(Reuters) – An 11-year-old boy managed to hack into a replica of Florida’s election results website in 10 minutes and change names and tallies during a hackers convention, organizers said, stoking concerns about security ahead of nationwide votes.
The boy was the quickest of 35 children, ages 6 to 17, who all eventually hacked into copies of the websites of six swing states during the three-day Def Con security convention over the weekend, the event said on Twitter on Tuesday.
The event was meant to test the strength of U.S. election infrastructure and details of the vulnerabilities would be passed onto the states, it added.
The National Association of Secretaries of State – who are responsible for tallying votes – said it welcomed the convention’s efforts. But it said the actual systems used by states would have additional protections.
“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,” the association said.
The hacking demonstration came as concerns swirl about election system vulnerabilities before mid-term state and federal elections.
U.S President Donald Trump’s national security team warned two weeks ago that Russia had launched “pervasive” efforts to interfere in the November polls.
Participants at the convention changed party names and added as many as 12 billion votes to candidates, the event said.
“Candidate names were changed to ‘Bob Da Builder’ and ‘Richard Nixon’s head’,” the convention tweeted.
The convention linked to what it said was the Twitter account of the winning boy – named there as Emmett Brewer from Austin, Texas.
A screenshot posted on the account showed he had managed to change the name of the winning candidate on the replica Florida website to his own and gave himself billions of votes.
The convention’s “Voting Village” also aimed to expose security issues in other systems such as digital poll books and memory-card readers.
Mark Earley, the elections supervisor in Leon County who is a cybersecurity liaison between state and local officials, questioned how outsiders could obtain the security protocols used by Florida if they weren’t already behind the system’s firewalls. He said that all this “hacking noise” and “misinformation plays into the hands of the folks who are trying to undermine democracy.”
Jeff Kosseff, a lawyer and assistant professor at the United States Naval Academy Cyber Studies Department, said states are struggling with election security threats. He said they should work with outsiders in order to see if there are flaws in their systems.
“All states should look at this as a wake-up call,” Kosseff said. “What were the shortcomings identified and how they can fix it. I don’t think it should be an adversarial.”