Win. Votes were decertified by Virginias election board in 2. American voting systems are largely cobbled together with antiquated technology. Voting machines can vary by state and county, and have to be certified by the Election Assistance Commission. But other devices, like the electronic poll books used in some jurisdictions to check in voters at their polling stations, arent subject to the certification process. Add in the voter registration databases themselveswhich were reportedly breached in 3. The machines are mostly new to the hackers at DEF CON. Theyre not very much fun, theyre like very boring ATMs, Hall joked. Best Hacking Forums In The World' title='Best Hacking Forums In The World' />Its obvious that election systems arent very secure, but its important to understand why the security problems exist in the first place, and why theyre so hard to fix. The security industry encourages regular software updates to patch bugs and keep machines as impenetrable as possible. But updating the machines used in voting systems isnt as easy as installing a patch because the machines are subject to strict certification rules. Any major software update would require the state to redo its certification process. It costs over 1 million to get certified, Joshua Franklin, a security specialist with the National Institute of Standards and Technologys cybersecurity and privacy application unit, explained to attendees. Franklin said that even though the Election Assistance Commissions most recent election security standards were released in 2. The cost breaks down to about 3. Tom Stanionis, an IT manager for a county election agency in California who attended the village in his personal capacity. Most states just dont have the money. Whats hundreds of miles between networked friendsThe reality is, weve known about issues with voting machines for a long time, Stanionis told Gizmodo. Since purchasing brand new systems is out of the question, Stanionis said most states do their best to protect the systems they have, walling them off from the internet and storing them securely when theyre not being used. The rat king of decentralized state vendors and machines might actually be a good defense during a general electionit would force hackers to successfully target many disparate systems. It would be really hard in most jurisdictions to do anything to affect the voting machines, Stanionis said. Difficult doesnt mean impossible, though, and thats what DEF CONs hackers have set out to prove. If a hacker tucked away in a corner of a Las Vegas casino can alter a vote count, then surely a nation state attacker can too. The thing you have to ask about any new technology is, compared with the technology that proceeded it, does this make that threat easier or harder Does it make us better off or worse off Blaze told attendees. Does whatever the technology were using make this threat an easier threat or a tougher threatThats the question we havent really been sharply asking for very long. Email security and beyond. Robby Mook, the former manager of Hillary Clintons presidential campaign, is at DEF CON for the first time, and you can kind of tellhe looks a bit too clean cut for a conference often filled with hoodie wearing hackers. But hes got experience being targeted by nation state hackers that few other attendees can claim. Although hackers were hard at work down the hall figuring out how to alter vote tallies, Mook said he was still mostly worried about getting campaign workers to secure their email accounts with two factor authentication and stop retaining data for longer than necessary. Its much more a matter of culture and education than it is of spending enormous resources, Mook told Gizmodo. People in the security community know a lot of things instinctually that a campaign professional has never had exposure to, ever. Public confidence in elections is what gives government legitimacy. Mook, along with former Mitt Romney campaign manager Matt Rhoades and former Assistant Secretary of Defense Eric Rosenbach, launched an initiative at Harvard University earlier this summer focused on providing security resources to campaigns and election officials. The Defending Digital Democracy project received a founding investment from Facebook, and executives from the social network as well as Google and Crowd. Strike are helping establish an information sharing organization that will give political committees and campaigns quick access to threat intelligence. If you pull aside any campaign manager and say, Do you want to get hacked theyd say no, Mook told DEF CON attendees. While the world is fixated on its nuclear missiles, North Korea has also developed a cyberattack program that is stealing millions and unleashing havoc.