
No, a Teen Did Not Hack a State Election - xbryanx
https://www.propublica.org/article/defcon-teen-did-not-hack-a-state-election
======
forgotpwd16
There is something I am not getting. From the second r00tz link:

>This competition focused on using SQL injections (basic attack) against
replicas of the sites that report (not count) votes.

>Clearly, if these or similar attacks were to happen in real life, no actual
votes would be changed [...]

Then what this hack was all about?

------
inanutshellus
Facts (as far as I can tell -- and sorry for the weird spacing i don't know
how to do bulleted lists here):

* DEFCON hosted a hackathon of voting machines ("exact clones")

* Youngsters attending DEFCON searched online and found publicly available the username and password for a given voting machine

* Those youngsters then used the publicly available credentials to log in over the internet to the voting machine

* Those youngsters then changed the votes made on that machine

* It is illegal under the DMCA for "good guys" to attempt to hack a voting machine, either for research purposes or for a real election (which means the only folks that will try are enemy states. You know, the guys you can't prosecute for trying or succeeding.)

* DEFCON successfully demonstrated hacking many voting machines, but this one made sensationalist news headlines

The "misleading information":

* The youngster at DEFCON didn't actually affect a real election. It was only a hackathon at DEFCON.

* The much maligned voting machine is no longer in service (taken out in 2014)

* The youngster was coached in how to hack the machine, he didn't just intuit that he should google for it

Conclusion:

The article's states that we should stop freaking out because it was only a
hackathon.

We should freak the f_ck out.

This machine--whose username and password were ADMIN and ABCDE respectively--
were decommissioned merely two years before the last presidential election.

That this is the level of sophistication of a 2014 voting machine SHOULD SCARE
THE F_CK OUT OF ALL OF YOU. And this article, trying to assuage those worries,
should do no such d_mn thing.

Paper ballots should be the only thing legally allowed to determine elections.

Electronic ballots should be the "quick count" but not legally binding.

Anything less is folly.

~~~
reaperducer
_The article 's states that we should stop freaking out because it was only a
hackathon._

No, the article states no such thing. What the article states is that the
“hacked” web sites were fakes, and the students were coached by adults who
knew the vulnerabilities in the fake sites.

“Instead, students were working with look-alikes created for the event that
had vulnerabilities they were coached to find. Organizers provided them with
cheat sheets, and adults walked the students through the challenges they would
encounter.”

