11-year-old hacks replica of Florida state website, changes election results

Show Caption Hide Caption 11-year-old hacks into replica US voting website in 10 minutes An 11-year-old boy just hacked into an imitation State Voting Website in less than 10 minutes and he wasn’t the only one.

The safety of our election systems didn't exactly earn a vote of confidence following this weekend's DefCon hacking conference in Las Vegas. One session reportedly featured an 11-year-old who successfully hacked into a replica of the website used by the Florida Secretary of State to report election results and changed them.

It took the young hacker only 10 minutes to break in and gain access.

The child took part in a DefCon Voting Machine Hacking Village, PBS reports, where kids as young as eight years old attempted to access replica web pages and change information.

"These websites are so easy to hack we couldn’t give them to adult hackers — they’d be laughed off the stage," said Jake Braun, a former White House liaison for the Department of Homeland Security in an interview with ABC News. Braun said the conference invited younger hackers to DefCon because it would be a "waste of time" showcasing experts hacking these sites.

In a statement to USA TODAY, the Florida Department of State, which oversees elections, said that the mock site used by DefCon likely had few, if any, security measures in place and thus was not a real-life scenario as it did not take into account the state-of-the-art security measures the department uses to prevent hacking attempts from being successful.

The Department further noted that the mock site was only used to publish preliminary, unofficial results and was not connected to vote counting equipment and thus couldn’t change actual election results.

In response, Braun said that the group had been clear that the sites the children attempted to hack into were replica websites, not the real ones.

However, he also noted that the cybersecurity community is very aware that it is impossible to defend a website from a determined nation state attack.

“What's more disconcerting is that none of the guidelines for election security that have come out since 2016 say anything about what state and local election officials should do if the most vulnerable component of the voting infrastructure, their website, was hacked on Election Day,” he said.

To truly prove that Florida’s election website is as strong as the state says it is, Braun offered to have the group’s adult hackers try to hack into it.

“If we can't get in, we will give [the Florida Secretary of State] huge props and tweet out to our all our followers that we couldn't hack his site or if they are successful in hacking his website we will still give him huge props on Twitter for taking security seriously and we will share all found vulnerabilities so that Florida can improve the security of their elections," he said.

In a statement, the National Association for Secretaries of State questioned the hacking village events, claiming they don't realistically portray a scenario where these machines could be accessed.

"Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use, does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day," said NASS.

Meanwhile, ES&S — the company that provides election equipment across the U.S. — emailed customers assuring their machines were safe, Buzzfeed reports.

"Physical security measures make it extremely unlikely that an unauthorized person, or a person with malicious intent, could ever access a voting machine," read the email.

This is not the first time DefCon has tackled election security. Last year, it took attendees less than a day to successfully find and exploit flaws in five different types of voting machines.

More: Could your Google Home leak your location to hackers?

More: Hacks of Macs, Microsoft Cortana show why you should install updates