Schoolboy Hacked Mock Florida Election Site In 10 Minutes

Uploaded on 2018-11-13 in NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW

At the annual hacker conference DefCon erlier this year, Emmett Brewer, an 11-year-old boy from Austin, Texas, was able to change the results on a mock Florida election website. It took him 10 minutes.

Though the website in question was a mere replica of the Florida Secretary of State website, the hack points to the larger vulnerabilities of the election infrastructure.

This comes on the heels of Russian meddling in the 2016 US election, Microsoft has already detected evidence of Russian interference in three races in the 2018 mid-terms. 

The hacking event was part of a hands-on workshop within the larger cybersecurity conference. In a series of exercises, adults and kids participating in the “DefCon Voting Machine Hacking Village” attempted to manipulate party names, candidate names, and vote-count totals on mock websites from key battleground states. 

Brewer was one of about 50 children between the ages of 8 and 16 who took part.

“The site may be a replica but the vulnerabilities that these kids were exploiting were not replicas, they’re the real thing,” Nico Sell, the event organizer, told PBS.

In a statement, the National Association for Secretaries of State questioned the hacking event, claiming it was not a realistic proxy for the systems currently in use.

DefenseOne

You Might Also Read:

Election Hacking Threatens US Mid-Terms:

US Air Force Hacked By Teenager:

« Why The Public Directory Of Domain Names Is About To Vanish
Neither US, Russia Or China Will Sign Macron's Cyber Pact »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Nixon Peabody LLP

Nixon Peabody LLP

Nixon Peabody LLP is an international law firm with offices across the USA, Europe and Asia. Practice areas include Data Privacy and Cyber Security.

Qualitèsoft Technology

Qualitèsoft Technology

Qualitèsoft Technology is a leading Software Development and Quality Assurance organization. We specialize in Custom Development, Mobile Application, Software Testing and Quality Assurance.

Ikerlan

Ikerlan

Ikerlan is an R&D technology centre specialising in areas including embedded systems, industrial automation and industrial cybersecurity.

Center for Cyber Safety and Education

Center for Cyber Safety and Education

The Center for Cyber Safety and Education works to ensure that people across the globe have a positive and safe experience online through our educational programs, scholarships, and research.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

ITRenew

ITRenew

ITRenew is a leading global IT lifecycle management solutions company, specializing in onsite data center decommissioning and data erasure services.

Sergeant Laboratories

Sergeant Laboratories

Sergeant Laboratories builds advanced technologies to prove compliance in complex IT security and regulatory compliance situations.

OSIbeyond

OSIbeyond

OSIbeyond provides comprehensive Managed IT Services to organizations in the Washington D.C., MD, and VA area including IT Help Desk Support, Cloud Solutions, Cybersecurity, and Technology Strategy.

nsKnox

nsKnox

nsKnox is a fintech-security company, enabling corporations and banks to prevent fraud and ensure compliance in B2B Payments.

Digital Silence

Digital Silence

Digital Silence is a world-class provider of information security research and consulting services.

Sweet Security

Sweet Security

Sweet Security delivers Runtime Attack Security for Cloud Workloads.

C/side (cside)

C/side (cside)

At c/side, we're creating the ultimate delivery, performance and detection mechanism for browser-side fetched 3rd party Javascript.

Advania UK

Advania UK

Advania are one of Microsoft’s leading partners in the UK, specialising in Azure, Security, Dynamics 365 and Microsoft 365.

CallCabinet

CallCabinet

CallCabinet is the premier cross-platform SaaS provider for end-to-end compliant call recording, AI-driven conversation analytics, call QA, and custom business intelligence reporting.