‘Hackers against conspiracies’: Cyber sleuths take aim at election disinformation

Maggie Miller

August 15, 2022 at 4:18 PM·6 min read

One of the country's biggest hacking conferences became a test site this year for an urgent political question for the midterms: How to hunt for vulnerabilities in voting machines without fueling election misinformation.

Since 2017, the annual DEF CON conference — which wrapped up Sunday in Las Vegas — has featured a “Voting Machine Village” where attendees attempt to crack voting equipment ranging from registration databases to ballot-casting machines. The hackers at DEF CON — which takes its name from the military term for alert levels — have found vulnerabilities in nearly every machine featured during those years.

But this year, in the wake of a 2020 U.S. presidential election where false claims of election fraud abounded — including everything from disproven allegations that mail-in ballots were tampered with, to unfounded claims that some voting machines were programmed to change votes — the Voting Village got a lot more political — and the organizers worked to control the information coming out of it.

“If there is one theme this year, it’s hackers against conspiracies,” said Harri Hursti, the co-founder of the Voting Machine Village. “2020 and all the side effects have changed everything here.”

It’s a tough battle to fight, and one that offers a taste of the problems that the election security community will be grappling with in the run-up to the November elections and the weeks following — as they try to both make sure voting equipment is as secure as possible and to tamp down false claims that the equipment could be tampered with to change the outcome of the election.

The issue is personal for the hackers who come to the Voting Village, many of whom have spent years both researching election security and pushing election equipment manufacturers to publicly disclose these vulnerabilities — a move many of the companies have opposed.

“All the security improvements [have been] hampered by all the false claims, conspiracies — and fighting those,” Hursti said.

Following the 2020 presidential election, then-President Donald Trump tweeted out an NBC News report from DEF CON to allege security flaws in equipment from voting machine company Dominion. Hursti said other 2020 candidates also used clips from DEF CON to cast doubt on the security of elections.

Hursti noted the organizers can’t control how that news footage is used once it gets out in the world.

“When it’s in a digital format, the misuse of clips is inevitable,” Hursti said. “What we try to do is to make certain that the right message gets out.” That “right message,” he said, is that elections are safer because researchers are searching out these vulnerabilities.

At this year’s Voting Village, hundreds of attendees wandered among tables in a cavernous conference room at Caesar’s Forum, inspecting ballot scanners, voter registration devices and computers running voter database software. In some spots, groups of hackers crowded around tables to physically pull apart machines. At others, they whipped out laptops to connect to equipment and digitally scan the devices.

DEF CON attendees have a history of finding shocking weaknesses in the machines. At the 2018 event, an 11-year-old hacked into a fake version of Florida’s state election websites in less than 10 minutes. The 2019 edition exposed vulnerabilities in various machines that participants said could allow vote tallies to be changed, ballots to be displayed incorrectly, and internal software to be altered.

The findings have fueled calls to move back to using paper ballots or machines with paper records to verify votes. But organizers are quick to stress that it would be difficult to exploit the vulnerabilities on a large scale, and in many cases attackers would need to have physical access to the machines. The decentralized nature of how U.S. elections are run — with each state and even county using different voting systems and election protocols — is a further protection.

This year, though, the Voting Village included nearly as much attention to how to combat lies about widespread fraud in elections. A former National Security Council official spoke about how disinformation targets minority voters. Officials from Maricopa County, Ariz., discussed debunked yet ongoing conspiracy theories, often championed by Trump supporters, alleging widespread fraud in the county’s 2020 election results.

The Arizona officials methodically debunked claims including false allegations that Italians had used satellites to infiltrate voting devices in the county and that election officials had flown in thousands of ballots from Asia. (In fact, the officials said, no county machines were equipped with the technology to allow a satellite to have any impact, and these ballots could not have been flown in undetected.) They also noted steps they’ve taken since 2020 to try to prevent these theories from bubbling up in the first place, including putting in place a 24-hour video stream for the public to watch the vote counting and using stringent audit and accuracy counts.

Michael Moore, the information security officer for the Maricopa County Recorder’s Office, urged attendees during a session on Saturday not to accept claims of election fraud without proof.

“Please demand sources, demand data,” he said.

Maricopa officials said they’re still getting pummeled by misinformation around the county’s election security and voting integrity, along with physical threats for their continued efforts to debunk the claims.

Nate Young, the director of IT for the Maricopa County Recorder’s Office, described his work to debunk conspiracy theories as “a full-time job,” adding that “when I get to do my actual job, it feels weird.”

And officials are only expecting more of that in the months leading up to the midterm elections. Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, even told reporters before the conference that she is more worried about misinformation and threats against election officials than about cyber threats to the upcoming election.

Ben Hovland, a commissioner on the U.S. Election Assistance Commission, which tests and certifies voting equipment, said the need to divide their attention is making election officials' jobs more difficult.

“That’s really the challenge that our state and local officials are facing right now is that they don’t get to take their eye off the cyber ball, that is still a real threat, but they are dealing with…the harassment, they are dealing with weaponized information requests that have grown out of the disinformation, and that’s really challenging,” he said.

Still, even Maricopa County’s Young argued that an event like the Voting Village is important to finding vulnerabilities before they can be exploited on election night.

“I want these vulnerabilities to be found, that way we can identify those vulnerabilities in our own systems and shore them up,” he said.

And while full results have not yet been made public, some vulnerabilities in equipment quickly emerged during this year’s event.

A voting machine from China — which Hursti bought on Alibaba and had shipped over — was breached in five hours through a “slow and methodical” process, he said. If participants had been able to use what Hursti described as “free for all” methods, it likely would have been breached in under a half hour, he added. According to Will Baggett, a former CIA officer and digital forensics specialist who presented at the event, this process was made easier due to the machine coming equipped with WiFi, Bluetooth, a facial recognition scanner and a fingerprint reader. All of these features offer tempting methods for hackers to gain access.

“We don’t know what’s in there, but because we don’t know, we’re being methodical with it,” Baggett told attendees.

Reuters
US House to vote on long-awaited $95 billion Ukraine, Israel aid package
The Republican-controlled U.S. House of Representatives on Saturday is set to vote on, and expected to pass, a $95 billion legislative package providing security assistance to Ukraine, Israel and Taiwan, over bitter objections from party hardliners. More than two months have passed since the Democratic-majority Senate passed a similar measure and U.S. leaders from Democratic President Joe Biden to top Senate Republican Mitch McConnell have been urging embattled House Speaker Mike Johnson to bring it up for a vote. Johnson this week chose to ignore ouster threats by hardline members of his fractious 218-213 majority and push forward the measure that includes some $60.84 billion for Ukraine as it struggles to fight off a two-year Russian invasion.
6m ago
USA TODAY
Share of US Catholics backing legal abortion rises as adherents remain at odds with church
A growing majority of US Catholics favor legal abortion, a Pew study found. Meanwhile, Hispanics are growing as a segment of the Catholic population.
8m ago
Reuters
Russia's Kurgan orders evacuation in some districts as floodwaters rise
Authorities in the region of Kurgan in Russia's Urals mountains ordered an evacuation from several districts on Saturday due to rising river levels, after large snowfalls melted and heavy rain fell on ground already waterlogged before winter. Russia's Urals region and northern Kazakhstan often suffer flooding at this time of year but are seeing the worst in memory this year and authorities in Kurgan said the level of the Tobol river had already exceeded the highest level since 1994.
8m ago
Reuters
UK minister writes to London police over 'openly Jewish' comment
British interior minister James Cleverly has written to London's Metropolitan Police after an officer stopped a man who was wearing a traditional kippah cap from crossing a road during a pro-Palestinian march on the grounds he was "openly Jewish". The charity Campaign Against Antisemitism released a video late on Thursday which showed a police officer preventing Gideon Falter, its chief executive, from crossing a road in the capital because of the protest on April 13. The officer was videoed telling Falter he feared his presence could prompt a "reaction" because he was "quite openly Jewish".
12m ago
AFP
Deadly blast at Iraq army base amid Israel-Iran tensions
One person was killed and eight wounded in an overnight explosion at an Iraqi military base housing a coalition of pro-Iranian armed groups, officials said Saturday.The Iraqi security forces media unit said "an explosion and a fire" hit the Kalsu base in the early hours of Saturday, leaving one person dead and eight wounded.
20m ago
AFP
Hamas leader Haniyeh to hold Turkey talks
Hamas political leader Ismail Haniyeh will meet Turkey's President Recep Tayyip Erdogan on Saturday with Middle East tensions at a high after Israel's reported attack on Iran and Gaza bracing for a new Israeli offensive.According to press reports, that have never been denied, Haniyeh and other Hamas leaders were in Istanbul when the attacks were launched.
30m ago
AFP
Alone but unbroken: survivor returns to Hamas-attacked kibbutz
No one is around to harvest the fruits weighing down the loquat branches of Kfar Aza."Today I'm in Kfar Aza, but tomorrow, I don't know.
36m ago
Associated Press
Israeli airstrike in southern Gaza city of Rafah kills at least 9 Palestinians, including 6 children
An Israeli airstrike on a house in Gaza’s southernmost city killed at least nine people, six of them children, hospital authorities said Saturday, as Israel pursued its nearly seven-month offensive in the besieged Palestinian territory. Israel's war against the Islamic militant group Hamas has led to a dramatic escalation of tensions in an already volatile Middle East. The strike late Friday hit a residential building in the western Tel Sultan neighborhood of the city of Rafah, according to Gaza’s civil defense.
37m ago
NBC News
China’s stressed and overworked youth skip the tea and reach for coffee
China has overtaken in the U.S. with the most branded coffee shops in the world as young people start drinking coffee to cope with a competitive job market and workplace.
56m ago
USA TODAY
Biden sends message to China ― and working-class voters ― with tariff threat
President Biden's threat to triple tariffs of steel imports from China is as much about as the 2024 election as economics, according to trade experts.
58m ago
Associated Press
Moscow says 50 Ukrainian drones shot down as attacks spark fires at Russian power stations
Ukraine launched a barrage of drones across Russia overnight, the Defense Ministry in Moscow said Saturday, in attacks that appeared to target the country’s energy infrastructure. Fifty drones were shot down by air defences over eight Russian regions, including 26 over the country’s western Belgorod region close to the Ukrainian border.
1h ago
USA TODAY
The miscarriage was inevitable. Could she have had an ER abortion? Supreme Court to decide
The case is the Supreme Court's first chance to weigh in on the state laws restricting abortion that have gone into effect since overturning Roe v. Wade.
1h ago
CNN
Experts say panic buttons can enhance school safety, but only 6 states require them
In December 2021, the principal at Eagle Point Elementary School in Broward County, Florida, received an anonymous bomb threat. Using a silent panic alarm app on her phone, she alerted police and within seconds her image appeared on multiple screens in the Broward County Sheriff’s Office.
1h ago
Associated Press
About 1,300 people from Myanmar flee into Thailand after clashes broke out in a key border town
About 1,300 people have fled from eastern Myanmar into Thailand, officials said Saturday, as fresh fighting erupted at a border town that has recently been captured by ethnic guerillas. Fighters from the Karen ethnic minority last week captured the last of the Myanmar army’s outposts in and around Myawaddy, which is connected to Thailand by two bridges across the Moei River. The latest clashes were triggered in the morning when the Karen guerillas launched an attack against Myanmar troops who were hiding near the 2nd Thai-Myanmar Friendship Bridge, a major crossing point for trade with Thailand, said police chief Pittayakorn Phetcharat in Thailand's Mae Sot district.
1h ago
CNN
Everything seems to be going wrong for Rishi Sunak
With just two weeks until local elections that will likely go badly for his governing Conservative Party, there is a growing sense that the British Prime Minister is a man to whom the epithet “in office but not in power” applies.
1h ago
CNN
‘Ghostly’ city: How Russia’s war in Ukraine is taking a toll on its own Belgorod region
The once-tranquil city of Belgorod, some 25 miles north of Russia’s border with Ukraine, has been transformed into a kind of ghost town by Russia’s war.
2h ago
CNN
The new 62-story tower set to transform New York City’s skyline
A multi-billion-dollar tower featuring floor-to-ceiling glass will now add another dimension to the ever-changing, iconic city.
2h ago
Reuters
Musk says Tesla's Full Self-Driving may enter China very soon
Musk said "It may be possible very soon" while replying to an X post by a user asking when the EV maker would launch FSD in China. The Musk-led EV maker rolled out FSD four years ago but has yet to make it available in China despite customers urging it to do so. Other Chinese automakers have been seeking to gain an advantage over Tesla by rolling out similar software.
2h ago
NBC News
Trump vows to make his voice heard in court as first week of trial draws to a close. Here's what you missed on Day 4.
The former president, who has largely sat silently in the courtroom during a week's worth of court proceedings, told reporters that he will take the stand.
2h ago
NBC News
Man dies after setting himself on fire outside courthouse where Trump is on trial
Warning: This article contains an image some may find disturbing.
3h ago

Latest Stories