TECH TALK

The Def Con hacker conference in Las Vegas has an annual event called “Voters Village” where attendees try hacking into voting machines. This year they expanded the scope to include state websites which post election results. Who did they turn loose on the sites? Children.

The con invited child hackers to break into mock government websites built by a cybersecurity expert. Jake Braun, a former Department of Homeland security employee who organized the event, says that the government websites are often so flawed that adult hackers have no interest in outlining the numerous weaknesses. The hope is that in addition to highlighting the flaws many government sites have, having child hackers breaking in will spread awareness.

An 11-year-old boy hacked into a replica site in 10 minutes. An 11-year-old girl did it in about 15. Out of the 39 children who participated, 35 were able to hack into replica sites of six swing states. According to convention officials, “Total vote counts were changed to numbers like 12 billion and candidate names were changed to things like “Bob Da Builder” or “Richard Nixon’s Head.”

Why are these tests necessary? The DNC’s Chief Technology Officer Raffi Krikorian fields questions regularly from local election officials about how to defend their websites and voter databases from attacks. Together he and Bob Lord, a security expert formerly of Yahoo, have pushed for two-factor authentication and traffic monitoring at DNC headquarters. They make similar suggestions for government agencies. The to-do list includes basics like changing default passwords, enabling two-factor authentication, and updating software to the latest versions.

Braun invited the RNC to learn from the Voting Village because, as he states, “Cybersecurity shouldn’t be and isn’t a political issue.” The invitation got no response.