Last weekend at theDEF CON conference—the annual get together for hackers, spooks, and computer enthusiasts—hackers showed how easily voting machines could be hacked, proving once more how vulnerable they are to cyber attacks. But conference organizers did not restrict the electoral hacking demonstration to voting machines. A virtual voter registration data base was also attacked, and defended, which experts say is just as worrisome.
“If you look at all of the reports about foreign actors, malicious actors attacking US election infrastructure in the last election, they were not attacking the election machines,” Harri Hursti, an expert in hacking voting machines, and one of the co-organizers of the voting machine hacking exercises, tellsMother Jones. “They were attacking the back-end network, the underlying infrastructure. This was the simulation that showed how vulnerable [it is] and how hard it is to defend.” […]
“The current generation of voting technology used in the US has, since its introduction after the turn of the century, enjoyed something of a ‘honeymoon’ from serious attack up until now,” Matt Blaze, a University of Pennsylvania professor and co-organizer of the DEF CON hacking exercise,wrote recently in his blog, afterThe Intercept publisheda classified NSA document detailing alleged Russian attempts to access the networks of election infrastructure suppliers in the US. “It’s abundantly clear,” he continued, “that the honeymoon is over.” […]
Organizers alsocreated a “cyber range,” made up of computer servers onto which they loaded simulations of a real voter registration database. […]
The organizers then askedhackers to either attack the network as part of the “red team,” or try to defend the network in real time from those attacks as part of the “blue team,” an exercise common in the cyber-security world. Attackers were able to penetrate the virtual system, which, in a real-life setting, would allow them to perhaps manipulate voter registration rolls or delete data. The exercise demonstrated how challenging it is to defend voter registration systems, and, most importantly, how under-trained and badly preparedstate and local officials tasked with defending those networksare.