Black Hat DEFCON – Hacking Voting Machines in Minutes [As Heard on WTAG]
They hack, they hack, they hack. Well, I talked this morning with Jim Polito, all about what happened when they exposed some voting machines to these hackers.
Below is a rush transcript of this segment, it might contain errors.
Airing date: 08/08/2017
Black Hat – Def Con – Hacking Voting Machines in Minutes
Craig Peterson: Hi Craig Peterson here. Every year there are two conferences held back to back out in Las Vegas. One of them is called DEFCON. The other one is Black Hat. They hack, they hack, they hack. Well, I talked this morning with Jim Polito, all about what happened when they exposed some voting machines to these hackers.
Jim Polito: Craig Peterson, our Tech Talk guru. We’re going to try to get through as much as we can today with him but we definitely won’t get everything and that’s why get ready to take a number at the end of this segment. So, you can get all the information right from the man himself and he joins us now. Craig Peterson, good morning sir.
Craig: Hey good morning Jim.
Jim: Hey, let’s just ask this question. So hackers at a cybersecurity conference breached dozens of voting machines within minutes. Was Craig Peterson one of those people in that demonstration?
Craig: Yeah, this was out in Vegas. There’s two different, kind of, hacker conferences that are held back the back. There’s something called DEFCON and something called Black Hat.
Craig: And I wanted to go every year but I’m, Jim, I’m a coward. There’s some really bright people out there and the whole idea behind this is to talk about how hacks work, to actually practice hacking in many cases.
Craig: And they have all kinds of things they do up there. So if you have an electronic device and it’s turned on and it has any sort of way for someone to connect to it, they will. And that includes your dumb old smart phones. You know they have games there because the FBI, the CIA, and the NSA, they are all there as well, right? And they’re recruiting and they have conference sessions where they’re talking about certain types of vulnerabilities and they play games like spot the Fed.
Craig: Where everyone there trying to spot who the Fed is, that’s there in the conference pretending to be a guest, you know. And the Feds usually play along. It’s you know, they have a good time with it. But this case here, they have workshops. And they have sessions, just like any other conference you might want to go to would have. And in this case they had a bunch of voting machines. They had dozens of different types of voting machines. Because you know, the manufacturers are always out there saying yeah, it’s unhackable. Don’t worry about it. No one can ever tinker with the elections. You know, ignore it. And it only took them a matter of a few minutes to hack these machines. Within an hour all 30 machines had been completely hacked. And they were able to take these machines. There were 10 they were aiming at initially. They were able to adjust them so that they would show any voting tally you want out there. And there’s a guy who’s claiming that he had worked for one of these voting machine companies and they had had him write some codes that would tip an election just ever so slightly in the way someone would want the election tipped.
Craig: And yeah. Isn’t that something? So…
Jim: Was there anybody at this conference named Vladimir?
Craig: Yeah, exactly.
Craig: No, but our guys were there right? I’m sure Vladimir’s guys were there too.
Craig: But it’s crazy what happens at these conferences. And I just don’t want to go and have my phone hacked.
Craig: And my laptop, yeah. So I didn’t go this year. My eldest son who works with me, he wanted to go but he is tied up. We’re doing a big role out for a client so he couldn’t go. But this is a very, very big deal frankly. And we’ve got to wake up to it. Bottom line, if a machine, a voting machine is electronic, it cannot be trusted. Therefore, these voting machines that are all electronic, which includes, you know, Windows machines. You know, the touchscreen…
Jim: Yup, yup, yup.
Craig: And particularly online voting, cannot be trusted and they just proved it here. The only thing that can be trusted is the way my town votes is you have a card and you take a felt pen and you mark who you want.
Jim: Rght. Yup.
Craig: And you put that into machine and the machine counts it. And then if there’s a question afterwards, wait a minute, how did that person win? Then you can go back and you can manually audit it. And that’s really, really important because ultimately here, you can’t trust electronic voting machines. Some countries now, Jim, are mandating 100% on line voting, which just blows my mind.
Jim: Yeah, we have, we’re talking with Craig Peterson, our Tech Talk guru. Where I live in, we do the same thing. Get the felt pen. You have a piece of paper. It goes into the machine that is not hooked up to the Internet. That machine is taken by a police officer to the City Hall. Plugged in to another machine, and the votes are downloaded. Now, unless of course that other machine can be hacked, you know, there is really not much going on.
Craig: Well ultimately they can be hacked. Any of these can be hacked, Jim. But the bottom line idea is you take paper ballots. You do a manual sample of them.
Craig: Just like the old days, you know. You’ve got a Republican. You got a Democrat observer. And they’re sitting there watching the election person. They’re looking at the ballot and putting it into this pile, that pile, or the other pile. And the green, yes okay. You know they have pictures here in your mind of the hanging Chads back in 2009 in Florida and in the people examining them. How difficult that was? Of course this would be much easier. But you have to do audits. You do random audits of the machine if things start looking out, because it might not be a hack. It could just be a bad programmer. Or it could be someone at the Secretary of State’s office that didn’t quite put a parameter incorrectly to specify where the field was on that card. There could be a lot of errors. So have it set up so it can be audited manually. Do those manual audits because 10 minutes out at the DEFCON.
Jim: I know these guys just went boom. Go right into it. Boom.
Craig: Yeah, exactly.
Jim: Into it.
Craig: It’s crazy. And to say there’s no way the Russians could’ve hacked our machines is crazy. I know, I don’t know if they did or they didn’t. And if the Russians can do their job well, and believe me, they can probably do their job darn well, there would be no way to be able to tell, right? All they have to do is tip the votes here. You know, a dozen here, a dozen there. Before you know it we’ve got a president that wasn’t really elected by the people.
Jim: Oh. You mean like Hillary Clinton? Oooohh. Alright, you’ve got…
Craig: I knew you were going to say that.
Jim: I know. You’ve some great stuff here that you sent to me and I just want to give folks a taste as they get ready to take down this number. Congressional investigation into Wasserman Schultz IT scandal moves forward. Hackers are now targeting car washers. Facebook wants access without limits. That’s just taste, a sampling of the stuff that you can get from Craig Peterson. If you text my name, Jim, to this number.
Craig: 855-385-5553. That’s 855-385-5553.
Jim: All right folks do that. Craig will not annoy you. He will not bother you. He will not send useless stuff. He won’t sell your name. And if there’s ever a crisis, a big hack, you’ll get the information directly from him as to what to do. Standard data and text rates apply. Craig, thank you so much buddy, and we will talk with you next week.
Craig: Thanks Jim. Take care. Bye-bye.
Jim: You too. Bye-bye. Craig Peterson. You heard it folks. I mean, these hackers can get into this thing. Does it make me believe that the Russian? No. But does it make me believe they’re going to hack an election? Yeah. It does. Don’t go anywhere we have a final word.
Craig: And for us, anyways, that word is to find out more, just have a look at our podcast notes. It’s all in there. Links to the articles and even a link to the transcript if you wanted to follow up on something. Make sure you subscribe online, http://CraigPeterson.com. Have a great day.