)
Saw an interesting post about hanging chads. Basically said that it was unlikely to be problem in the numbers being reported, unless someone was stuffing the ballot with bulk punched cards. Not that the chads were impossible, but rather that in the numbers that were reported was higher than statistically probable.
Re: (Score:3)
It wasn't a problem at all. Neither was the butterfly ballot debacle. That was all about the Gore team calling a bunch of elderly Jewish Democrats in West Palm Beach and convincing them that they had voted for Pat Buchanan by mistake. It was a delay tactic by the Gore team to hold up Florida from certifying their election results until they could come up with a better strategy to contest the entire 2000 election.
I was there, deeply involved in that mess.
Re: (Score:3)
You are absolutely correct. Voting machines should never be computerized or networked. The old mechanical lever-style machines with manual counts work just fine and are as secure as you can get.
What most people don't realize is that voting equipment is a very expensive burden for the local governments that are responsible for buying them. They get used one day every 2 years, maybe 4. That's why most eqpt is 50 years old and computerizing them is a bad idea (they won't be updated or replaced for decades,
Re: (Score:1)
Is it really that hard? (Score:2)
I have my own views on this but I would like to hear from others what they think.
There are ATM machines all across the world that handle billions of dollars of transactions -- a big percentage of it in cash -- and they are a network and the public has physical access to them 24/7. Many of them have more than $100K cash in them. If you ever had a great target for crooks to hack that would be it.
Yes there are reports of them getting hacked or robbed now and then but by and large the companies that own a
Re: (Score:2)
Because voting machines sit unplugged in a box and only turned on once every few years, usually by volunteers who have no idea how to update or troubleshoot them. Would you like to pay an extra $5k in taxes per year for 24/7 maintenance and support for such equipment? That's about what it would cost.
Re: (Score:2)
Hey I know, how about a process to update them before they're used (not necessarily 24/7 care)? I wonder if voting machine manufacturers are smart enough to keep track of sold equipment, software revisions and therefore patches needed, update processes...Sounds familiar to me for some reason, it's almost like other companies do that kind of thing. Not sure if computers are smart enough yet to query a server for required updates though. Sounds so....futuristic.
Re: (Score:2)
Because it is prohibitively expensive. It's impossible for local governments to justify spending more money on a piece of equipment that's used once every four years instead of more pressing day to day things like sewer, water, trash pickup, etc. Taxdollars are a finite resource.
Re: (Score:1)
Re: (Score:2)
You obviously have never worked in software development.
Re: (Score:2)
You obviously have never worked in software development.
Yes, if it works, keep fixing it until it doesn't. Anyways, the UI's are *so* last millennium.
Re: (Score:2)
What I mean is, there will *always* be bugs to fix in software. "It works" isn't as simple of a goal as you are imagining.
Year old post (Score:2)
Interesting how DEFcon doesn't start for a week & a half... And the date on this post is from July 2017. Way to go Slashdot editors.
DEFcon will be running the Voting Machine Hacking village again this year. I fully expect they will be owning as many machines as quickly as they did a year ago. But it hasn't happened yet this year.
Re: (Score:2)
The only thing more disappointing than slashdot editors not noticing the staleness of this article, is that the current frickin' slashdot owners & editors aren't VISCERALLY & PERSONALLY aware that Defcon is still more than a week away.