Insights & Analyses

Hackers show flaws in US voting, extract 650K identities from machine bought on eBay

August 4, 2017

A Tennessee voting machine brought to the annual DEF CON hacking conference in Las Vegas this week was cracked wide open, revealing personally identifiable information on some 650,000 people who voted on Election Day.

The machine was purchased legally, after it was decommissioned by election officials. But according to Gizmodo, government workers failed to properly wipe voter information from the system’s memory, leaving the records susceptible to attack.

The machine in question was an ExpressPoll-5000 that was used in elections in Shelby County, Tennessee. It was hacked as part of a “Voting Village” section of this year’s DEF CON, intended to showcase the vulnerability of U.S. voting systems, particularly as foreign threats like Russia are said to be stepping up their efforts to interfere with American elections.

The Tennessee machine wasn’t alone. Other systems from a variety of manufacturers — including Diebold, Sequoia and WinVote — were all exploited at the event, according to The Register. One WinVote system was cracked remotely, via Wi-Fi, utilizing an unpatched exploit in Microsoft’s Windows XP operating system.

Hackers also discovered administrative passwords for some machines freely available via a Google search. One WinVote machine was even “rickrolled,” or hacked to play the now-infamous 1987 song “Never Gonna Give you Up” by Rick Astley.

The hacking event could prove prescient as America awaits what is sure to be a hotly contested 2018 midterm election, as well as a 2020 presidential election.

In May, a leaked NSA report detailed two cyber attacks conducted by Russian military intelligence, one of which was an attack on a U.S. maker of voting machine software.

U.S. intelligence officials have repeatedly warned that foreign governments, particularly Russia, are focused on interfering with American elections in any way possible, from vote tampering to misinformation campaigns.

The revelations came on the heels of America’s so-called “Facebook election,” in which targeted ads and false propaganda helped swing the election in favor of the eventual winner, President Donald J. Trump.