Did an 11-year-old kid hack the Florida Secretary Of State voting website?

Residents of Dade county, Florida, use electronic voting machines to cast their votes at a local polling station 29 October 2004, in Coral Gables, Florida. (Photo credit ROBERTO SCHMIDT/AFP/Getty Images)

The short answer is that an exact copy of the website was hacked, yes. In just 10 minutes. By an 11-year-old kid.

It’s a time-honored tradition for companies and governments to hire hackers to see if they can get through security systems, software, and hardware. The reason? So that said systems can be improved, strengthened, and firmed up.

The State of Florida, among others, might need to hire an 11-year-old boy to work on that kind of thing; first, though, its representative organization, the National Association of Secretaries of State, got a little miffed that a bunch of people sat in a room and tried to hack its vote totals websites—or, more accurately, replicas thereof. The organization's statement was quoted and commented on by Buzzfeed’s cybersecurity correspondent, Kevin Collier. 

Well this is interesting. National Association of Secretaries of State issues statement against the Def Con Voting Village. Says its attempt to recreate (and likely hack the shit out of) a connected mockup of the election process isn't realistic. pic.twitter.com/c1uy694UPA

— Kevin Collier (@kevincollier) August 9, 2018

It all happened at the annual DEF CON gathering in Las Vegas, where a group of hackers was tasked with breaking into replicas of the Florida Secretary of State’s election totals reporting web page. Eleven-year-old Emmett Brewer, whose father has been at DEFCON four times and works in the cyber-security field, accomplished this in 10 minutes via a technique known as 'SQL injection'.

The company that created the replicas, Wall of Sheep, noted in a statement that this is not unique to Florida. “The main issues with the live sites we are creating the replicas of are related to poor coding practices. They have popped up across the industry and are not vendor specific.”


Workshop at the Hacked By Def Con Press Preview during the 2016 Tribeca Film Festival at Spring Studios on April 15, 2016 in New York City. (Photo by Rob Kim/Getty Images for Tribeca Film Festival)

Of the hundreds of adults and 47 children who participated in the “DEF CON Vote Hacking Village” events this week, fully 89% successfully hacked the systems.

“It’s actually kind of scary,” said Brewer. “People can easily hack into websites like these and they can probably do way more harmful things to these types of websites.”

The idea for the vote hack exercise was hatched by security company Wickr, which boasts clients such as banks, political parties, and non-profits around the world. 

Wickr's founder, Nico Sell, had some sobering words to say about why the company wanted to cover this in a workshop at DEF CON: “The really important reason why we’re doing this is because we’re not taking the problem serious enough how significantly someone can mess with our elections,” said Sell. “And by showing this with eight-year-old kids we can call attention to the problem in such a way that we can fix the system so our democracy isn’t ruined.”

If this is taken seriously, rather than brushed off as theater by those in charge of information technology at the 18 states that use code exactly like the pages that were hacked, then perhaps democracy has a chance in November and beyond.