Announcement

Collapse
No announcement yet.

New for DEF CON 25, Voting Machine Hacking Village

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    VOTING VILLAGE SPEAKING TRACK
    When: Friday, 10:00 to 17:00
    Where: Roman 1 on the Promenade Level.

    10:00 - 10:45 Barbara Simons, Chairwoman, Verified Voting
    An election system is much more than the voting machine or the booth, overview of the election IT systems, the threat models and procedural safeguards.
    Barbara Simons is a computer scientist and past president of the Association for Computing Machinery (ACM). She is founder and former Chair of USACM, the ACM U.S. Public Policy Committee. Her main areas of research are compiler optimization and scheduling theory. Together with Douglas W. Jones, Simons co- authored a book on electronic voting entitled Broken Ballots.
    Since at least 2002 Simons has been a critic of unauditable electronic voting and is generally credited as a key player in getting the League of Women Voters to change its stance on this issue. Initially the League had seen electronic voting mainly as a way to minimize invalidly cast ballots, but at their June 2004 convention she led a successful fight to get this policy reversed to one of giving priority to voting machines that are “recountable”.
    She was a member of the National Workshop on Internet Voting that was convened at the request of President Clinton and produced a report on Internet Voting in 2001. She also participated on the Security Peer Review Group for the US Department of Defense’s Internet voting project (SERVE) and co-authored the report that led to the cancellation of SERVE because of security concerns. Simons co-chaired the ACM study of statewide databases of registered voters. She recently co-authored the League of Women Voters report on election auditing. In 2008 she was appointed to the Election Assistance Commission Board of Advisors by Senator Harry Reid

    11:00 - 11:45 Introduction into hacking the equipment in the village.

    12:00 - 12:45 Joe Hall Legal considerations of hacking election machines.

    13:00 - 13:45 Harri Hurst Brief history of election machine hacking and lessons learned so far and why it is hard to tell the difference between incompetence and malice.
    Harri Hursti is a Finnish computer programmer and former Chairman of the Board and co-founder of ROMmon where he supervised in the development of the world’s smallest 2 gigabit traffic analysis product that was later acquired by F-Secure Corporation.
    Hursti is well known for participating in the Black Box Voting hack studies, along with Dr. Herbert “Hugh” Thompson. The memory card hack demonstrated in Leon County is popularly known as “the Hursti Hack”. This hack was part of a series of four voting machine hacking tests organized by the nonprofit election watchdog group Black Box Voting in collaboration with the producers of HBO documentary, Hacking Democracy. The studies proved serious security flaws in the voting systems of Diebold Election Systems.

    14:00 - 14:45 General Doug Lute, Former U.S. Ambassador to NATO.
    The governments can be changed by bullets or ballots, International and domestic interest to interfere.
    General Douglas Lute is a U.S. public servant who served as the United States Permanent Representative to NATO from 2013 to 2017.

    15:00 - 15:45 Common misconceptions and false parallels about voting technology. We can do online banking and use ATMs, why can’t we vote on touch screens or online?

    16:00 - 16:45 Matt Blaze How did we get here: A history of voting technology, hanging chads, and the Help America Vote Act. I’ll bring a punch card machine and demo what can go wrong with it.

    The Village Hacking space will be open:
    Friday 1000 – 2000
    Saturday 1000 – 2000
    Sunday 1000 - 1500
    The Dark Tangent: Use PGP Key ID: 0x5D2405E5 for sending me email
    PGP Fingerprint: D121 EAAE D1B6 3D2E A0B1 953F FFAF A718 5D24 05E5

    Comment


    • #17
      Updated 7/17 at 12:30 pm ET

      ****
      The Village Hacking space will be open:
      Friday 1000 – 2000
      Saturday 1000 – 2000
      Sunday 1000 - 1500

      VOTING VILLAGE SPEAKING TRACK (AS OF 7/18)
      When: Friday, 10:00 to 17:45
      Where: Roman 1 on the Promenade Level


      Ongoing (all day in the Village):
      Introduction into hacking the equipment in the village
      Speakers:
      • Sandy Clark, University of Pennsylvania
      • Harri Hursti, Subject Matter Expert & co-founder of Nordic Innovation Labs
      • Matt Blaze, Cryptographer & Associate Professor of Computer & Information Science at University of Pennsylvania
      ---

      10:00 - 10:45

      An election system is much more than the voting machine or the booth. This session will provide an overview to election IT systems and equipment, the threat models and vulnerabilities, and procedural safeguards that can be utilized to make elections more secure.
      Speakers:
      • Barbara Simons, President, Verified Voting
      • David Jefferson, Board Member, Verified Voting
      ---

      11:00 - 11:45

      As NIST works to develop the next version of the Voluntary Voting System Guidelines, this session will examine the current standards and the considerations moving forward.
      Speakers:
      • Josh Franklin, National Institute of Standards & Technology, Cybersecurity & Privacy Application Unit
      • Mary Brady, National Institute of Standards & Technology (NIST), Voting Manager
      ---

      12:00 - 12:45
      Session on legal considerations of hacking election machines
      Speakers:
      • Joseph Hall, Chief Technologist and Director of the Internet Architecture project at the Center for Democracy & Technology
      • David Jefferson, Board Member, Verified Voting
      • Candice Hoke, Legal Expert & Founder of the Center for Election Integrity
      ---

      13:00 - 13:45
      This session will examine the brief history of election machine hacking and lessons learned so far -- and why it is hard to tell the difference between incompetence and malice.
      Speakers:
      • Harri Hursti, Subject Matter Expert & co-founder of Nordic Innovation Labs
      ---

      14:00 - 14:45
      What are the national security implications of cyber attacks on our voting systems? What are the motivations of our adversaries, and how should the U.S. respond to the threat?
      Speaker:
      • General Douglas Lute, Former U.S. Ambassador to NATO
      ---

      15:00 - 15:45
      Common misconceptions and false parallels about voting technology. We can do online banking and use ATMs, why can’t we vote on touch screens or online?
      Speaker:
      • Joseph Hall, Chief Technologist and Director of the Internet Architecture project at the Center for Democracy & Technology
      ---

      16:00 - 16:45
      How did we get here? A history of voting technology, hanging chads, and the Help America Vote Act. This segment will feature a punch card machine and demo what can go wrong with it.
      Speaker:
      • Matt Blaze, Cryptographer & Associate Professor of Computer & Information Science at University of Pennsylvania
      ---

      17:00- 17:45
      PANEL: Securing the Election Office: A Local Response to a Global Threat
      Election administration is fundamentally (and constitutionally) the responsibility of state and local governments. But as news comes to light about Russians hacking voter databases in dozens of states, the issue is elevated to a level of federal, homeland security. In a panel featuring officials from both sides of the aisle, this session will examine the challenges and needs of governors, secretaries of state, clerks, and others working in this brave new world trying to keep our elections safe and secure.

      Confirmed Panelists:
      • Panel Moderated by Jake Braun, CEO of Cambridge Global Advisors & Former White House DHS Liaison
      • Erik Kamerling, Senior Director, Cyber Security Technology at Center for Internet Security / MS-ISA
      • David Forscey, Policy Analyst, Homeland Security & Public Safety Division, National Governors Association
      Last edited by JaclynHouser; 07-18-2017, 12:29 PM.

      Comment


      • #18
        Updated 7/17 at 12:30 pm ET

        Voting Village Speaker Bios:

        Matt Blaze, Cryptographer & Associate Professor of Computer & Information Science at University of Pennsylvania
        Matt Blaze is a professor at the University of Pennsylvania, where he directs the Distributed Systems Lab and conducts research in security, privacy, surveillance, cryptography, scale, and the relationship between technology and public policy. His work has included the discovery of fundamental flaws in the Clipper chip and other surveillance systems, foundational work in network security, file encryption, trust management and two way radio security, and security evaluations of major electronic voting systems in used in the US.
        ---
        Mary Brady, Manager of the Information Systems Group, NIST
        Mary Brady is the Manager of the Information Systems Group in NIST’s Information Technology Laboratory (ITL). The Information Systems Group develops and validates novel computational methods, data/knowledge mining tools, and semantic services using systems-based approaches, to advance measurement science and standards in areas such as complex biological systems, translational medicine, materials discovery, and voting, thus improving the transparency and efficacy of decision support systems.

        Mary Brady also serves as the Manager for the NIST Voting Program. The NIST Voting Program aims to improve the accuracy, reliability, usability, accessibility, and security of voting systems used in federal elections for both domestic and overseas voters. NIST has on-going efforts in enabling the accelerated development and harmonization of standards for voting technologies, developing data exchange standards to enable plug-and-play interoperability among voting system components, creating a voting technology testing infrastructure, applying software assurance and testing to improve voting systems while reducing the overall cost of testing, and supporting the usability and accessibility of voting technologies.

        Prior to this assignment, she was on detail as the Program Manager of the Information Discovery, Use and Sharing Program in NIST’s Information Technology Laboratory and as the Senior Program Analyst in the Office of the Director. Previous work includes serving as a technical project leader in a variety of computer science areas, including web technologies, computer graphics, agent technologies, network management, and systems analysis.
        ---
        Sandy Clark, Computer Science, University of Pennsylvania
        Sandy Clark is a graduate Student(Ph.D.) in computer and information science at the University of Pennsylvania. Her research focuses on computer security and privacy, with an emphasis on computer security as an ecosystem. Much of her work explores solutions to computer security problems from non-traditional disciplines. She also focuses on software security, user and data privacy, anonymity, computer human interaction, ethics, and cybercrime, malware evolution and the security arms race. Most recently, her works have also focused on the interaction of technology with law, governmental regulation, and international affairs.
        ---
        Joshua Franklin, Security Engineer, NIST
        Joshua M Franklin is a security engineer at the National Institute of Standards and Technology (NIST), and has over a decade of experience in the elections community. At NIST, Joshua focuses on electronic voting, enterprise mobility, and telecommunications. He also co-chairs the Election Cybersecurity Working Group, creating the security principles for the next generation of electronic voting systems. As an independent researcher, Joshua has also tackled election cybercrime issues, including identifying fraudulent campaign websites surreptitiously redirecting political contributions. Prior to joining NIST in 2012, Joshua worked at the US Election Assistance Commission where he gathered extensive experience with voting technologies. Before his federal service, Joshua worked at Kennesaw State University’s Center for Election Systems providing voting system support to all 159 counties in Georgia. He received a Masters of Science in Information Security and Assurance from George Mason University.
        ---
        Joseph Hall, Chief Technologist and Director of the Internet Architecture project at the Center for Democracy & Technology
        Joseph Lorenzo Hall is the Chief Technologist and Director of the Internet Architecture project at the Center for Democracy & Technology, a Washington, DC-based non-profit advocacy organization dedicated to ensuring the internet remains open, innovative and free. Hall’s work focuses on the intersection of technology, law, and policy, working to ensure that technical considerations are appropriately embedded into legal and policy instruments. Supporting work across all of CDT’s programmatic areas, Hall provides substantive technical expertise to CDT’s programs, and interfaces externally with CDT supporters, stakeholders, academics, and technologists. Hall leads CDT’s Internet Architecture project, which focuses on embedding human rights values into core internet standards and infrastructure, engaging technologists in policy work, and producing accessible technical material for policymakers.
        ---
        Candice Hoke, Legal Expert & Co-Director of the Center for Cybersecurity & Privacy Protection
        Candice Hoke specializes in the governance of election technologies. Currently she is a law professor and Co-Director of the Center for Cybersecurity & Privacy Protection. Holding a Yale Law J.D. and a Carnegie Mellon information security degree, she is currently working on adapting cyber risk assessment tools for election offices. She has testified before Congress and the EAC, as well as state legislative bodies on improving election technology policies. Professor Hoke served three terms on the American Bar Association’s Advisory Commission on Election Law and as Director of both the Center for Election Integrity and the Public Monitor of Cuyahoga Election Reform. She has consulted for all levels of government on election policies and technology issues, including legislative initiatives, and continues to work with print and broadcast reporters working on election related issues.
        ---
        Harri Hursti, Subject Matter Expert & Co-founder of Nordic Innovation Labs
        Mr. Harri Hursti, Founding Partner Nordic Innovation Labs, is a world-renowned data security expert, internet visionary and serial entrepreneur. He began his career as the prodigy behind the first commercial, public email and online forum system in Scandinavia. He founded his first company at the age of 13 and went on to cofound EUnet-Finland in his mid- 20’s. Today, Harri continues to innovate and find solutions to the world’s most vexing problems. He is among the world’s leading authority in the areas of election voting security and critical infrastructure and network system security. He is best known in the US for his live hack of a Diebold voting machine in HBO’s Hacking Democracy.
        ---
        David Jefferson, Board Member, Verified Voting
        Dr. David Jefferson is a visiting computer scientist at Lawrence Livermore National Laboratory, where he works on supercomputing applications. But he has also been active in research at the intersection of the computing and public elections for well over a decade. In 1994, while at Digital Equipment Corporation, he oversaw development of the California Election Server, the first web server anywhere to provide online voter information on candidates and issues. In 1995 he helped develop, in cooperation with the California Voter Foundation, the first online database of campaign finance information ever, for the San Francisco municipal election of that year.
        ---
        Douglas Lute, former U.S. Ambassador to NATO
        Ambassador Douglas Lute is the former United States Permanent Representative to the North Atlantic Council, NATO’s standing political body. Appointed by President Obama, he assumed the Brussels-based post in 2013 and served until 2017. During this period he was instrumental in designing and implementing the 28-nation Alliance’s responses to the most severe security challenges in Europe since the end of the Cold War.

        A career Army officer, in 2010 Lute retired from active duty as a lieutenant general after 35 years of service. In 2007 President Bush named him as Assistant to the President and Deputy National Security Advisor to coordinate the wars in Iraq and Afghanistan. In 2009 he was the senior White House official retained by President Obama and his focus on the National Security Council staff shifted to South Asia. Across these two Administrations, he served a total of six years in the White House.

        Before being assigned to the White House, General Lute served as Director of Operations (J3) on the Joint Staff, overseeing U.S. military operations worldwide. From 2004 to 2006, he was Director of Operations for the United States Central Command, with responsibility for U.S. military operations in 25 countries across the Middle East, eastern Africa and Central Asia, in which over 200,000 U.S. troops operated.
        ---
        Barbara Simons, President, Verified Voting
        Barbara Simons has been on the Board of Advisors of the U.S. Election Assistance Commission since 2008. She published Broken Ballots: Will Your Vote Count?, a book on voting machines co-authored with Douglas Jones. She also co-authored the report that led to the cancellation of Department of Defense’s Internet voting project (SERVE) in 2004 because of security concerns. In 2015 she co-authored the report of the U.S. Vote Foundation entitled The Future of Voting: End-to-End Verifiable Internet Voting, which included in its conclusions that “every publicly audited, commercial Internet voting system to date is fundamentally insecure.” Simons is a former President of the Association for Computing Machinery (ACM), the oldest and largest international educational and scientific society for computing professionals. She is Board Chair of Verified Voting and is retired from IBM Research.

        VOTING VILLAGE PANEL BIOS

        Jake Braun, CEO Cambridge Global and former White House-DHS Liaison
        Jake Braun is CEO of Cambridge Global Advisors where he provides strategic direction and consulting for high profile cyber and national security initiatives. Prior to joining CGA, Mr. Braun was the Director of White House and Public Liaison for the Department of Homeland Security (DHS) where he was instrumental in the passage of the unprecedented Passenger Name Record (PNR) Agreement, one of the largest big data agreements in history. In addition, he worked on the development and implementation of the Homeland Security Advisory Council’s Task Force on CyberSkills.

        In 2009, Mr. Braun served on the Presidential Transition Team for the Obama Administration as Deputy Director for the National Security Agencies Review. Prior to that, Mr. Braun also worked as National Deputy Field Director to the 2008 Obama for America Campaign, along with multiple other federal, state and local campaigns around the nation over the years.

        Mr. Braun is a fellow at the Council on CyberSecurity and is a strategic advisor to DHS and the Pentagon on cybersecurity. He is also faculty at the University of Chicago’s Harris School of Public Policy where he teaches cybersecurity policy.
        ---
        David Forscey, Policy Analyst, Homeland Security & Public Safety Program Director, National Governors Association
        David Forscey is a Policy Analyst with the National Governors Association, where he assists governors’ offices and state agencies implement cybersecurity planning and governance. Before coming to NGA, David worked as National Security Fellow at Third Way, specializing in surveillance law and policy. He earned his law degree from Georgetown University Law Center

        ---
        Erik Kamerling, Senior Director, Cyber Security Technology at Center for Internet Security
        Mr. Kamerling is a Senior Director at The Center for Internet Security with nineteen years of experience in the fields of advisory and consulting, network security assessment, penetration testing, vulnerability research, monitoring/incident response, and fundamental security research. His role at the Center for Internet Security is to spearhead technology developments for the MSISAC. His current projects include global honeynet operations that study breaking threats that target State, Local, Territorial and Tribal entities, leading hunting and patrolling initiatives in the MSISAC, driving new capabilities in Albert network engineering, and security community outreach.

        In the past, Erik has held lead positions at Mandiant, Symantec, RSA, and the SANS Institute. He enjoys writing and research on cyber intelligence topics and has driven the development of keynote speeches, research presentations, course-ware, advisories, papers, and hacking and penetration testing classes taught in a variety of venues.


        Last edited by JaclynHouser; 07-18-2017, 12:30 PM.

        Comment


        • #19
          Hi there, I'm interested in improving the security of voting systems in my county. Do you know where I can find information about all of the machines that were compromised, and what a compromise would entail? (Physical access to the device, wifi access, &c). Ideally I could go to the Board of Supervisors or the County Election Board and say something like, "The machines that you use are vulnerable to hacking by [anyone driving by/anyone who votes on a machine], and here's what you should use instead."

          So far all I can find is a list of voting machines and a bunch of stories about how they were all compromised, without specifics.

          Comment


          • #20
            Wow, DEF CON 25 was amazing, and the VMHV went way beyond expectations.

            We had success against all the machines tested, in one form or another, adding to the list of known ways to defeat these machines..

            Post con we'll be adding links to articles here, setting up a face book page, email, etc to make this a real village going forward. We have many ideas on how to improve and continue to hacking.
            The Dark Tangent: Use PGP Key ID: 0x5D2405E5 for sending me email
            PGP Fingerprint: D121 EAAE D1B6 3D2E A0B1 953F FFAF A718 5D24 05E5

            Comment


            • #21
              Joseph Hall on GitHub has a repo trying to help track some of the things learned during con.
              https://github.com/josephlhall/dc25-...village-report

              Someone also has a repo of binaries, blobs, imaged ROMS, etc. I'll link that as soon as I find it.

              I'd like for people to start using this forums (and sub forums we could create for each machine) to help organize testing. Jump on in!
              The Dark Tangent: Use PGP Key ID: 0x5D2405E5 for sending me email
              PGP Fingerprint: D121 EAAE D1B6 3D2E A0B1 953F FFAF A718 5D24 05E5

              Comment


              • #22
                List all machines that should have their own forums, and I can create as needed.
                If you see these as persistent items, we can make a forum just under the root of "DEF CON" forums for all voting machine discussions.
                We can also move sub-forums there later, at the risk of URL problems when location moves. (The forced SEO URL system is mostly working when moving forums, but had problems with one move last month.)
                You can let me know what you want, or do it on your own -- you should have access.

                -Cot
                tiny font: _. ___ _... ___ _.. _.__ .._ ... . ... __ ___ ._. ... . _._. ___ _.. . ._ _. _.__ __ ___ ._. .

                Comment


                • #23
                  When the dust all settles, I'd be interested in the links to the binaries, dumps, bios, etc. Thanks. I see there is a link to the report, will the dumps also be available somewhere or by invitation only ? thanks.

                  Comment

                  Working...
                  X