DEF CON Hackers Find Security Vulnerabilities In Voting Machines

“Organizers and participants at the DEF CON Voting Village found cyber vulnerabilities in everything from voting machines to e-poll books, but there is no time before the November elections to fully implement their findings.” POLITICO

DEF CON is billed as “the oldest continuously running hacker conventions around, and also one of the largest.” This past weekend in Las Vegas, the hacking convention featured a Voting Village with voting machines and equipment for hackers to test vulnerabilities in the electronic election systems used by a majority of states and municipalities.

The numerous findings from DEF CON will soon be published, however with less than 90 days from “election day,” there is not enough time to fix the security problems the hackers uncovered.

According to a report by POLITICO:

As a result, many in the election security community are bemoaning the fact that no system has been developed to roll out fixes faster and worrying that the security gaps that get identified this year will provide fodder for those who may want to question the results.

“As far as time goes, it is hard to make any real, major, systemic changes, but especially 90 days out from the election,” said Catherine Terranova, one of the organizers of the DEF CON “Voting Village” hacking event. She argued that’s particularly troubling during “an election year like this.”

The findings, at times ignored or resisted by the manufacturers of voting machines, have increasingly been accepted in Washington, and the event is often seen as key for boosting the security of machines.

And just like every year since the Voting Village began almost a decade ago, attendees found problems.

Organizers of the Voting Village intend to put out a full report in the coming weeks detailing the vulnerability findings from this cycle, and according to Voting Village co-founder Harri Hursti, these vulnerabilities ran “multiple pages” as of Saturday afternoon. While Hursti would not comment on the exact problems found, the amount was fairly consistent with previous years.

“There’s so much basic stuff that should be happening and is not happening, so yes I’m worried about things not being fixed, but they haven’t been fixed for a long time, and I’m also angry about it,” Hursti said during a break in the day. (emphasis added)

To the surprise of no one who follows politics and elections, vulnerabilities in voting machines and equipment have been found for well-over a decade. In fact, both Democrats and Republican have warned about voting machine vulnerabilities in elections they have lost.

In 2016, Democracy Now warned voters about electronic voting machines, accompanied by claims that both John Kerry and Al Gore won their respective elections. In the video below, journalist Henry Wasserman claims that electronic votes cannot be verified and believes that the only solution is paper ballots. He further claims that these voting machine problems have existed since 1988 and has “flipped elections” and stripped “black and brown people of their vote.”

“The reality is we are voting in black boxes….It’s a nightmare…Bernie Sanders has found that campaign finance is rigged, the economy is rigged, so why wouldn’t they take the very small next step to rig electronic voting machines.”

Was Harry Wasserman, a journalist, labeled as an “election denier” and a threat to democracy by elected Democrats and their mouthpieces in the press?

Were Democratic Senators Kamala Harris, Amy Klobuchar, and Ron Wyden election deniers who, in 2018, challenged the security of voting machines prior to the 2018 midterm election?

The findings this past weekend in Las Vegas are of a concern in a battleground state like Nevada, where tens or hundreds of tabulated ballots can make the difference in state and city leadership. If these problems that DEF CON hackers found were “consistent” and “haven’t been fixed for a long time,” any fixes to these consistent problems have not been amplified or reported by election officials.

Of equal concern is the rushed validation process of a new “top-down” election reporting system, VREMS, that Secretary of State Cisco Aguilar is implementing.

In March, the Globe reported that “multiple sources near and within the Secretary of State’s office are worried about the “speedy” implementation of the top-down election system (VREMS) and are raising numerous and serious concerns that the integrity of the presidential election may be negatively impacted.”

These concerns exclusively given to The Globe followed the “glitch” in the Presidential Preference Primary which provoked public backlash over President’s Day weekend and an emergency meeting between the counties and the SOS at 8 am on February 19th, a state holiday.

“The clerks are elected officials and the SOS has decided he wants to take control away from these elected election officials and centralize any and all power within his office,” a source told The Globe, adding, “Aguilar just passed new election regulations without county input. For example, our contingency plans for elections, in case something goes wrong, now has to be approved by his office. Our contingency plans didn’t need approval by the SOS in the past.”

After the glitch, Aguilar issued an apology, blamed a technical error, and noted that “Nevada has a long history of secure, fair, and accessible elections…Voters should have absolute confidence in the entire election process.”

Voters should have absolute confidence in the entire election process, but when new election laws were passed unilaterally by Nevada democrats during a pandemic in a general election year, that does not inspire confidence. When state sources stress concern over potential problems in the upcoming November election, that does not inspire confidence. And, when hackers have identified vulnerabilities in electronic voting machines and related equipment that cannot be fixed before a pivotal, general election, that does not inspire confidence.

Perhaps our elected officials should reserve their coordinated talking points until the lengthy DEF CON report is published, or simply prove their unsubstantiated claims that Nevada has the most secure and safe elections in the country,

We will review the DEF CON report once it is published and report on the findings.