Post Now

DEF CON Tech-savvy Hackers Broke into Ballot-boxes at Las Vegas

Image

Efficient Hackers were tasked to open into computer powered ballot-boxes at Las Vegas’ annual DEF CON event. It was an interesting start at DEF CON hacking conference this year in Las Vegas. 30 computer powered ballot boxes were set up in simulated national White House race, according to the Register, UK. The hackers were successful in getting the task done within 90 minutes. It nearly took less than 90 minutes for the tech hackers to start breaking into the systems and compromise the defense mechanisms.  One of the ballot boxes was cracked wirelessly. This experiment could conclude that the security defense was weak and susceptible. This vulnerability can be easily exploited by potential hackers. “Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we have uncovered even more about exactly how,” said Jake Braun, who sold DEF CON founder Jeff Moss on the idea earlier this year. “The scary thing is we also know that our foreign adversaries – including Russia, North Korea, Iran – possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security.” These machines were bought on eBay or from government auctions - from Diebolds to Sequoia, and Winvote equipment was analyzed by experts at DEF CON Voting village. The outcome was very disappointing. Some machines were running outdated and vulnerable software, which could be easily exploited - such as unpatched versions of OpenSSL and Windows XP and CE. Few other machines had physical ports open, which can be used to inject powerful malware to interfere with casting votes. Some of the ballot boxes were apparently found to have an insecure WiFi connection. A WinVote system used in previous county elections was, it appears, hacked via Wi-Fi and the MS03-026 vulnerability in WinXP, allowing info sec academic Carsten Schurmann to access the machine from his laptop using RDP. Another system could be potentially cracked remotely via OpenSSL bug CVE-2011-4109, it is claimed. It is reported that not all attacked machines are used in elections now. However, this interesting activity by DEF CON made the election officials aware that, voting machines will be vulnerable to hack if the system software is not updated and best security practices are executed. “Elections have always been the concern and constitutional responsibility of state and local officials. However, when Russia decided to interlope in 2016, it upped the ante,” said Douglas Lute, former US Ambassador to NATO and now principal at Cambridge Global Advisors. It is a great concern among election officials and the governments as security threats during elections as similar threats is hiking in the present scenario.