It Took Only 10 Minutes For an 11-Year-Old to Hack a Mock Florida Election Website
An 11-year-old kid from Texas, Emmett Brewer, successfully hacked a mock Florida election website within 10 minutes. Brewer achieved the feat and also switched election results during the annual hacker conference DefCon. The boy successfully hacked a replica of the Florida Secretary of State website and not the real website, but it demonstrates the vulnerabilities inherent in influencing election results online.
The organizers of the yearly cybersecurity workshop were out to demonstrate technological loopholes in election websites. This became important considering alleged Russia’s interference in the 2016 presidential election in the United States. Furthermore, Microsoft had obtained evidence that Russia has interfered in at least three elections in the 2018 mid-terms.
The Election Site May Be Replicas, but the Vulnerabilities Are Real
Known as “DefCon Voting Machine Hacking Village,” up to 50 kids and adults participated in the annual workshop. The participants were tasked with switching party names, voters’ names and total vote counts in several key U.S. states. Only mock websites were used, but organizers said the fact that Brewer hacked and manipulated data on them in record time leaves cause for alarm in real-life election situations.
“The site may be a replica but the vulnerabilities that these kids were exploiting were not replicas, they’re the real thing,” Nico Sell, the event organizer, said.
But the National Association for Secretaries of State (NASS) disagreed. According to them, the environment under which DefCon was held did not reflect current election systems in use in several U.S. states.
“Our main concern with the approach taken by DEFCON is that it utilizes a pseudo environment which in no way replicates state election systems, networks or physical security,” NASS wrote in a press release. “Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use, does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day.”
NASS goes on to admit that it is very possible to hack websites because most websites contain vulnerabilities. However, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media; and they are not connected to actual vote-counting equipment and therefore in no position to manipulate election results.
There is, however, one problem with NASS’s position. They have forgotten that election websites influence media analysis and public sentiments. In a situation where a kid is able to influence public perception within minutes by manipulating mock websites, election officials have serious concerns to comprehend in real election instances.