Today in Michigan, Ohio, Kansas, Washington, and Missouri, voters head to the polls to vote in primaries. But how safe are state websites with voter information?
If you ask the organizers of the kids’ program at DEFCON, the answer is, so unsafe that a kid could probably figure out how to hack it.
DEFCON, a top tier cybersecurity conference, has a program for kids called “r00tz,” and this year, part of the agenda is to have them hack replicas of state elections websites. The goal of the event is to both teach the participants basics of hacking, but also scare states into taking action to safeguard web security.
Although the kids, ages 8 to 16, won’t be hacking actual state websites, the replicas that will be used mimic many of the vulnerabilities that have allowed hackers to successfully gain access to websites across the country. Nico Sell, the organizer of the children’s program, explained “we’re at a place where tampering with elections could be child’s play.”
For those who follow America’s cybersecurity issues, the vulnerabilities of our election system are no surprise, but most states haven’t done much to update technology, and the federal government has only recently begun to take steps to help out states with dated and unsecured technology.
[The Russians, or someone else, could really hack the 2018 midterm elections]
Although it might just seem like an interesting news bit that eight-year-olds are hacking state websites, the reality is sobering. Prior to the 2016 election, seven states either had their websites or voter registration systems compromised by Russia-backed hackers.
Earlier this year, FiveThirtyEight reported on a tip from cybersecurity firm Appsecuri that several states were vulnerable to attacks that could allow information to be tampered with. In one of those states, Alabama, users could modify the appearance of the state’s election page, according to the secretary of state’s office.
Since then, Alabama says it has fixed its security problems and the organizers of the kids challenge at DEFCON say they are willing to help states fix vulnerabilities.
But states need to do more than react to the potential for breaches after they are discovered. States need a proactive plan to identify security concerns and consistently update their technology to ensure that systems are secure.
While they’re at it, states might also consider making their websites more user-friendly – a win for Americans supporting back-end security and front-end interfaces.
