I’ll have the keys to open voting machines utilized in states throughout the nation, and that’s not a very good factor.

I’m not an election official. I’m not a voting machine skilled, operator, or in any other case affiliated with any federal, state or native authorities company.

I’m merely an investigative journalist who, upon studying that the varieties of keys used for these machines are apparently broadly out there for buy on the Web, was prudent sufficient to ask to take a number of keys dwelling as souvenirs from my latest journey to the DEF CON 27 Hacking Convention in Las Vegas.

Keys that open election gear, like voting machines, are apparently out there for buy on web sites like Amazon, since they make the most of locks that pair with common-shape keys. Harry Hursti, organizer of the DEF CON Hacking Convention “Voting Village,” had a bag of such keys on-hand to point out attendees how susceptible the locks on some voting machines will be. (Fox Information)

Now, I’ve entry to machines which have been used or are presently in-use in 35 totally different states. Swing-states, coastal icons and the heartland, specialists say. The best and possibly most annoying SWAG ever, hands-down.


“These are the keys to the dominion,” explains Harri Hursti, a hacker and knowledge safety skilled with Nordic Innovation Labs. Hursti, who helped set up the DEF CON “Voting Village,” was talking each actually and metaphorically, since a few of these keys really open the reminiscence card enclosure on sure machines. 

The issue, Hursti says, is that most of the locks used for these machines work with fundamental keys that may be simply changed over time, or within the occasion they’re misplaced. A few of the keys are so common that they not solely open voting machines, but additionally mini-bars and even some elevators.

Fox News obtained keys at the DEF CON 27 Hacking Conference that are widely available for purchase, and that apparently open various types of U.S. election equipment past and present. The above animation shows the states where the keys Fox was given can apparently open such machines. (Data Source: DEF CON Voting Village 2019)

Fox Information obtained keys on the DEF CON 27 Hacking Convention which are broadly out there for buy, and that apparently open varied varieties of U.S. election gear previous and current. The above animation reveals the states the place the keys Fox was given can apparently open such machines. (Knowledge Supply: DEF CON Voting Village 2019)

Ordering what’s successfully a skeleton key off of Amazon shouldn’t be the sort of “hacking” you would possibly consider at a spot like DEF CON’s Voting Village, or when brainstorming the doable vulnerabilities of the supposedly safe gear utilized in U.S. elections usually. However right here we’re.

Certainly, the varieties of keys I used to be proven on the DEF CON “Voting Village” can be found on websites like Amazon, eBay and others, as Hursti advised.


“This [machine] is utilized in 18 totally different states, many alternative swing-states. You may disrupt the poll, you may make it say one thing it’s not alleged to say. And that’s undermining our democracy.”

— Rachel Tobac, CEO SocialProof Safety

Positive, I realized about loads of different digital backdoors and different disturbing vulnerabilities regarding U.S. election gear at DEF CON. Just like the “hidden characteristic” that Hursti says was solely just lately found in a machine that’s been in use and underneath the microscope for greater than a decade.

“A hidden characteristic that allows you to reopen the polls silently, and insert extra ballots and print the brand new proof of the election,” Hursti says. And regardless of believing that the producers had realized from beforehand uncovered vulnerabilities on that machine over time, “these [newly discovered] options had been missed” your complete time, Hursti says.

I watched Hursti clarify this new discovery to Rep. Eric Swalwell, D-Calif., one of many quite a few lawmakers who attended this yr’s DEF CON, and whose face appeared to drop upon studying of the brand new revelation. That’s seemingly as a result of this specific machine has been in use in his dwelling state of California for years.

There was a workforce of scholars who rigged two totally different machines to play the retro basic “PONG” with one another from throughout the room. A distinct group of researchers was capable of hack a chunk of apparatus, beforehand used to check-in and confirm voters on Election Day, to run the eponymous online game, “DOOM.”


That latter machine utilized a generally out there pill with each ahead and rear-facing cameras. A media consultant for Election Programs & Software program (ES&S), one of many corporations behind that exact piece of apparatus and others at DEF CON, stated “voting machines haven’t got cameras. Maybe you’re referencing our earlier model of e-pollbook, used to verify in and confirm voters.”

These tablets, they stated, had been solely used “in sure states to hurry up the voter check-in course of,” and that their gear “doesn’t {photograph} voters or forged ballots, and there’s no means the poll will be tied to the voter at registration.”

You may resolve how reassured you’re by these statements in the event you ever end up staring a webcam within the face whereas checking-in on Election Day.

One voting machine was found to have a password of “1111.” Higher than the voter ID machine with NO password. 

And I watched as one more voting machine was bodily dismantled, reminiscence card and all, with simply fingernails and a ballpoint pen. Rachel Tobac, CEO of SocialProof Safety, an organization that focuses on “social engineering” and safety assessments, walked me via that final course of in lower than 90 seconds. And this was solely her second yr of hacking voting machines.

Within the “children space” at DEF CON, generally known as the “r00tz Asylum,” youngsters barely out of center faculty had hacked a simulated marketing campaign contributions web site to disclose donations from a deep-pocket donor named “spaghetti.” Jokes apart, the ability to vary the names and quantities of political donations on official state web sites is not any laughing matter.

A simulated campaign contributions website is hacked by children at the DEF CON 27 Hacking Conference "r00tz Asylum" kids area in Las Vegas. The simulated website was hacked to reveal a deep-pocket donor named "spaghetti." (Fox News)

A simulated marketing campaign contributions web site is hacked by youngsters on the DEF CON 27 Hacking Convention “r00tz Asylum” children space in Las Vegas. The simulated web site was hacked to disclose a deep-pocket donor named “spaghetti.” (Fox Information)


There have been indicators that a few of the issues with U.S. election gear are being addressed, just like the considerably bigger contingent of lawmakers at this yr’s DEF CON, in addition to election officers and even congressional staffers from each side of the aisle. Or the truth that greater than a dozen precise voting machines had been out there for tinkering at this yr’s Voting Village, a few of them by the producers themselves.

Dominion Voting, one other firm that produces election gear, “despatched representatives and demo gear to DEF CON this yr within the hopes of discovering extra methods to work with researchers and white hat hackers,” in response to a consultant.

One outstanding member of the hacking group at DEF CON instructed Fox that they felt as if the Voting Village’s “scorched earth” method of dismantling voting machines in a public house could not be the easiest way to encourage a public dialogue with the businesses behind the tech. That very same individual stated it is an excellent signal that there have been apparently representatives from no less than one such firm at DEF CON this yr, with gear in tow. In addition they admitted that having election gear that makes use of grasp keys bought on the Web looks as if an apparent and simply fixable drawback.

There are additionally technological developments being researched to try to make the voting system safer, like a brand new $10 million machine funded by the DoD, and the idea of mixing blockchain expertise with paper ballots – a federal elections Frankenstein that’s no less than three elections away from changing into a doable actuality, in response to folks engaged on the venture.

A piece of U.S. elections equipment is hacked at the DEF CON 27 Voting VIllage in Las Vegas to show an animated "Nyan Cat," among other things.(Fox News)

A bit of U.S. elections gear is hacked on the DEF CON 27 Voting VIllage in Las Vegas to point out an animated “Nyan Cat,” amongst different issues.(Fox Information)

Relating to a few of the claims rising from this yr’s election hacking festivities, Dominion’s consultant stated the corporate would “want to have the ability to evaluate the total report from DEF CON earlier than responding to any claims or inquiries.”

On the problems of locks and keys, and whether or not they assist the efforts that go on at a spot like DEF CON, ES&S defined to Fox that the corporate “submits its gear to testing by unbiased safety researchers and proactively seeks to work with unbiased specialists in election safety,” along with partnering with the likes of the Division of Homeland Safety. They added that there are extra safeguards in place past the apparent locks themselves.

And whereas ES&S additionally advised that there isn’t any proof {that a} vote in a U.S. election has ever been compromised by a cybersecurity breach, Tobac and numerous others at DEF CON this yr made it clear that point is of the essence relating to fixing the obvious issues that stay with a few of this gear.


“This [machine] is utilized in 18 totally different states, many alternative swing-states,” Tobac says. “You may disrupt the poll, you may make it say one thing it’s not alleged to say. And that’s undermining our democracy,” she added.

Loads extra protection to return from my inaugural journey to DEF CON. Bought a tip for me, DEF CON-related or in any other case? Ship me a DM on Twitter, @_gonzoAD, or discover me on Sign – alexdiaz36.