Could an 11-Year-Old Really Hack an Election in 10 Minutes?

Two 11-year-olds hacked into a replica of Florida's election website. Should we be alarmed?


Dan Grytsku/Dreamstime.com

An 11-year-old boy apparently needed less than 10 minutes to hack into a replica of Florida's election website last week and change election results.

The boy was attending DEFCON 26, an annual hackers' conference in Las Vegas. PBS reports:

The boy, who was identified by DEFCON officials as Emmett Brewer, accessed a replica of the Florida secretary of state's website. He was one of about 50 children between the ages of 8 and 16 who were taking part in the so-called "DEFCON Voting Machine Hacking Village," a portion of which allowed kids the chance to manipulate party names, candidate names and vote count totals.

He wasn't the only young person to have such an easy time with the election website replica. An 11-year-old girl named Audrey was able to accomplish a similar feat in about 15 minutes.

Both 11-year-olds pointed out that the websites they hacked weren't all that well protected. "Basically what you're doing is you're taking advantage of it being not secure," Audrey tells BuzzFeed News. She was able to make it look like Constitution Party candidate Darrell Castle had won Florida in the 2016 presidential election.

"It's actually kind of scary," Brewer tells TechCrunch. "People can easily hack in to websites like these and they can probably do way more harmful things to these types of websites."

Nico Sell, CEO of the secure communications firm Wickr, thinks the U.S. isn't taking election security seriously enough. "By showing this with 8-year-old kids we can call attention to the problem in such a way that we can fix the system so our democracy isn't ruined," Sell tells TechCrunch.

But while state elections websites are definitely hackable, it's a bit alarmist to suggest that 11-year-olds can change actual results in a matter of minutes.

For one thing, replica websites aren't the real thing. As the National Association of Secretaries of State (NASS) notes in a statement, "many states utilize unique networks and custom-built databases with new and updated security protocols." Thus, "it would be extremely difficult to replicate these system." Sell might claim the sites the young hackers used are "very accurate replicas." But unless you've actually tried to hack the real thing, you can't know for sure.

Plus, state election websites are not repositories of actual vote counts. Instead, they're merely unofficial election night tallies. "[E]lection night reporting websites are only used to publish preliminary, unofficial results for the public and the media," the NASS says. "The sites are not connected to vote counting equipment and could never change actual election results."

Americans should be worried about election security, particularly when it comes to Russian agents hacking our voting systems. But are we so vulnerable that an 11-year-old can change results so quickly? Probably not.

NEXT: Ex-ICE Agent Is Headed to Prison After Accepting $990,000 in Bribes From Desperate Immigrants

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. “Americans should be worried about election security,”

    But, of course, requesting identification before someone votes is ludicrous, because voter fraud doesn’t exist*.

    *Except, Russia fever dreams. Those are totes real. We need election security

    1. The amount of abject retardation that it takes to believe that there is no domestic voter fraud, but foreigners can totes hack our election is so abysmally stupid that it sounds…..exactly like progressive talking points.

      You either think that both arguments are farcical or you support both positions. It takes a good deal of cognitive dissonance to believe one, but not the other on “faith alone”.

      1. And the linked example of “Russian agents hacking our voting systems” was an article by Shackford about the Russian agents indicted for stealing e-mails from the DNC (who will never be brought to trial, of course).

        1. Reason has a very low standard of what constitutes supporting citations.

        2. And one guy who hacked into an election system and stolen voter information.

          But, Shack also points out that, not just has there not been any hacking of actual election results, but that there haven’t even been any allegations of attempts to do that.

          Yeah, we should still be concerned about election security. But,results so far suggest we’re doing well.

      2. But they’ve been INDICTED. And some of them are so powerful that they manipulated the election even before they existed.


      3. You are starting to sound like John.

        1. No, because I didn’t advocate the need for voter IDs. I’m merely stating that the suggestion that domestic voter fraud is farcical, but that foreign election hacking is a real concern is nonsensical.

          They both exist in myth, but we are only allowed to mock one myth while stridently defending the other myth that has even less evidence supporting its conclusions.

      4. Just Say’n,
        Ah, but you forget that folks on the left can easily digest a dozen or more mutually exclusive viewpoints before breakfast without experiencing any cognitive dissonance at all. Whatever progresses their agenda is taken as gospel while anything contrary to the agenda absolutely MUST be purest hogwash. Even the idea that those evil Russian super-hackers could influence our election while home-grown hackers – of ANY age – could not possibly do so involves no great mental gymnastics for them.

  2. All the electronic voting machines produce a vote tally at the end of each voting day. Those results are sent off to the secretary of state election office.

    If someone hacks the secretary of state’s office and changes the vote results, all voting precincts can resend their vote tallies.

    All votes should be protected and double checked anyway to maximize chances of fair elections. If we dont have fair elections, whats the point of this experiment.

    If Reason only did an indepth investigation they would have more specifics on electronic voting.

    1. “[A] a vote tally at the end of each voting day [is] sent off to the secretary of state election office.”

      But what insures that said vote tallies are transmitted inviolate? For one knowledgeable in such matters, there is nothing terribly difficult about altering – UNDETECTABLY – computerized records. With absolutely NO physical record to match it against, the computer records are assumed to be correct. Lets see; what was it Stalin said about elections? Oh, yeah,”It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything.”

  3. Plus, state election websites are not repositories of actual vote counts

    This was my immediate thought. It sounds like what they actually did was the equivalent of changing the banner image on reason.com to read “Police States and Higher Taxes”. I doubt most people will pick up on this from the PBS piece or other reporting.

  4. probably we should scrap elections then.

  5. Brewer, accessed a replica of the Florida secretary of state’s website

    I once broke into a replica of Fort Knox.

  6. Why are we complaining??? This means someone could retroactively change some swing state websites and make Hillary president!

  7. Isn’t it nice to see young people involved in the political process?

  8. Major Kudos for the clickbait title. Seriously great work there.

    You know it’s a clickbait title when it asks a question, and any intelligent reader knows that the answer is “No” before they ever read the article.

    1. How certain are you that someone – perhaps even a pre-teen – could not hack a state’s SecState website and alter the published vote counts? There are multiple videos – admittedly a couple of years old now – that demonstrate the possibility of computerized voting machines giving totally bogus vote tallies.

      Here is but one:

      1. Messing with the published vote totals on a website does not equate to “hacking an election.”

        The process required for messing with voting machines and causing them to give fraudulent results is behind the means of an 11-year-old (who would need minutes of unrestricted physical access to a machine, which has no network capability), and would take much longer than 10 minutes regardless.

        Voting machines, when not actively being used, are kept under lock and key by city or county election boards. I would not be surprised to learn that some corrupt city/county government may have manipulated local elections by hacking the voting machines at some point. The type of conspiracy required to affect results in doing this on a national level would be too broad and too widespread to actually be effective and remain secret.

        If you’re living in an area with a very corrupt city/county government, you’re allowed to move out of the area, so even if this happens on rare occasions on the small scale, it’s not undermining the Republic.

  9. “For one thing, replica websites aren’t the real thing. As the National Association of Secretaries of State (NASS) notes in a statement, “many states utilize unique networks and custom-built databases with new and updated security protocols.” Thus, “it would be extremely difficult to replicate these system.” Sell might claim the sites the young hackers used are “very accurate replicas.” But unless you’ve actually tried to hack the real thing, you can’t know for sure.”

    Then maybe they should be paying these 11 year olds to hack the actual websites to see how vulnerable they really are.

  10. Trust. The. Government.

  11. I’ve been reading you (Joe) for a couple of months now and…your principles seem weak, your reporting skills seem like they were learned in college…yesterday and your conclusions are usually questionable. I hope you aren’t examplative of Reason’s new crop of writers / reporters. Apprentice under Scott for a while, it’ll benefit us all.

    1. He’s another junior grade Obamatard JournoList whose balls just dropped a couple of weeks ago.

  12. Americans should be worried about election security, particularly when it comes to…

    People voting based on the Florida Secretary of State’s website.

  13. The article has the priorities reversed. The DEFCON replica websites are pretty darned close replicas of the real things. If anything, they are often slightly harder to hack than the real ones.

    On the other hand, who cares if you hack that website? It’s just a reporting page publishing the informal results. Make it say anything you want. You still haven’t corrupted the voting system. All you’ve confused are some newspapers and a few political nerds who don’t want to wait for the publication of the official results.

  14. I’d like to see Reason do a piece on the only known means of eliminating voter fraud: use of blockchain technology. It’s a technique being employed by numerous parties around the world.

  15. Bill Nelson will do almost anything to stay on that DC cushion.

  16. I’ve been a poll-worker, and I can tell you that the simple solution — as most states have figured out — is simply *not to use computers for voting or tallying*. Make everybody use simple paper ballots, deliver the ballots by mail or hand, and count the ballots by hand — with witnesses. Nothing foils a hacker like not having computers.

  17. as the person who brought the Voter Hacking Village to DEF CON 6 years ago, I can tell you, fake site or not, there is a real problem with voting, and the ability to hack into the systems. We partnered with the EFF on this effort, after hacking a TSX Diebold (which are STILL used), to see what other issues are out there. To brush off this as a non-issue is obtuse at best.

  18. After I wasted a lot of time, easier just to break into the Facebook account you want , maybe it’s immoral but it does the job! , Just search for fpowerhax ???? on google it a freeToolto hax anyone’s Facebook

Please to post comments

Comments are closed.