11-Year-Old Boy Hacked a Mock Election Website

The U.S. electoral system may not be as safe as is presumed.

During the recent 2018 DEF CON hacker conference, one 11-year-old, Emmett Brewer, was able to alter the election results on a mock Florida election site.

What is even more astonishing is that Brewer, who hails from Austin, Texas, did the job within a short span of 10 minutes.

Although the said website was merely a replica of the Florida Secretary of State website, the exercise highlights the apparent susceptibility of the election system to malicious attacks, as well as significant vulnerabilities of the U.S. election infrastructure.

The hacker event was part of a proactive workshop within the overall cybersecurity conference. During the event, dubbed DEF CON Voting Machine Hacking Village, both kids and adults participated in a series of activities attempting to manipulate candidate names, total vote counts, and even party names from crucial battleground states.

The participants were able to tamper with vote tallies successfully, altering the total vote count to figures such as 12 billion.

They were also able to change candidate names to “Richard Nixon’s head” and “Bob Da Builder,” among others.

Not the Only One?

Despite Brewer grabbing all the headlines, the 11-year-old Texas native was not the only kid who successfully gained access to the Florida election systems in the exercise.

Approximately 50 children in total, aged between 8 and 16 years, were in attendance. Out of this number, 35 kids were successful in hacking the replica election websites.

The National Association of Secretaries of State, however, in an official response outlined that the mock site did not include all the safety features the actual system had in place to safeguard itself from hacking. Additionally, the election officials were also quick to express their skepticism.

The organization outlined that their primary concern, especially with the approach DEF CON took, is that it uses a pseudo setting that does not in any way replicate the elections system, physical security or networks.

According to a spokesperson from the Florida State Department (the agency which oversees elections in Florida), the exercise was not a real-time scenario and as such provides an entirely inaccurate outline of how secure the elections websites, voting systems and online databases of the elections websites of Florida are.

The state officials also pointed out that the reporting websites used in the election night are only used in publishing preliminary, unofficial results for both the media and the public.

According to the statement, these sites do not have a direct link to the vote counting equipment and can never manipulate the genuine results.

Despite the state officials’ statement, a spokesperson for the DEF CON-hosted event, Molly Hall, stated that the mock websites are a creation of security expert Brian Markus, hence a credible way to assess the systems.

Election Security Is a Pertinent Issue

Election security has in recent times emerged as a huge concern in the midterm elections of Florida, among other states.

The DEF CON event comes soon after Microsoft discovered evidence of Russian meddling in the 2018 midterms on three separate races.

According to Democratic Senator Bill Nelson of Florida, several Russian operatives had breached into some election systems in the state.

The senator, who is set to compete with Republican Governor Rick Scott, expresses critical concerns about the elections citing that Russian hackers could well remove voters from the voter registration list, leading to utter chaos on the election day.

The Florida state election officials, however, claim to have not received any reliable information from the authorities validating Senator Nelson’s statement.

In a letter, Florida Secretary of State Ken Detzner stated that to the best of state officials’ knowledge as well as that of their federal partners, the election databases and voting systems in Florida are secure and there are no signs of any external intrusion.

Ultimately, the hacker exercise was centered on election-night reporting sites that are only used in displaying preliminary results although they are not directly linked to the formal vote count.

Nevertheless, election websites influence public sentiment. If a kid merely 11 years old can alter public perception in fewer minutes than it takes to cast a vote, then there is a much bigger problem for election officials than just getting ahead of bad press.