During an annual hacking convention on Friday, an 11-year-old boy changed the voting results in a Florida state election reproduction — in less than 10 minutes.
The DEFCON 26 event, the largest of its kind, draws in thousands of adult hackers every year. This year, about 50 children between the ages of eight and 16 attended. Participants were presented with websites bearing 13 presidential election replicas, according to PBS.
Emmett Brewer, the young hacker, was able to hack into a replica of the Florida secretary of state’s website during the “DEFCON Voting Machine Hacking Village” event. The event allows the opportunity to manipulate party names, candidate names and vote count totals.
“Thousands of adult hackers attend the convention annually, while this year a group of children attempted to hack 13 imitation websites linked to voting in presidential battleground states.” https://t.co/a4gu3gvjvF
— michelle pemberton (@MichelleRocket) August 13, 2018
Nico Sell is the co-founder of the non-profit r00tz Asylum, a group that teaches children how to become hackers. Sell said an 11-year-old girl was quickly able to triple the vote tally in the same website that Brewer hacked.
“More than 30 children hacked a variety of other similar state replica websites in under a half hour. These are very accurate replicas of all of the sites. These things should not be easy enough for an 8-year-old kid to hack within 30 minutes, it’s negligent for us as a society,” Sell said.
The National Association of Secretaries of State said in a statement that it is “ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections.”
“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols. While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results,” the statement added.
Sell insists that the children’s abilities shown during the event clearly shows the level of security vulnerabilities found in the U.S. election system.
“To me that statement says that the secretaries of states are not taking this seriously. Although it’s not the real voting results it’s the results that get released to the public. And that could cause complete chaos. The site may be a replica but the vulnerabilities that these kids were exploiting were not replicas, they’re the real thing,” she said.
“It’s not surprising that these precocious, bright kids would be able to do it because the websites that are on the internet are vulnerable, we know they are vulnerable. What was interesting is just how utterly quickly they were able to do it,” said Matt Blaze, a professor of computer and information science at the University of Pennsylvania, who helped organize the event.