UPDATE: The facts used in this article, which was based on information from PBS, ABC, Newmax and the South Florida Sun-Sentinel, have been to some degree debunked by ProPublica.
According to that report, “(S)tudents were working with look-alikes created for the event that had vulnerabilities they were coached to find. Organizers provided them with cheat sheets, and adults walked the students through the challenges they would encounter.”
That is a very different scenario than the one originally reported, and we apologize for providing information that turned out to be incorrect.
An 11-year-old boy needed less than 10 minutes to hack into a replica of Florida’s election results website during an event that was part of a weekend for hackers, the convention’s organizers said.
An 11-year-old girl did the same in just under 15 minutes, tripling vote totals in some cases, organizers announced.
“This strikes at the heart of the idea that you’d need thousands of Russians with physical access to the machines to get into them, when in fact, no, you don’t — you need one Russian to bribe a Chinese manufacturing-plant official, and now all of a sudden they own an entire class of machines nationwide,” said Jake Braun, a former White House liaison to the Department of Homeland Security, according to ABC.
Overall, 35 children between the ages of six and 17, hacked their way into replicas of the websites of six swing states. The hacking event was part of Def Con security convention, Newsmax reported.
Nearly 40 hackers from 6 to 17 years old attempted to hack replicate websites in 6 swing states during the DEFCON hacking event last weekend. More than 30 were able to complete an exploit. The quickest was done in under 10 minutes by Emmett Brewer, 11. https://t.co/sO2ZtW6TsO
— WPMT FOX43 (@fox43) August 13, 2018
Participants changed party names and added as many as 12 billion votes to candidates. Names of the candidates were also changed, with some children using names such as “Bob Da Builder” and “Richard Nixon’s head.”
“These websites are so easy to hack we couldn’t give them to adult hackers — they’d be laughed off the stage,” Braun said. “They thought hacking a voter website was interesting 20 years ago. We had to give it to kids to actually make it challenging.”
Florida officials tried to downplay the significance of the achievement.
“It is not a real-life scenario, and it offers a wholly inaccurate representation of the security of Florida’s elections websites, online databases and voting systems,” said Sarah Revell, a spokeswoman for the Florida Department of State, according to the South Florida Sun-Sentinel.
The National Association of Secretaries of State also doubted the feat could be replicated in real life.
“Our main concern with the approach taken by DEFCON is that it utilizes a pseudo environment which in no way replicates state election systems, networks or physical security,” it said in a statement.
“To me that statement says that the secretaries of states are not taking this seriously. Although it’s not the real voting results it’s the results that get released to the public. And that could cause complete chaos,” said Nico Sell, who helped organize the event.
“The site may be a replica but the vulnerabilities that these kids were exploiting were not replicas, they’re the real thing.”
“These are very accurate replicas of all of the sites,” Sell said, according to PBS. “These things should not be easy enough for an 8-year-old kid to hack within 30 minutes, it’s negligent for us as a society.”
“I think the general public does not understand how large a threat this is, and how serious a situation that we’re in right now with our democracy,” she said.
Matt Blaze, a professor of computer and information science at the University of Pennsylvania, said those in charge of elections need to become “more knowledgeable about voter technology.”
“It’s not surprising that these precocious, bright kids would be able to do it because the websites that are on the internet are vulnerable, we know they are vulnerable,” he said. “What was interesting is just how utterly quickly they were able to do it.”
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.