A polling machine sold on eBay and purchased for use at the DEF CON hacker conference in Las Vegas has been found to contain the personal information of over 650,000 voters.
Organizers purchased what they believed to be a decommissioned machine, an ExpressPoll-5000, for use at the DEF CON Voting Village, where hackers tested the security of voting machines (with frightening results). Rather than a blank machine, with all sensitive information wiped from its memory, hackers discovered the personal data of hundreds of thousands of voters from Shelby County in Tennessee.
According to Gizmodo, whose reporter viewed some of the records, the information included name, address, birth date as well as political party and method of voting—in absentee or after providing identification.
The practice of selling off polling machines is quite common, although the government requires that the memory card that stores voter information be removed. The memory card in this instance was discovered still in the machine at DEF CON, where hackers were able to access the data by simply removing the card and inserting it into a reader.
Josh Palmer, the security researcher who first found the card while exploring the polling machine’s vulnerabilities, was able to access the huge database, which was neither encrypted nor password protected.
Gizmodo reports that the memory card was immediately confiscated for the protection of the voters whose data was contained on it, and that Shelby Country had been informed.
The alarming data breach has once again raised questions about the security practices that are in place for U.S. elections and how the integrity of voting machines is protected. With access to the removable memory card, simple software could be implemented to illegally manipulate voting by marking portions of the electorate as absent—nullifying their vote.
“I could write a script to do that in seconds,” Palmer told Gizmodo.
H/T Gizmodo