A to Z

Maricopa County recorder sending reps to hacking conference

By: - August 8, 2019 3:19 pm

Photo by Sam Whited | Flickr/CC BY-NC-ND 2.0

Hackers and tech enthusiasts are gathering in the Nevada desert this week for a conference where new vulnerabilities in software and hardware are discussed, but an unlikely group of people will also be in attendance: the Maricopa County Recorder’s Office. 

“You gotta know the ways of your adversaries,” Maricopa County Recorder Adrian Fontes said to the Arizona Mirror

Fontes’ office sent representatives to the DEFCON hacking conference in Las Vegas this week to watch participants in the Voting Machine Hacking Village

It’s the third year the conference has had a focus on election tech, and it is the only place that allows for public third-party assessment of electronic voting machines. It also isn’t the first time Fontes’ office has sent people to the conference – Fontes himself was there the first year

In 2017, hackers at DEFCON were able to hack into electronic voting machines in less than an hour. In 2018, it didn’t even take 10 minutes.

This year, the 2020 election hangs over the village and newly released research will surely change the dynamic of discoveries by white hat and black hat hackers alike. 

Last summer, voting machine manufacturer Election Systems and Software admitted it had installed backdoor software on its machines, something it had previously denied doing.

The state of Arizona contracts with ES&S, as do other some Arizona counties. Some cities, including Glendale and Tucson, also contract with ES&S.

Vendors of voting machines say backdoors are necessary for routine maintenance or for pushing security updates to all the machines at once, instead of one at a time, much in the same way Apple or Android push updates to millions of phones automatically.

Now, new research has found that nearly three dozen ES&S tabulation systems in 10 states had been connected to the internet over the last year, some in critical swing states. It is unclear if Arizona was one of those states. 

The news, first reported by Motherboard, is significant, as ES&S has previously stated that its machines are “air gapped,” meaning they do not connect to any wireless network. This is important, as it was a key way of proving that the systems were unable to be hacked remotely. 

Fontes said that tabulation machines in Maricopa county are not ES&S, though there is a bit of a caveat. 

Back in the 1990s, Maricopa did contract with ES&S, but switched in 1999 to Dominion Voting Systems. That company purchased the tabulators from Maricopa and replaced “the guts” with Dominion parts, Fontes said.

It’s as if you had Ford Mustang with a Chevy engine,” he said, adding that all of the Dominion tabulation systems used by the county are air gapped. 

When asked about the new findings by researchers, Fontes said that his office is “constantly working with different sets of partners” to ensure their machines are secure. 

“No one will ever ever say with a straight face that any system is totally secure,” he said, “it’s an impossible thing to say truthfully.”

Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site. Please see our republishing guidelines for use of photos and graphics.

Jerod MacDonald-Evoy
Jerod MacDonald-Evoy

Reporter Jerod MacDonald-Evoy joined the Arizona Mirror from the Arizona Republic, where he spent 4 years covering everything from dark money in politics to Catholic priest sexual abuse scandals. He brings strong watchdog sensibilities and creative storytelling skills to the Arizona Mirror.