The security of the US election system just lost a vote of confidence.
At the annual hacker conference DefCon, Emmett Brewer, an 11-year-old boy from Austin, Texas, was able to change the results on a mock Florida election website. It took him 10 minutes.
Though the website in question was a mere replica of the Florida Secretary of State website, the hack points to the larger vulnerabilities of the election infrastructure in the US. On the heels of Russian meddling in the 2016 US election, Microsoft has already detected evidence of Russian interference in three races in the 2018 mid-terms.
The hacking event was part of a hands-on workshop within the larger cybersecurity conference. In a series of exercises, adults and kids participating in the “DefCon Voting Machine Hacking Village” attempted to manipulate party names, candidate names, and vote-count totals on mock websites from key battleground states. Brewer was one of about 50 children between the ages of 8 and 16 who took part.
“The site may be a replica but the vulnerabilities that these kids were exploiting were not replicas, they’re the real thing,” Nico Sell, the event organizer, told PBS.
In a statement, the National Association for Secretaries of State questioned the hacking event, claiming it was not an realistic proxy for the systems currently in use.
The exercise was based on election-night reporting websites, which are only used to display preliminary results and not tied to the official vote count. Still, election websites can influence public sentiment. If an 11-year-old can change public perception in less time than it takes to cast a vote, election officials have bigger problems to worry about than getting ahead of bad press.