Remember earlier this month how breathlessly Politico and other news sites reported that teens at a hacker conference had easily penetrated state election sites?
Yeah, turns out that was complete bullshit.
Instead, students were working with look-alikes created for the event that had vulnerabilities they were coached to find. Organizers provided them with cheat sheets, and adults walked the students through the challenges they would encounter.
Josh Franklin, an elections expert formerly at the National Institute of Standards and Technology and a speaker at Def Con, called the websites “fake.”
“When I learned that they were not using exact copies and pains hadn’t been taken to more properly replicate the underlying infrastructure, I was definitely saddened,” Franklin said.
Also worth noting is something that was missed in the reporting: no state election site TABULATES votes on a system connected to the internet. In other words, if you were in theory able to hack the Ohio state election site and changed vote counts and names – you’d be doing that on the surface reporting page, but not on the official record, and that discrepancy would show in the routine audits conducted precinct by precinct by the Secretary of State’s office, monitored by watchers from both parties.
Franklin and David Becker, the executive director of the Center for Election Innovation & Research, also pointed out that while state election websites report voting results, they do not actually tabulate votes. This information is kept separately and would not be affected if hackers got into sites that display vote totals.
“It would be lunacy to directly connect the election management system, of which the tabulation system is a part of, to the internet,” Franklin said.
Election hacking and voting interference are both serious issues. But poor reporting as was done in these stories does no one any favors.