informa
/
Cybersecurity In-Depth
The Edge

How 5 Years of DEF CON's Voting Village Has Shaped Election Security

The hands-on and at times controversial live-hacking event now has a broader mission: year-round, open testing of election systems.

The dozens of decommissioned voting machines and equipment, some perched awkwardly on banquet tables and others stationed on the gaudy carpet in a cramped room at Caesars Palace five years ago, were just a glimpse of what DEF CON founder Jeff Moss ultimately had in mind for DEF CON's Voting Village.

Moss and the Voting Village organizers had -- and still have -- envisioned something much bigger than the voting equipment and hands-on hacking experience that began in 2017 at the annual DEF CON hacker conference in Las Vegas. Their goal: a full-blown election simulation.

"The end goal is to get the whole election system, the back end, database" and other systems, Moss says, for participants to view, examine, and hack. That would mean demonstrating everything from preparing the slate of candidates, programming the machines, checking in voters via poll books, casting votes, and then counting the results.

"Maybe next year," Moss says, noting some equipment is tougher to procure, like back-end vote tabulators and the newest version of GEMS-based election management software. "You can only hack what you can get your hands on."

But five years after the Voting Village first opened its doors with some 30 pieces of voting- system machine equipment -- some that fell to hackers within minutes -- the event has become more than just a hack-the-voting-machine exercise. The organizers see a higher purpose for their work: to bolster the security of election technologies and foster trust in those systems.

Changing the Conversation
The concept for Voting Village initially evolved out of concerns raised by Russia's online meddling in the 2016 US election. The painfully rudimentary security holes found in voting machines and postmortem reports from the Voting Village over the years quickly captured the attention of some key lawmakers on Capitol Hill, as well as US election officials. It solidified efforts in recent years to institute paper ballot backups and ensured the retirement of systems without paper backups in states such as Virginia and Georgia. It also reignited the call for risk-limiting audits of election results, where randomly selected ballots are manually checked against electronic machine results to basically provide an integrity-check of vote counts.

Some 88% of US election jurisdictions used voting systems with paper backup ballots in 2020, up from 71% in 2016, according to Verified Voting. The nonprofit for years has lobbied for paper as a critical backup to election systems.

But unsurprisingly, the Voting Village also has drawn the ire of voting system equipment-makers that contend much of the hacks are out of context, on outdated equipment, or require physical access to execute. Their concerns have been echoed by other critics, including the National Association of Secretaries of State (NASS), which issued a public statement panning the Voting Village in 2018 as "a pseudo environment which in no way replicates state election systems, networks or physical security."

Even so, the Voting Village, which includes a slate of presentations and talks by security experts and government officials, has attracted some high-level federal, state, and local government officials, as well as California's former Secretary of State, Alex Padilla, who headlined a panel of election officials in 2018 at DEF CON and later filled Vice President Kamala Harris' Senate seat. Former CISA Director Chris Krebs spoke there in 2019, for example, as did Sen. Ron Wyden (D-Ore.), who has been an ardent supporter of election security efforts.

Vendors Stay Away
But even with a high-profile speaker portfolio, the DEF CON Voting Village to this day has yet to receive the official blessing or direct participation from the big three voting system equipment companies: ES&S, Dominion Voting Systems, and Hart Intercivic. The Village organizers instead purchase secondhand election systems on eBay or other outlets, to use during the event.

Moss and Voting Village co-founder Harri Hursti, founding partner of Nordic Innovation Labs, are the first to admit it's been a rocky relationship with equipment vendors. While the automotive and aerospace companies, for the most part, have found ways to work with security researchers at DEF CON despite initial discomforts, the voting industry vendors have not, Moss notes. 

"Boeing and Airbus are [now] involved in the Aerospace Hacking Village," he points out, even after a turbulent bout between Boeing and IO/Active in 2019 over vulnerabilities found in the Boeing 787's on-board network

Moss sees the voting system vendors also battling internal conflicts. Some are pushing to be more open about security, Moss says. 

"The other half is terrified of opening up and revealing everything," he adds.

Representatives from each of the big three were present, though, in the Paris Las Vegas Hotel & Casino ballroom earlier this month where this year's Voting Village was held but as low-key attendees, notes Hursti. 

"I'm cautiously optimistic," Hursti says of getting the vendors to someday participate in the Voting Village.

As of this posting, ES&S, Dominion Voting Systems, and Hart Intercivic, had not responded to Dark Reading for comment.

To Hursti, one of Voting Village's biggest accomplishments is providing election officials with the security information about their voting systems. 

"Local officials now have more teeth to go after their vendors [about security],"  he says, as well as helping them mitigate risks of attack. "We're arming the customer."

Barbara Simons, the now-retired computer scientist best known for her longtime push for paper ballots and former president of Verified Voting, says the DEF CON Voting Village indeed has moved the needle forward in election security efforts.

"I think the Voting Village has helped to raise people's awareness of the need for better security of our voting systems," says Simons, who performs pro bono work for Verified Voting. "That means having hand-marked paper ballots for the vast majority of voters, ballot-marking devices for those who wish to use them, post-election risk limiting audits of the paper ballots, and no return of voted ballots over the Internet."

Village Goes Next-Level
This year's Voting Village marked the last in its current format. Hursti and his team plan to expand the project into year-round, open research, not just a few days in the desert. They currently are building out a lab at the Quantico Cyber Hub in Stafford, Va., and planning a second one in the Washington, D.C., area.

Hursti says the goal of the new year-round facilities is "to complete our mission and also transition from only education to actual testing." These will be open, independent testing labs for research purposes. "We are not seeking to be a federal testing lab," he notes.

Carsten Schuermann, a professor at the IT University of Copenhagen in Denmark who rocked the first DEF CON by hacking a WinVote direct-recording electronic (DRE) voting machine within minutes, applauds the testing center plans. 

"[A few] days of hacking is not a lot of time to actually do a deep analysis of anything," Schuermann says. "The test centers are a good idea for this, so you can come to the Voting Village to present your findings [in a] more polished [format]."  

But, he warns, the testing centers won't fix the relationship gap between the election security community and the vendors. That won't be easy.

In the maiden Voting Village event in 2017, Schuermann exploited an unpatched, old buffer overrun flaw in a WinVote voting machine in the room using Metasploit.  He accessed the (gulp) Windows XP Service Pack 0-based voting machine using the Remote Desktop Protocol (RDP), exposing real election and voting data that was still stored inside. The voting machine's inherent weaknesses made it an easy mark: RDP was enabled by default, it employed the outdated WEP security protocol for Wi-Fi, and it used the password "abcde."

IRL Again
After a hiatus last year due to the pandemic, the hands-on part of the Voting Village returned as part of the hybrid DEF CON and as one of the largest villages at the conference, housed in an 8,000-square-foot ballroom. As in years before, the security flaws in the equipment were abundant and easy to identify. The results are now being finalized, but Hursti says the most notable flaws were found in ballot-marking devices and electronic poll books. 

"We had one voting machine that had never been to the Village before [the ES&S M100] and will be used in the 2022 election," he says. Hackers there sniffed out flaws in the device.

Perhaps the most intriguing piece of equipment there, though, was the Dominion ImageCast Precinct machine -- and not because anyone hacked it. It already had been picked apart a couple of years ago at the Voting Village. But this year it was the subject of interest for attendees to investigate some of the far-out conspiracy theories about voting machines that have emerged in the wake of the 2020 US presidential election. 

"They just wanted to pull it apart and see if there was anything to the conspiracy" of a rigged machine, Hursti says. "Instead of trying to hack it, [they] wanted to look into it and see if there's this 'mysterious algorithm.' A lot of people were interested to see with their own eyes, pull the firmware to see if anything suspicious [was in there.] Nobody identified anything new."

Rather than hacking, the exercise was more about "debunking the false claims," he says.

Renowned software security expert Chris Wysopal, co-founder and CTO of Veracode and a former member of the hacker think tank the L0pht, says one of his favorite things about the Voting Village is it allows security researchers and election officials to meet one another. 

"The open community aspect of it is creating connections that wouldn't traditionally exist. That is one of the greatest benefits I see," Wysopal says.

And because the Voting Village is independent of any government body or political affiliation, he says, it brings a neutral view of the election security landscape. 

"We have seen politicians all over the political spectrum play both sides of voting-machine security. They either think it is fine if it benefits them or needs to be fixed if it doesn't," Wysopal says. "The voting village and the people associated with it can bring staying power to voting issues that outlive the disputed vote of the day."

Moss, meanwhile, sums up the DEF CON Voting Village this way: "It's probably the most impactful thing we've ever done."