Reports Of Teen Hacking State Election Sites Were False

Reports Of Teen Hacking State Election Sites Were False

Reprinted with permission from ProPublica.

 

No, a Teen Did Not Hack a State Election

Headlines from Def Con, a hacking conference held this month in Las Vegas, might have left some thinking that infiltrating state election websites and affecting the 2018 midterm results would be child’s play.

Articles reported that teenage hackers at the event were able to “crash the upcoming midterm elections” and that it had taken “an 11-year-old hacker just 10 minutes to change election results.” A first-person account by a 17-year-old in Politico Magazine described how he shut down a website that would tally votes in November, “bringing the election to a screeching halt.”

But now, elections experts are raising concerns that misunderstandings about the event — many of them stoked by its organizers — have left people with a distorted sense of its implications.

In a website published before r00tz Asylum, the youth section of Def Con, organizers indicated that students would attempt to hack exact duplicates of state election websites, referring to them as “replicas” or “exact clones.” (The language was scaled back after the conference to simply say “clones.”)

Instead, students were working with look-alikes created for the event that had vulnerabilities they were coached to find. Organizers provided them with cheat sheets, and adults walked the students through the challenges they would encounter.

Josh Franklin, an elections expert formerly at the National Institute of Standards and Technology and a speaker at Def Con, called the websites “fake.”

“When I learned that they were not using exact copies and pains hadn’t been taken to more properly replicate the underlying infrastructure, I was definitely saddened,” Franklin said.

Franklin and David Becker, the executive director of the Center for Election Innovation & Research, also pointed out that while state election websites report voting results, they do not actually tabulate votes. This information is kept separately and would not be affected if hackers got into sites that display vote totals.

“It would be lunacy to directly connect the election management system, of which the tabulation system is a part of, to the internet,” Franklin said.

Jake Braun, the co-organizer of the event, defended the attention-grabbing way it was framed, saying the security issues of election websites haven’t gotten enough attention. Those questioning the technical details of the mock sites and whether their vulnerabilities were realistic are missing the point, he insisted.

“We want elections officials to start putting together communications redundancy plans so they have protocol in place to communicate with voters and the media and so on if this happens on election day,” he said.

Braun provided ProPublica with a report that r00tz plans to circulate more widely that explains the technical underpinnings of the mock websites. They were designed to be vulnerable to a SQL injection attack, a common hack, the report says.

Franklin acknowledged that some state election reporting sites do indeed have this vulnerability, but he said that states have been aware of it for months and are in the process of protecting against it.

Becker said the details spelled out in the r00tz report would have been helpful to have from the start.

“We have to be really careful about adding to the hysteria about our election system not working or being too vulnerable because that’s exactly what someone like President Putin wants,” Becker said. Instead, Becker said that “we should find real vulnerabilities and address them as elections officials are working really hard to do.”

Filed under:

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Start your day with National Memo Newsletter

Know first.

The opinions that matter. Delivered to your inbox every morning

Marjorie Taylor Mouth Makes Another Empty Threat

Rep. Marjorie Taylor Greene

I’m absolutely double-positive it won’t surprise you to learn that America’s favorite poster-person for bluster, blowhardiness and bong-bouncy-bunk went on Fox News on Sunday and made a threat. Amazingly, she didn’t threaten to expose alleged corruption by Ukrainian President Volodymyr Zelenskyy by quoting a Russian think-tank bot-factory known as Strategic Culture Foundation, as she did last November. Rather, the Congressperson from North Georgia made her eleventy-zillionth threat to oust the Speaker of the House from her own party, Rep. Mike Johnson (R-LA), using the Motion to Vacate she filed last month. She told Fox viewers she wanted to return to her House district to “listen to voters” before acting, however.

Keep reading...Show less
Trump Campaign Gives Access To Far-Right Media But Shuns Mainstream Press

Trump campaign press pass brandished on air by QAnon podcaster Brenden Dilley

Trump's Hour On CNN Was A Profile In Cowardice

Vanity Fair recently reported that several journalists from mainstream publications, including The Washington Post, NBC News, Axios, and Vanity Fair, were denied press access to Trump’s campaign events, seemingly in retaliation for their previous critical coverage. Meanwhile, Media Matters found that the campaign has granted press credentials to the QAnon-promoting MG Show and Brenden Dilley, a podcaster who has promoted the QAnon conspiracy theory and leads a “meme team” that creates pro-Trump content.

Keep reading...Show less
{{ post.roar_specific_data.api_data.analytics }}