This is the 2018 Voting Village Report, detailing the significant findings and vulnerabilities discovered at DEF CON 2018. Compiled by election security experts and backed by Secretaries of State, this report represents a small portion of the numerous vulnerabilities in America’s election infrastructure, a massive problem that involves equipment flaws, network insecurities, supply-chain risks, and many other threat vectors.
“Back for its second year at DEF CON, the world’s largest and best-known hacker conference, the Voting Machine Hacking Village (Voting Village) dramatically expanded its hands-on activities and audience in advance of the 2018 midterm elections. When the Voting Village first launched in 2017 – and was attended by thousands of white hat hackers, government leaders, and media – it aimed to identify vulnerabilities within the U.S. election infrastructure. In 2017, intelligence about Russian adversaries hacking the 2016 presidential election was increasing but the severity of the threat to U.S. election infrastructure was dying down. This year, DEF CON dramatically expanded its inquiries to include more of the election environment, from voter registration records to election night reporting and many more of the humans and machines in the middle. DEF CON had a greater variety of voting machines, election officials, equipment, election system processes, and election night reporting. Voting Village participants consisted of hackers, IT and security professionals, journalists, lawyers, academics, and local, state and federal government leaders.
This year, the Voting Village made more than 30 pieces of voting machines and other equipment available to its participants. All of the equipment (with the exception of the AVS WINVote, described below) is still used throughout the United States today. The Voting Village is the only public forum in United States at which hackers have nearly unrestricted access to discover vulnerabilities in the equipment. In addition, this year the Voting Village conducted unprecedented outreach to state and local election officials, inviting them to participate in the Village’s activities and receive free training from cybersecurity experts.”
Read the full report below: