Maricopa County recorder sending reps to hacking conference




    Photo by Sam Whited | Flickr/CC BY-NC-ND 2.0

    Hackers and tech enthusiasts are gathering in the Nevada desert this week for a conference where new vulnerabilities in software and hardware are discussed, but an unlikely group of people will also be in attendance: the Maricopa County Recorder’s Office. 

    “You gotta know the ways of your adversaries,” Maricopa County Recorder Adrian Fontes said to the Arizona Mirror

    Fontes’ office sent representatives to the DEFCON hacking conference in Las Vegas this week to watch participants in the Voting Machine Hacking Village

    It’s the third year the conference has had a focus on election tech, and it is the only place that allows for public third-party assessment of electronic voting machines. It also isn’t the first time Fontes’ office has sent people to the conference – Fontes himself was there the first year

    In 2017, hackers at DEFCON were able to hack into electronic voting machines in less than an hour. In 2018, it didn’t even take 10 minutes.

    This year, the 2020 election hangs over the village and newly released research will surely change the dynamic of discoveries by white hat and black hat hackers alike. 

    Last summer, voting machine manufacturer Election Systems and Software admitted it had installed backdoor software on its machines, something it had previously denied doing.

    The state of Arizona contracts with ES&S, as do other some Arizona counties. Some cities, including Glendale and Tucson, also contract with ES&S.

    Vendors of voting machines say backdoors are necessary for routine maintenance or for pushing security updates to all the machines at once, instead of one at a time, much in the same way Apple or Android push updates to millions of phones automatically.

    Now, new research has found that nearly three dozen ES&S tabulation systems in 10 states had been connected to the internet over the last year, some in critical swing states. It is unclear if Arizona was one of those states. 

    The news, first reported by Motherboard, is significant, as ES&S has previously stated that its machines are “air gapped,” meaning they do not connect to any wireless network. This is important, as it was a key way of proving that the systems were unable to be hacked remotely. 

    Fontes said that tabulation machines in Maricopa county are not ES&S, though there is a bit of a caveat. 

    Back in the 1990s, Maricopa did contract with ES&S, but switched in 1999 to Dominion Voting Systems. That company purchased the tabulators from Maricopa and replaced “the guts” with Dominion parts, Fontes said.

    It’s as if you had Ford Mustang with a Chevy engine,” he said, adding that all of the Dominion tabulation systems used by the county are air gapped. 

    When asked about the new findings by researchers, Fontes said that his office is “constantly working with different sets of partners” to ensure their machines are secure. 

    “No one will ever ever say with a straight face that any system is totally secure,” he said, “it’s an impossible thing to say truthfully.”

    Jerod MacDonald-Evoy
    Reporter Jerod MacDonald-Evoy joins the Arizona Mirror from the Arizona Republic, where he spent 4 years covering everything from dark money in politics to Catholic priest sexual abuse scandals. Jerod has also won awards for his documentary films which have covered issues such as religious tolerance and surveillance technology used by police. He brings strong watchdog sensibilities and creative storytelling skills to the Arizona Mirror.

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here