Skip to main content

tv   Voting Machine Hacking  CSPAN  October 10, 2017 10:20pm-11:51pm EDT

10:20 pm
washington journal live at 7:00 eastern went to morning. >> thursday, we are live in nashville, tennessee for the next stop on the c-span 50 capital store. former governor will be our guest on washington journal -- 9:30 a.m.:00 eastern. join us thursday for the entire washington journal starting at 7:00 a.m. eastern on c-span. correct now a look at the vulnerabilities voting machines and other election equipment used around the u.s.. this is part of a hackers conference. it runs about an hour and a half.
10:21 pm
fred good afternoon. : i'm fred kempe, president and ceo of the atlantic council. i'm delighted to welcome you all here at the atlantic council today on behalf of everyone at atlantic council, on behalf of people of pulled this together so it's to you every thing were doing and initiative for the launch of this crucially important report, and you know, people standing at the podium say things crucially important. it really is. hacking the election: lessons from the defcon voting village. here the atlantic council we operate under the enduring mission of working together to
10:22 pm
secure the future. this has meant seriously because the founders of atlantic council desecration, one of the people who helped found this was dean acheson wrote the book of the international double order. we see that order is being under threat and we see one of the things exposed that most of the threat in the order we created is the advance and the protection and security of democracies. we believe a stable prosperous world depends on building a sustaining democracy, and democracy depends on the sanctity of the boat. in recent years this fundamental quarter to our system of record has come under threat. unprecedented assault in the united states and europe are bringing scrutiny and uncertainty to once and vibrant electoral processes. we at atlantic council have been doing quite a bit of work in countering this information both within our eurasia center and in our digital forensic research lab, cutting edge work. we haven't done yet work in this area so it's a particular pleasure and honor to be
10:23 pm
associated with this event and the work behind it. in the current geopolitical climate, preserving or in some cases reinstating public faith in the integrity of security of our elections is more crucial than ever before. this can only be achieved if were able to protect the technologies, to protect the technologies underpinning our democracy. while much of the discussion over the past 12 months has focused on the russian link information operations with carefully timed a leaks, fake news, facebook ads recently, recent revelations have made clear how vulnerable the very technologies we use to manage our records can cast a vote in town of results with our, and that's new. we now have alarming evidence of russian connected hackers successfully breaching electronic poll books and state and local voter databases in a lease 21 states across the united states this recently released by the department of homeland security. you have to understand how
10:24 pm
careful dhs is before it puts out this kind of information. the technical community including many atlantic council experts have attempted to raise alarm about these threats for some years. this some of the experts on today's panel and others concerned about the safety of the vote teamed up with the world largest hacker conference, defcon, to host the first ever, and i'd like this, first ever voting machine hacking village. this determined group invited security researchers to probe to dozens electronic voting machines -- to dozens. many of which are still in use today. the hackers were able to break
10:25 pm
into and gain remote control of the machines in a matter of minutes. these findings from the voting village are incredibly disconcerting. we atlantic council applaud the groundbreaking and tireless work of the organizers to shed light on these threads and this unsettling reality. we believe that transparency is about 80% of what is needed because you have to understand to know the threat in order to get the targets and others to take care of defending themselves. this is a this is a simply a cybersecurity issue but one of the most pressing national security concerns eating at the bedrock of our democracy. the council's own cyber team is proud to support this critical effort by taking representatives james link of an and will las vegas this july, the first sitting congressman to ever attend the conference and witness firsthand this voting village. we are honored to continue this partnership by convening today's discussion and look forward to assisting in the next steps that is crucially important effort. you may have read in "usa today" that a group is coming together to try to continue to work and
10:26 pm
continue to work around this and we're proud to be part of that. before i turn over to jeff for his remarks, let me take a moment to introduce our panelists. jeff is the founder of two of the most influential information security conferences in the world, defcon and black cat, and he's a senior fellow with galactic councils cyber statecraft initiative and are brent scowcroft said on international security. ambassador looked luke is a former u.s. permanent representative of and serving under president obama from 2013- .017 prior to this and after retiring from active duty as lieutenant general after 35 years of
10:27 pm
service he served as the assistant to the president and deputy national adviser under president bush as well as under president obama. we had a bipartisan ethos. you've worked in real hands-on bipartisan manner. john gilligan is chairman of the board at the center for the internet security cookies are just president of the schafer corporation senior vice president, and chief information officer at the u.s. air force and department of energy. sherri ramsay is senior advisor to the ceo at cyber international, engaged in strategy development and planning. she is the former director of the nsa css threat operations center, that's a pretty big job and pretty significant position where she led discovery and characterization of threats to national study systems. harri hursti is a founding partner of nordic innovation labs in one of the organizers of
10:28 pm
the defcon voting village. he has fast dating insights. -- fascinating insights. i just took a little bit outside this room on this probably would talk about today. is one of the world leading authorities in the areas of election voting security and critical infrastructure security, and as an ethical hacker famously demonstrated how certain voting machines could be hacked, ultimately altering voting results. our moderate today is jake -- moderator today is jake braun. jake is a lecturer at the university of chicago and ceo of cambridge global advisors and co-organizer of the defcon voting village. jake also serves a strategic advisor on cybersecurity to the department of homeland security and the pentagon. so this is a heavyweight group, and we are looking forward to your reflections. huge thanks for all of you joining us today and joining us online, and thank you for everything you contributed to this work. lastly i encourage anyone in the
10:29 pm
audience watching online to take part in the conversation by following at ac scowcroft and at , but using theof hashtag "accyber." and now without further delay, let me turn the podium over to jeff. jeff thank you. : good afternoon, everyone. i'm going to start with a little and then you a couple thoughts on where i think we are going. have been talking about voting machines for a long time. i think kerry has been poking at them for 10 years. we had one of our first speakers talk about his concept of black 10 voting machines about
10:30 pm
years ago. isis not new but what is new the intention on them and the importance they are now playing and howard democracy. how did we get here? i am going to blame jake. national security coordinator in the white house and dhs back when i first securityt the homeland council. i got to note jake and he was very passionate about voter security during the obama campaign. we were talking and jake was saying, you know i bet these machines, there's got to be problems with these machines, right? i said, oh yes. there are definitely problems but i just don't know what they are. but i can tell you, there has got to be problems. onlinearted going
10:31 pm
looking for studies, looking for needsty analyst terry missions apart. you cannot find them. you can find an everest report in 2008, some controlled reports where the manufacturers got the researchers to sign nda's and did limiting testing but for hackers that does not count. i want to see the pictures. i want to see the trials and tribulations of the hackers attacking these machines. i could not find him but i said, i am sure they are just a disaster. than a couple weeks went by and he said, you know what? you should get a bunch of hackers to tear these things apart. i said, that is a great idea but we are not going to be able to get any of these from the manufacturers. they are so tightly controlled. you are not going to get the machines or the software. but i started looking on ebay and sure enough, thank you ebay,
10:32 pm
there were some to be found. we have two of them here that harry will hack into later. so it turned out we can get our hands on them. these things never get updated. they have been around for like a decade so you can get them fairly inexpensively. so i allocated some space. got some people together. we started ordering machines and then i realized, i am not a voting machine expert. i can tell you historically what kind of systems have had issues but i cannot tell you the ins and outs specifically. harry, and some others, who of spent more than a decade looking at the said ok. you get the machines and space and we will run me village. it was fascinating because if you're not familiar with def con, we have about 25,000 people
10:33 pm
who show up. they subdivide into topic areas. as soon as we announced a voting village's i got state, local, county voting officials desperate for information. i have these machines, i've no idea what they do. i have these machines and i do not know if i can trust documentation. tell me what you find. we would try to get them to come say, i've nowould budget i can come out. could you just livestream people hacking me machines. i said, i do not know how much that will help you but we will have this report. it is the first step in trying to change the narrative. as you will read, these machines are pretty easy to hack. this flies in the face of the narrative sung by the manufacturers which is, you have to be an insider. you have to have specific knowledge of the technology.
10:34 pm
random people are not going to be able to approach these machines and ask them. they need to understand them and study them to know the context. i think we opened the doors and 35 minutes later, one of the machines fell. it turns out hacking technology is pretty much hacking technology. automobiles,d implantable medical devices, airplanes, physical locks, access control systems, internet toys,ngs devices, adult atm machines. so chances are, yes, we are going to hack your 10-year-old election machine. the differences now it counts. no people are paying attention and they were not pay attention 10 years ago. now it is not a conversation between us and the state and local officials. this needs to be a discussion that a higher, more national
10:35 pm
security level. i was struck by something professor leak said which was essentially there are two ways to changing government. ballot box.r the i thought about that for a while and we spend a lot of money on box.ullet we have nuclear triads, oversight, testing ranges, we have a large amount of money and technology invested in our bullet box. how much do we have invested in our ballot box? pretty much comment nothing. it was only just recently called infrastructure. other important but all of our energy is in the more-important bullet box. it also needs to be the ballot box. this problem is not going to go away, it is going to accelerate. three things made this possible but first we have a three-year
10:36 pm
dmca exemption. usually you cannot reverse engineer these things for copyright elation. they use takedown notices to prevent researches from publishing results. year three -- was this was year two, next year is your three. pickrchers will be able to this apart and provided independent view. that was not possible before. once remove the fear sort of a litigation in lined up an impressive array of lawyers waiting to defend us of anything happened, we felt confidence going forward that if anybody was going to sue us, we would have enough resources to defend ourselves. dmca and theth the way we could defend ourselves. the second one was a giant storm where the roof collapsed on a
10:37 pm
county where they were keeping their voting machines. the county totaled out all of the items including the voting machines. there was no purchase sale agreement on the voting machines. the insurance company did not want it. they give it away to an ,lectronics recycler who then now have the equipment with no nda and no purchase agreement signed. now if we get our hands on these machines we are not violating any rules or civil law. the manufacturer contacted them pleased, could you disassemble all of the machines and you know, basically take them out of commission. he said, sure. how much do want to pay me for each machine? they said, we want to use zero. he said, well do want to buy the machines that? he said, no. he said, well, he back anytime
10:38 pm
you want to buy the back. and he started selling them on ebay. so ladies and gentlemen, the voting machine. we have this culture of exploring things and hacking them and publishing results. so there was the upcoming def dmcathe storm, and the made this possible for the first time. we have been using these machines for more than a decade. this is the first time we get to actually look under the red? that does not -- under the hood? that does not make any sense from a policy standpoint and we need to really understand what is going on and how do we fix that. we can't run our country like that. when will the next storm happened, right? i want to think about that. i will hand it over to jake who will go into a moderated q&a session then we will go to the audience for questions.
10:39 pm
thank you very much. [applause] sit forjust going to the q&a. first off, you and professor blais were the technical leads running the hacking village. did you find? >> first of all, it is established that all machine is hakuba. is hackable. was a learning experience. for people to find the truth themselves. people came, said can i touch? yes, go ahead. the other thing was the speed.
10:40 pm
one of the people who of been doing these things published a study. of course if you have a few weeks you can hack it. first of all, if it is a nationstate they have that. they don't wake up all of a sudden. they have time. work it the scope of took a long time. right now, i would say that we have less than half an hour. i 10:00, ate door 11:00, it was supposed to be the introduction speech. at the time one machine had already so. the guys who did that said, can we show it? no, i need to go -- i want to --
10:41 pm
he was at the speech for 40 five minutes comic came back. at the same time, he was from denmark so at the same time during the speech another person from northern california hacked one. when the introductory speech was over, already too machines had fallen. this technology is very old. for a lot of people who were there, they were not even born when most of these came about. people on twitter were asking for tools to do this. aret of the current tools not that much behind. these tools came to be -- cost $15 may be in new york. very old technology. some of the findings and there are so many things but one thing
10:42 pm
is we followed vulnerabilities which have not been studied before because of the rules of the road of the previous study. ad, those vulnerabilities put unreasonable stress to a nonexisting -- can be hacked anytime during its lifetime anytime it has been hacked it cannot be cleaned. -- everything from mainland china to philippines, an name it, there is element. we do not even know that extension. what extension do they have in the design and building of this? said the chain of custody when it is in the united states in use, and how did that come to be?
10:43 pm
where came from? how can you make sure the machine you get is clean? so these are my opening remarks. >> ok. so, sherry after spending a long time at nsa what are your thoughts on the relevance? harry'sllow on with comments and the comments you and jeff have made is the first thing you want to do when you kind of look at this problem is figure out what is the target? is it something people would be interested in? and what is the way for that target to be legitimately hacked? would it take a year? would it take 5000 people to do this? is this something we should really worry about or is it something that could be done but not likely to be done? the last thing as, would anybody be interested in doing it?
10:44 pm
there could be a lot of phone abilities out there but if nobody is interested, maybe we don't spend money or time and effort. so to quickly answer those three questions when we're talking about this. obviously, the specific target, well, the target might be the u.s. democracy but the closest target would be the voting machines themselves. if you look at the companies, not that many years ago there were 19 or 20 more companies who recognized making voting space.s were big in that people would buy voting machines from them. the last few years, just like you know, a natural progression of economy and things that of happen on a global scale, companies have merged, gone out of business. today there's really only three or four big bit, well known, recognize companies that will voting machines we would be interested in purchasing and using for our elections. by that furniture, we have
10:45 pm
focused the target set. it is no longer hundreds or even tens, it is three or four. that is a specific, limited target said an adversary would need to go after. the second thing is, you know, let's kind of look at how could this be done. is there a realistic way to do that? if you look at the voting machines, and fact look at laptops, cell phones many of you are using now. watches on our arms. his toys, refrigerators. missiles, airplanes. you talk a lot about them at def con. what did they have in common? they are built of hardware, like this one here. they run with software. you know what? i think as you both mentioned in a lot of ways, it is not even specific to the voting machine. it is hardware and software. there are chips manufactured
10:46 pm
globally because of the global economy. we don't know where all of the chips come from. most of them come from outside .f the u.s. primarily so there is this natural approach to hack software but hackers are starting to look at hardware for a number of reasons. hardware hacks can be more persistent if you do a software upgrade. the malware will stick to that. often times we think things are not connected to the internet but they really are, by the way. in the off chance they are not and somebody wanted to get into this device, and perhaps take data away from it, they have to get it out. if they do a kind of hardware hack or hardware implanted in change a check, now they have created a path to put the data
10:47 pm
out. so because of the global marketplace, because the voting machines as well as many other hardware made of just and software, the concept for how to do this is pretty well known and relatively easy, as we have seen. this created the opportunity. now, who would want to do this and to have the capability to do this? at a number of nation states that have actively unitedying to influence states elections for years. now we have given them a new way to do that. perhaps some other elements as well. criminal terrorist groups. many of them are generally accepted by the community of having the wherewithal, that is the sophistication, the money, the wherewithal to pull this
10:48 pm
off. you say, ok, it is hard. they would have to do it one voting machine at a time. they are spread all over the country. not really. go back to the limited target, for manufacturers. these supply chain is a great kind of vector for them to do that. it could be done with an insider just for money. they could care less about the u.s. change the software, check process. huge,cyber could affect huge numbers of chips and things that would go when to the machines as well as other appliances. if you think about it, it is just a software hack. to go win and hack the software development of the companies developing software for the machines. and at the beginning put the malware and so when the software
10:49 pm
is downloaded it already has the malware inside. these are the things, read the newspapers today, we are seeing day.done every single the bottom line has, are the voting machines special? no, they are really not. they are hardware and software. we have kind of demonstrated the disconnect. if you follow the scenario largest -- logically, we should really be concerned about the elections and our processes and the voting machines of the future. >> thank you. the hesitancyan, that helps enhance the cyber security and local government who are the ones who administer our elections, what are we going to do about this? ] o audio, low audio
10:50 pm
>> and tractable problems. -- intractable problems. it was mentioned i was in the air for some time ago. i would tell a story that helps put in context what we in the center for internet security do. used used a come in annually and do a penetration of analysis of each service, air force being one. then we did a debriefing. i am sure they are bigger and better today. my biggest fear was that if anyone was sitting in that room from the outside i would fired right away because they were very successful in penetrating our systems. i went to the nsa and said, this is not helpful. i need to know where to start. they came back and said, nobody
10:51 pm
had ever asked this question but it was helpful because we got our offense of an defense of teams together and they put together what they thought were the areas they saw that are exploited or we exploit. i only paid attention to the first part of the briefing because they said 80% of the attacks happen in misconfigured software. the software is not configured and initially properly. that was 80%. so i said, that is where we are going to start. i give that story as a way to give context to the center for internet security. focused on what we call best practices. configuring software and patching, knowing what is on your network, controlling administrative village, auditing, etc. are all basic hygiene practices. effective, those
10:52 pm
types of practices against the in they of the attacks philosophy being, why do something sophisticated, some examples are given here, if you can just get on the internet and go after the misconfigured software? equifax is a good example because the apache strut software that was exploited it is an open source software. does not have a supply chain issue. it is often an embedded in other products. this gets to be sort of a complex problem. the center for internet security focuses on best practices. we take commercial versions of products and through a collaborative process, we define what should be the secure configuration. we disable those things that have high security risk. we enable controls that ensure better security and weep propagate those.
10:53 pm
propagate those. we have a set of controls, basic hygiene activities. there happens to be 20 of them. our viewers, if an organization focuses on these they are addressing the most common thread patterns and they will be more secure. our effort internally is going to be to take the elections ecosystem and to develop a set practices, a handbook of best practices for the election system. we will do this following our normal process in sort of a collaborative way. we have 400 or 500 people to collaborate with us and we will expand that horizon because there are those that have specific expertise and election systems. we'll invite them and dhs, the elections consistence commission which has responsibility for focusing on the machines
10:54 pm
themselves. we will invite the national association of secretaries of state and other election officials to participate. the reason being, let's get together and very quickly by the end of the year produce a set of best practices that will then be given to state and local governments. our efforts will complement what the systems commission is developing presently with the national institute of standards and technology, what is called the voluntary voter system guidelines. version 2.0. an updated version trying to address a number of issues including security. that effort, we're going to undertake immediately. obviously based on the background of the organization focusing on best practices we have a put a good handle on foundational efforts for this and we will move forward. thing is, under dhs
10:55 pm
oversight and funding, we provide security to state, local, tribal, territorial organizations. so we have about 1500 members. we provide education, we provide security monitoring, vulnerability assessments, incident responses. alerts, warnings. part of ouras education campaign, we will increase our emphasis using this handbook on election systems in conjunction with our other best practices activities to see if we cannot use the emphasis we now have on election systems to improve security really across state, local, tribal, and territorial organizations. >> fantastic. what are you tell us, you guys planning for next her? >> version two. next her as our last year -- last year.s our
10:56 pm
>> the application time is already over. it in may whend we had the last portion. >> we don't know if it will be extended or not so we can adjust what we will do. the idea is, we want to get a -- we want back one to get our hands on the back and software. the provision of voting ballots to run the election to figure out the winner. we want to have a complete voting system to attack so people can attack the network, the physical machines, they can go after the databases. this is a mind-boggling part, just like the first time it has been done. no nda. there has never been a test of a
10:57 pm
system. this is mind-boggling. harry can probably tell you 10 different reasons. i would love to be able to create any kind of a complete system. it does not have to be the most up to date and complete system but we want to have a complete end-to-end system so it is one less thing people can argue about. >> so everything from the voter walking into check-in, to fill out the portable, how you register the vote. we're going to try to invite some of the manufacturers.
10:58 pm
really, i think probably because this is the first scrutiny the manufacturers have ever had, they are not sure what to do. that is a routine response. comeey's industry's first into contact with hackers and people are given an honest opinion of technology, they pull back inside for a while. the best part of this is free, the world's best hackers doing pro bono work. giving away reports for free. normally thousands and thousands of dollars a day. they are doing it because they want to see what is possible. i tell them, take advantage of this free resource. learn what you can.
10:59 pm
worthhink this is repeating. in the studies which have been made in ohio, california, none of those really have had infrastructure. they have been concentrated on voting machines. look at the voting machines in def con village, these kind of comprehensive, this is the office. let's take a look. that has notl you, been done, ever. >> in 15 years. >> well, ever. the other thing i want to point out is how we took it back. the def con of latin america. problems we are talking here, right now, argentina, this is an international problem.
11:00 pm
we have different flavors of democracy but similar problems. this is really international. >> that is a good segue to our next speaker. >> thank you very much. atlanticnk you to the council and fred for hosting today. fred, you did an extraordinary thing. communitiesther two in the country but especially in washington that do not usually made for lunch. the technical experts, hacker communities, sometime you can tell by our address. nationaliplomatic security committee and we have you altogether in the same room which is very important because that merger of two communities highlights my main point today and that is that the technical vulnerabilities we are just
11:01 pm
describing are, i think, given the 2016 experience, raise it to a national security issue. fact, in my over 40 years of working on national security issues, i do not believe i've seen a more severe threat to american national security than the election hacking experience of 2016. that may seem extreme but when you consider the fundamental connection which could have been compromised and may have been thisomised last year and is the fundamental connection between the individual voter and the results of the election, if you can compromise that you do not need to attack america with planes and ships and tanks. you can undermine democracy from the inside. i think that is really the threat.f this today's session is not about the forensics of the 2016 election.
11:02 pm
i have confidence and i think we has american should have confidence that the multiple investigations underway will revealed was the full impact of 2016.appened in the friend six will come out. but we do know this much -- we know russia tried to influence the election outcome last year and we know at a minimum they tried to discredit the outcome by casting doubt on its legitimacy. that is enough to get started, ok? why is it so serious? one of the questions sheree paolello asked was, who cares? who would want to do that to us sherri of the questions asked was, who cares? who would want to do this to us? the russians. first of all, vladimir putin has
11:03 pm
already demonstrated successfully he can do this. in military terms, a threat is a combination of the capability right? intent to use, that is the end of that statement. he has the capability, and he did use it. we have both capability and intent here. he influenced our political process. democracy.bts on our look at washington today. he added to the political gridlock in washington. him.t very low cost to in military terms, this is a classic definition of a threat. ofri this level vulnerability -- we would never accept this level of vulnerability in any of our control systems. the targeting system, our weapons control systems, the systems that control our nuclear weapons, right? we would never accept the kind
11:04 pm
of vulnerability exposed at def con this year. so we have work to do. going away.t this was not a one-shot deal where they tried something and were off to the next target. vladimir putin can be in office and even ifst 2029 he is replaced, a new russian leader would be attracted to similar tactics. on a tactic here that i think will exist. from what ied a lot think were a series of probing attacks in 2016. my guess is they were somewhat surprised by what they learned. like some of the participants at def con. at how out of date and vulnerable the technology is. i think we should expect the
11:05 pm
next attacks to be more targeted and sophisticated. so the russian threat is real, and it is here to stay even beyond vladimir putin. this is a national security issue because others watched. what was happening in 2016. around, north korea, the so-called islamic state and others. national issue because time is short. the 2018 and 2020 national elections are just around the corner. 13 months out. we are disclosing today by the findings of the def con report just how vulnerable these systems are and we have essentially 16 months to harden our democracy. process.e this is a national security issue because other democracies are susceptible, too. democracies in europe, south
11:06 pm
america. also bought her a ball. the same democracies make up our this is not in america-only vulnerability. we know for sure russia has attempted to penetrate and corrupt other electoral systems. think about the french elections in the spring. but long before that. georgia, baltic states, so forth. for all of these reasons, the security of the u.s. election process should be a top national security issue. now look, i am not an expert here on the process and the machine and the hardware and software. that is not me. the good news is though, with these experts assembled, we pretty much know what we have to do. we have got to get back set of
11:07 pm
west practices that john gilligan mentioned out to where the rubber meets the road in our voting process. that is not only to the 50 states but also thousands of voting jurisdictions across those states. we have a lot to do in a short time. to youed and we commit today that this group, this informal collision, will convene and within two months come back to this community, this joined community, with best practices. this has to be a nonpartisan, bipartisan effort. this is not about party politics. this is about our fundamental rights as american citizens and about the health of our american democracy. look, for over 40 years as a military officer or diplomat, i did not rest in the sanctity, question the sanctity or validity of my vote.
11:08 pm
we often voted by paper will because we voted by absentee ballot. you complete your ballot, sign the back of the envelope, mail it in. for 40-some years, that was enough. i believe i had fulfilled my civic duty and had confidence that vote would count. over the last 12 months, given the experience of 2016, i do not feel that way anymore. i challenge all of us to think seriously about the challenges we now know took place. that were attempts to compromise and corrupt our fundamental rights is voting citizens. it is time to get this fixed. we have to secure our voting system is a national priority. this report is a first step. let me live it back to jake.
11:09 pm
thank you. [applause] jake: two why, in general lute. -- thank you, general lute. here are the things you can learn, no, or do. first of all, there were dozens of successful attacks on these machines. they are outlined in the report. one note we want to really highlight that came out of a lot of research that were done to these machines after def con is that with parts and software made all over the world and there are only three or four manufacturers, the one core point that election security experts and others have been
11:10 pm
decentralized the nature of our voting systems, the thousands and thousands of voting offices around the country is what kept us safe because russians would need to have tens of thousands of operatives go get physical access to machines to actually infiltrate the election. know that is false. through a handful of physical attacks and through manufacturers not in the united states, the russians could land malware into thousands of machines all at once and hack the entire u.s. election without even leaving the country. that is a very important finding, number one. number two is what jeff said that especially with election officials, the thing you can do is contact the folks at def con yourffer to give out machines, your databases, give them access to whatever else you
11:11 pm
just as this is an essentially free testing and training for your staff, that would normally cost you millions of dollars to purchase on your own. finally and maybe most importantly is that the center for internet security is , anening a coalition informal coalition, of pretty impressive folks like the atlantic council to arrive at and then help educate congress as to why we need to pay for these best practices to be implemented and then ensure that state and local governments implement them. so with that, want to open it up. aboutn will harri talk technology? hack? >> afterwards. we will have the demonstration.
11:12 pm
>> i did not know if you are pointing to someone else. susan greene helmuth verified voting, went to thank you for this. it is important and critical. i am privileged to be able to attend the def con and attend lectures. it is great. hurry is amazing for -- harri is amazing. to point out help her and this is as translated to states going to secure their voting systems. as some people may know, the state of virginia recently transitioned all of their voting systems to paper ballots because of some of the vulnerabilities that were disclosed in the def con conference. they reached out to us. we helped get them some information. i know harri was getting them information and letting them know what was found and they were able to go provide that information to the state board of elections. the state board of elections was information that
11:13 pm
and understand the security vulnerabilities and transition to paper that lets which is a transparent system that can protect us. so i want to thank you guys for seeing this transition to real-world change. >> fantastic. professor, do you have a question? >> ok. >> introduce yourself. >> sure. i am a professor of computer thence and engineering at university of michigan and i have been working on the problem of securing election infrastructure for about 10 years. i just wanted to offer a couple reflections on this absolutely fantastic set of achievements that has come out of def con. lute says,mbassador this is absolutely a national security problem. that is the biggest thing that has changed from when i started working in this field till
11:14 pm
today. we started in 2007 thinking, it is possible people might temper with a few localized election systems but state-level attacks, nation-state attackers changing a result that sounds like science fiction. it does not sound like science fiction anymore. the voting system as we have seen in many, many different studies over the past 10 years that have come out of different academic groups is vulnerable throughout the technical infrastructure. the infrastructure is a decade or decades out of date and there are all kinds of ways that attackers might be able to compromise voting equipment. but the def con results do in my mind more than anything else and this is an amazing confirmation and extension of all of the different works that has shown machines to be vulnerable and now, even in machines like the dex that harri and
11:15 pm
others like us have studied in the past, there are more vulnerabilities being found by .tudying it at def con these machines are broken to be core. the core. in terms of best practices that will be developed by this new initiative will be a fantastic steps toward helping states secure the infrastructure. at the one other component that is so critical at the center of the solution is really low tech. that is to make sure we are using voting paper. and that we are looking at enough of that paper to know theher results are really
11:16 pm
same. as president trump himself said on election day, there's something really nice about paper. you don't have to worry about hacking. by taking the simple, low-cost steps i think we can go a long way to protecting against different threats in the severe. this sphere. >> i actually have two questions about the technical aspects of the report. the supply chain problems which you brought up. beyond creating chaos in the election, can this be used in any way to target a specific election? all, the short answer is yes because if you have a persistent attack that is sure universal door. what is the control structure?
11:17 pm
one of the easiest things is actually naming a candidate on the ballot. you cannot change it. you can use multiple ways to communicate. should already be in place. be justmy comment would assume all we can do is create chaos. we know there is more than that. and even to have a little chaos, it would cause such a loss of confidence i think in the election system that that, you know, would make people walk around and say, you know, is this legitimate? legitimate?tion even if it was, just a fact that people are question not i think it's hugely damaging to our government and democracy in general. you don't even have to go past grading the chaos for this to be a significant problem. they are either
11:18 pm
the company charged with maintaining the system or states maintaining the systems followed best practices, the backdoors would still only be accessible usb attack. i am just trying to get a sense of the extent of the -- >> let me answer to things. -- this is ang is candidate who wants to win. the third model has not seen -- people are not asking what are all the possible reasons. no -- onnow there is wednesday. there will be eight -- and if i can bet on that i could make a
11:19 pm
huge amount of money. so there is a financial opportunity. again, the other answer which is ae -- those machines do have usb port. that is wanting. the other thing is the statement, there are no wireless. that is already decertified. stines recount, one of the important pieces of information that came out in the trial is that there is a new generation of machines that use wireless. -- the answer here is that we thaty found as a community this information has been in public documents. never disseminated. it is already --
11:20 pm
so, you don't need to have a typical usb. >> that was my second question. the onert only mentions machine or the one brand of .achine that has wi-fi >> we are hoping for another storm. [laughter] >> you mentioned machines from verizon, the information flow. >> there is a paper ballot thater machine that has capability. was --ink the comment than i was involved more was. >> right, so what we know from studies of different machines as
11:21 pm
well as the backend infrastructure is that there are several ways they might be remotely attacked. one is through the supply chain, as the panelists of emphasized that could be through machines as they are sold or through software updates for the machines that are delivered from the manufacturers. before everyte is election, every single voting machine in the country has to be programmed with the design of the ballot. the races and candidates. that program is recorded on a usb stick or memory card. what we have demonstrated in past studies is that if you can modify that programming, you can take control of the voting machine and cause it to miscount the votes and shifted to whichever candidate you want. that is a real danger because
11:22 pm
those files that define the ballot are often created on machines that are connect it to the internet. thing here iser what has been discovered also is -- it is probably u.s.-specific, is that the -- that meanso do the actual programming of the machines happens outside of the jurisdiction which in my opinion means they have no -- of their own. theet me just try to raise conversation a little bit above the machines themselves. when you take the whole lifecycle or ecosystem of the election process there are other eagerly disturb a thing -- disturbing processes.
11:23 pm
all of the voters here, you are in some vote state registration database. to validate your entry to the ballot. if you could corrupt those databases which are all stored on the internet, right? by transposing two digits of your street address or changing your middle initial, right? duty shows upic at the fire station or across the river to vote that day, the id does not meet the database, it never gets to be ballot. so when you look at sort of the whole lifecycle of the process, vulnerabilityown but there are likely other vulnerabilities that are equally problematic. >> go ahead. i hope the panel can comment.
11:24 pm
alex has worked on this issue for a long time and the solution on the voting machine front is the low-tech solution. vote on paper. look at paper. but the problem seems to be political in getting to the solutions. to nato allies have moved paper. the french election, they used electronic voting but they stopped at an face of the threat. the dutch move to paper and hand-counted the paper in the last election. but we are struggling at the national level to get a voluntary grant available to states so that they can maybe switch to paper said they can do post-election audits. if you can talk about how to get a political climate of urgency which just does not seem to be there. >> well, so i think that is one thing i think that is exactly why we're trying to do this.
11:25 pm
this is exactly why we are partnering with the atlantic council which is one of the preeminent national security organizations and the country. without firmly positioning this problemational security it is we will never get the urgency we need and that is exactly why we're here today and exactly why we're so excited conveney have agreed to this broad friday of people to come up with best practices. of, likesort imagination, like going from the abstract to the concrete where you have so many things to worry about. this is one more. it now that it has arrived, you have to take steps and that is scary because now you have a new problem. there is no four years of nuclear deterrence around this. this is another issue which brings risks. you know, you have entrenched
11:26 pm
lobbying interests. i am sure the manufacturers do not like being called out. who would? nobody would. i am sure people have staked their reputations on the budget so there are a lot of interest involved and you have to pull a you-turn and that is going to be a problem. is fundamentally a mental shift from the presumption your vote is secure or our votes are secured to now i think the presumption that, you know, maybe they are not so secure. that does not come overnight. that is why van slyke today, the def con experience, this report are so important. likeat is why events today, the def con expense, this report are so important. we're trying to amplify that message nationally so there is broad recognition it is a national security problem. that it is bipartisan or non-
11:27 pm
partisan and goes across all structures. we have to wake up. at one time we thought we were invulnerable, it turns out we are vulnerable. >> go ahead. >> go ahead. >> hello. reuters. the last question on the topic is broader, more systemic vulnerabilities. recently notified hackers. -- by russian it is come out that a couple states said that is not true. what you told us was not in our election systems but maybe department or labor or something was scanned or one or two others. so i am wondering if the issue of how we run elections in america, the united states is on sort of this state, federal relationship if that is a
11:28 pm
specific vulnerability in your view that makes the united makes itre -- that more difficult to address these problems because of those tensions specifically. dhs has said it is trying to work more with the states, the states have said they are trying to work more but there is still a lot of tension in the room when they tried to discuss these ideas and figure out what really happened last year and move 2020.d to 2018 and how does that relationship between dhs, the states, and the federal government improve going forward? forward, dhs working with the states has agreed that there will be eight much more invigorated process for notification and information sharing. they've agreed they will create what is called elections information sharing capability analysis.
11:29 pm
results on that collaboration and coordination will go a long way to resolving some of what i saw were the problems of the past. i think a lot of the problems of the past were if i could describe, there were technical activities that were recognized and the technical community within different organizations were notified. now, that happens every day. that happens every day so it was the tie to the elections and as out,sador lute pointed we've woken to the new significance to some of these potential threat patterns and i think that caused some of the confusion, is that at the time was anrecognized there activity but it was viewed as a event.the-mill, everyday it was only in retrospect when it was linked to a pattern of it became tothen
11:30 pm
rise to the level of saying, ait a minute, this is campaign with a particular objective and then i think all early communications sort of got sort of lost and so i been going forward there's a commitment to say, all right, we just need to make sure we're those keyith and localrs in state governments with elections responsibility and not just the technical community. helps a little bit. .> in the back >> thank you very much. much, def con, for the work you've done and all who have collaborated. i have an historical question related to the supply chain. year butnow the exact it was roughly about eight years ago when an individual -- mine -- colleague of came, after a trip to china, and thought waswhat he
11:31 pm
equipment being manufactured at a location in p.r.c. basebutted a and i told him to report that to proper authorities and linked him on that. i'm wondering if anyone knows situation.out that i think diebold is out of the business now but the idea that is being manufactured and ifuntry like china any analysis, do we have any thatsis of any equipment doctored, say, specifically doctored for the were exercising an option if they chose to affect an election. two things to. that one is when you look at holes, it's full of hard to understand are the holes or is it just
11:32 pm
because it's just sloppy, it's quality. dumb -- are not adversaries are not done, they'll make sure that if there number of problems, one is their back door in and if they're caught, they'll say of problems here, it's hard to tell if that problem was intentionally put there to be used or not. only once you get to really highly secure systems where the are so few that you can tell that's a sophisticated back door, you can have this conversation but at this level of technology, you know, they probably don't have to install anything specific ofause it's already so full problems. one of the exemptions with the dmca, though, prohibits us from sharing -- so researchers got the machines. they dumped the software in a lot of these machines but a prohibition for
11:33 pm
copyright where you can't just publish the software dumps. can you look at them, analyze them foryou can't post anybody to download so we're a little bit hampered because you to get your own machine, dump your own software, analyze your own software and you foundorld what without releasing the software but some people are doing that and they're going through the there anyng for, are signs that binary's been tampered with or weird functions that don't make sense but it's would like as we because we can't share it to a larger community to get a widespread analysis. harry had an interesting find on one of the taiwan machines. so, first of all, one of the which is from diebold actually says manufactured from taiwan. find the company to find that their main -- well, listed production facility is in china so that's
11:34 pm
manufactured there. more to this point, second, jeff, in this area, for the whole i'm i have been working is almost impossible to make any kind of reasonable educates about whether you are looking incompetence or malice. you want to think it's incompetence. so many things where you really in the findings you say, what would be the legal use for this feature? what would be the reason you this?do the answer's always, it's a test feature. would like to point out -- by the way, coming from because i wasn't planning to do a live demo here because of the time we have. i want to point out that hardware is the new software. mentally think that software is cheap and hardware of dollars of
11:35 pm
production costs and what-not. ins is a whole computer made chenshown. starter withck 98,000 funding which was already $4 each.sold this is a server with capabilities. this is the other computer you need. actually, the computer, physical in one-eighth of an inch thick. not anymore something which is expensive. the other thing is, electronics something you could inspect, you can understand. be fairly reasonable whatcap the chip and look the chip is inside. today, it's not anymore. are no anymore designed by
11:36 pm
humans. the microchips are designed by you write that chip as a form of software. is today, whether you have a chip which you don't itw who designed it and how made theetched, who maps, you don't know what the chip is going to do and a very features areidden found. recently, we all learned from to have a hidden processor capability inside the processor. recently it was found that one the biggest manufacturers of aips for cars, they have hidden processor inside the processor and nobody has an comesation where the code to that person and that person the memory so if you control that, the game is over. so we are in a situation where it's really -- the ability of machines are gone.
11:37 pm
you cannot audit the machine. the results and i think the results matter and really when we look in the thingon, it's a good to -- especially when we're about voter registration and also american election is so cannot that you really go hand count. you have to use technology. the key there is audit. audit the results. make sure that the results make sense. think they're absolutely certain the result is why not audit it? if you don't audit, you don't know what is the result. really today, in next four years there will be no machine where anyone in this i absolutely guarantee that will be honest what it'sing exactly supposed to do because you cannot make that promise. it's unfeasible. you can make the best effort but you cannot give a guarantee. important. very
11:38 pm
>> to your basic question, we did find there were parts made in china in most or all of the machines. sherry, do you want to comment -- should we care about that? a former nation state hacker hat on? >> we absolutely should care about that. and even if we didn't care about the nation state, individuals and sold and so we should absolutely care about manufactured in the u.s. i don't think we could be absolutely sure they're today the bulk of the not manufactured in the u.s. and it's almost impossible to audit the chips. even random selection, they're too complicated. thisjust hard to say, yes, chip is built exactly like it was designed and like it was meant and it works exactly like supposed to. >> you would want the machines manufactured by companies with a of secure record
11:39 pm
operations, secure software cycles, hiringe good secure teams, being transparent and open and all of that is lacking. the kind of companies we rely on for other dimensions of national security communications, control of nuclear weapons. we don't just outsource this material. this is done through a very strict chain of reliable suppliers and that just simply does not apply today to the election process. >> and in fact, if you look look at the want to d.o.d. as an example, they've started down a path by trying to a secure foundry for some of the weapons systems, not enough for all of them, but to weually build chips that -- have more faith that they'll work and do the function the way they're supposed to. we have a question from handle. def con >> yes. live streaming this
11:40 pm
on the voting village twitter page and the report is downloadable on is ifestion from twitter securing democracy involves a federal bipartisan effort, are optimistic it will be found in congress? >> they said that in 140 characters? >> so i've learned not to make such predictions. ok. but part of the story today and part of the story in this report that this is not just a state and local problem. governmentfederal problem. a national security problem, a national security the trackity and record at the federal level is opening national security issues is that there is bipartisan support. i think there's a long track of comingstory
11:41 pm
together when the nation's at risk and that's what we're on >> thanks to the atlantic they brought a bipartisan group of members of congress to the voting village. heard, republican from texas, did a facebook live and there said it's not a democrat or republican issue but a national issue and we're going to homeland security to brief them on the findings of this report ran by a obviously, republican administration, have been taking it very seriously been veryst i have impressed with their response to this so far. there, rebecca kaplan with cbs news. i wanted to know if the results where you saw def con caused you acceptedon the widely
11:42 pm
conclusion that no votes were tampered with during the 2016 election even though there is admission that databases with were hacked.ation back to 2007 when we did the study for state ohio, back then, bonnerretary attorney asked me, well, there has been never a documented incidence votes have been changed during the real election and my answer was, please continue this method and that will remain to be true forever machines don't have capability of providing you if --ic evidence to see they cannot prove they were honest. they cannot prove they have been hacked. don't have the basic capabilities of providing you that forensic evidence, that data. you can see that the
11:43 pm
machine was hacked is that the be found thatd to it was hacked. that's the sad truth. so anyone who says i have or another,one way that's an opinion. is, it can be done without leaving trace. >> as i mentioned in my remarks, this effort represented here on the stage is not about the forensics from last year in actually affecting the results. we're going to let the federal government deal with that problem. we know enough, however, at this point, to be concerned enough to forward towards best practices because at least 14 states are at least somewhat reliant still on these kinds of machines and what we know from d.h.s. published report, some 20 states -- there were at probes at the registration databases in at least 20 states. enough for us to get moving and that's what this group is going to do. running over so this
11:44 pm
will be the last one. go ahead. marks.joe for anyone interested, the congress considers extending the dmca exemption right now. there particular things you would like them to rewrite in it to give you broader room to there anynd is concerted effort, either commenting or otherwise, to try to do that? good question.a so i think in the original dmca safe harbor provision for reverse engineering for security purposes. was never litigated or was a validied what security purpose and none of the researcher wanted to be the test for that. so a lot of people tiptoed inund and dipped their toe and had several friends who have been intimidated and their dmcarch shut down by
11:45 pm
threat. it's common in the security conference world to have your talks pulled at the last second because the manufacturer threatens them with a lawsuit. specifick the exemption was for electronic voting machine technology and pretty clearly written. i think matt blaze and coalition of academics were active in the workedet correct -- wording correct. that should be permanent but issue,just one electronic voting. what about automobiles? what about other life safety systems? they shouldn't be, like, well, on carsears i'm working and that one will expire and in three years i'll do automobiles and then back to cars when that exemption starts again. a concertedve ability for the nation's researchers to search and find sued intoar of being sued oblivion, to find problems in software that all of us use and trying to solve the
11:46 pm
exploits. they're trying to basically provide a public service. it should be like a public benefit corporation, there a shield for public benefit research, especially the you work with manufacturer to get the problems fixed. an act of congress to protect us. the library ofn congress. >> we'll wrap up after -- are to protectws proprietary information and trade secrets. you design software, usually big part of that trade specification, how the software is going to run. that in thee election world, the specification is the statues and laws. a why we are protecting where the fulfilled the
11:47 pm
law from information if they're fulfilling the statues and the laws. right now, i want to really con, we didn't have the back end system. we didn't run an election. we affect the system in a most fundamental level. we went to the basement and see if we can turn the lights on and off and we found we can. the conclusion of that is we of things done a lot on the upper layers which is the actual election but we didn't do that because we didn't have the back end system. i'm not a u.s. citizen. i'm a european. come from a little bit different culture in that way incomprehensible for me protected and why there is barriers for inspection fulfillingystem is the law and protections stopping researchers to verify that the are selling what they
11:48 pm
claim to be selling. thank you all very much. [applause] [captions performed by national captioning institute] [captions copyright national 2017]satellite corp. >> tomorrow on capitol hill, a look at proposals to update the nation's infrastructure. we have live coverage from the house subcommittee at 10:00 a.m. eastern on c-span2. a hearing onter the opioid crisis from the house subcommittee on
11:49 pm
health underway at 10:15 eastern on c-span3. house afternoon, two foreign affairs subcommittees hold hearings. the subcommittee on middle east and north africa looks at u.s. live onoward lebanon, c-span3. on c-span2, the subcommittee on funding on state departments and departments on continent, live hearings on both at 2:00 p.m. eastern. was devastating for him at the end. he was really in some ways isolated and alone. sunday night on "q&a," author emeritus atr college, william taubma and his biography on gorbachev. them tousted democratize their country in a he trustedears and
11:50 pm
movedo follow him as he the economy to a market economy and as he made peace in the cold states.nst the united so he trusted them too much, it turned out. easterny night at 8:00 on c-span's "q&a". >> next, we take you to new jersey where they are less than vote toaway from a replace incumbent governor, chris christie. earlier tonight, lt. governor gaudango took on democrat phil murphy in a debate at the center for performing arts in newark. runs an hour. announcer: from the new jersey performing arts center in jersey, welcome to the 2017 new jersey gubernatorial debate. brought to you by the new jersey performing arts


info Stream Only

Uploaded by TV Archive on