San Mateo, CA – Congresswoman Jackie Speier (CA-14), a member of the House Permanent Select Committee on Intelligence, released the following statement in response to the disturbing results of the DefCon 26 Voting Village, part of an annual hacking conference held in Las Vegas from August 9-12th. Rep. Speier sent a member of her staff to the conference to find out firsthand the extent of the danger Russia and other foreign and domestic adversaries pose to our electoral system.
“Protecting the integrity and confidence in our democracy has to be our top priority as a nation. Unfortunately, this weekend’s 26th annual DefCon proves we still have much to be worried about regarding election security. The examples from the Voting Village would be comical if they weren’t so terrifying,” Rep. Speier said.
Those examples included:
- An 11-year old boy hacked into a replica of the Florida state election website and changed voting results in under ten minutes.
- An 11-year-old girl hacked into the same replica system in under 15 minutes.
- More than 30 children, ages 8 to 16, were able to hack into replica systems within 30 minutes.
- An adult hacker turned a voting machine into a jukebox, playing music and animations for the crowd.
- And “tamper-proof” seals used on many machines were easily bypassed with little to no evidence of tampering.
Other machine-specific hacks that were demonstrated or discussed included:
- Diebold Accuvote TSX voting machines were easily hacked thanks to running expired security certificates from 2013.
- Diebold Express Poll 5000 poll book machines’ memory cards were easily changed, meaning that a malicious actor could load incorrect polling place information and add or remove voters from the rolls.
- Several voting machines use default passwords, including simple passwords that security experts advise to never use.
- The ES&S m650 has an open port that can completely control the machine without a password. A front disk drive can easily be used to load corrupted versions of the software and spread infected software to other machines.
- A WinVote machine had extraneous files loaded on it, including a CD ripper program, music software, and music files.
- An e-mail ballot was hacked, changing the selection of the candidate.
- Hackers added, deleted, and changed voter status on a PollingExpress 5000 pollbook machine.
“The solutions are clear. We know we need paper ballots and risk limiting audits in every state for every election. Yet, the hacker community faces skepticism from many election officials and election equipment vendors. Too many voters—in part or all of 36 states in this year’s midterm election—will still use direct record electronic machines from the 2000s that prevent voters and election officials from keeping a paper trail to audit,” Rep. Speier said. “Add to that the fact that House and Senate Republicans recently blocked a Democratic motion to add an additional $380 million for election security funding, it’s clear our electoral system is at serious risk. I applaud the hackers at DefCon for doing their part to secure our democracy. Now it is time for the Republican-led Congress to provide additional funding for states and for the President to admit our elections are vulnerable. He must take action to combat that vulnerability, not continue to undercut our Intelligence Community and security services.”