Hackers can easily break into voting machines used across the U.S.; play Doom, Nirvana

Hackers at the Las Vegas conference penetrated voting machines within minutes, turning them into gaming consoles

By Igor Derysh

Managing Editor

Published August 14, 2019 6:30PM (EDT)

An "electronic pollbook" modified by Def Con hackers to play the computer game Doom. (Twitter)
An "electronic pollbook" modified by Def Con hackers to play the computer game Doom. (Twitter)

Voting machines used in states across the United States were easily penetrated by hackers at the Def Con conference in Las Vegas on Friday.

Participants at Def Con, a large annual hacker conference, were asked to try their skills on voting machines to help expose weaknesses that could be used by hostile actors. A video published by CNN shows a hacker break into a Diebold machine, which is used in 18 different states, in a matter of minutes, using no special tools, to gain administrator-level access. 

Hackers also quickly discovered that many of the voting machines had internet connections, which could allow hackers to break into machines remotely, the Washington Post reported. Motherboard recently reported that election security experts found that election systems used in 10 different states have connected to the internet over the last year, despite assurances from voting machine vendors that they are never connected to the internet and therefore cannot be hacked. 

The websites where states post election results are even more susceptible. The event had 40 child hackers between the ages of 6 and 17 attempt to break into a mock version of the sites. Most were able to alter vote tallies and even change the candidates' names to things like “Bob Da Builder,” CNN reported.

"Unfortunately, it's so easy to hack the websites that report election results that we couldn't do it in this room because [adult hackers] would find it boring," event organizer Jake Braun told CNN.

Adult hackers also took liberties with the machines. One hacker turned a voting machine into a jukebox able to play music and display animations. Another was able to program a voting machine into a de facto gaming console that played the popular computer game Doom.

Sen. Ron Wyden, D-Ore., toured the event and said he was stunned by how easily young hackers were able to penetrate voting systems. Wyden called for paper ballots that can’t be hacked.

“Election officials across the country as we speak are buying election systems that will be out of date the moment they open the box,” Wyden said in a speech at the conference. “It’s the election security equivalent of putting our military out there to go up against superpowers with a peashooter.”

A report by the Brennan Center for Justice at the NYU School of Law, released days after the conference, warned that 12 percent of ballots could be cast on paperless machines in 2020. 

The report shows that a third of all local election systems used voting machines that were more than a decade old. “We should replace antiquated equipment, and paperless equipment in particular, as soon as possible,” the report said.

The Senate Intelligence Committee last month released a report revealing that Russian hackers likely targeted election systems in all 50 states since 2014. Although there is no evidence that votes were changed, the committee warned that state and local election systems were “lacking” in cybersecurity and that machines with no paper record were particularly “vulnerable to exploitation by a committed adversary.”

“Despite the focus on this issue since 2016, some of these vulnerabilities remain,” the report said.

House Democrats have introduced two bills that would require paper backups for all voting machines as well as post-election audits and stricter security standards for voting machine vendors. Both bills have been blocked by Senate Majority Leader Mitch McConnell, who argued that election security should be left to the states, despite the Senate panel's report noting that hackers had “exploited the seams” between federal and state authorities.

“Why hasn’t Congress fixed the problem?” Wyden asked during his conference speech. “Two words: Mitch McConnell.”

Rep. Ted Lieu, D-Calif., told Politico after attending the conference that the federal government “has a responsibility to make sure we have strong election security all over America. 

"It’s stupid to have the view that states have the right to have poor election security,” Lieu said. “No state has a right to have voting machines that can be easily hacked.”

By Igor Derysh

Igor Derysh is Salon's managing editor. His work has also appeared in the Los Angeles Times, Chicago Tribune, Boston Herald and Baltimore Sun.

MORE FROM Igor Derysh