11 Year Old At DefCon "Hacking Conv." Changed Florida Election Results In A Replical Web. 10 Mins

irish_thug said:
Pardon me sir, we have stereotypes about out veterans, I'd appreciate it if you would get back in the box society has decided you belong in.
Click to expand...
Haha, I’m still active duty! I hate the stereotypes thing. I graduated with a 4.0 from a very prestigious university in the US with a degree in Cybersecurity. I chose to join the military for a lot of different reasons, but not one of them was because I couldn’t do anything else. I’m sincerely not trying to brag or anything, but I just hate seeing the stereotype perpetuated. Hell, one of the guys I serve with is a Princeton grad, and another got a Masters from the Kennedy School of Government at Harvard. A guy I went through SF Selection with competed in 2 summer Olympic Games in a rowing sport. Turns out we aren’t just a bunch of morons who can’t do anything else...
 
sub_thug said:
Haha, I’m still active duty! I hate the stereotypes thing. I graduated with a 4.0 from a very prestigious university in the US with a degree in Cybersecurity. I chose to join the military for a lot of different reasons, but not one of them was because I couldn’t do anything else. I’m sincerely not trying to brag or anything, but I just hate seeing the stereotype perpetuated. Hell, one of the guys I serve with is a Princeton grad, and another got a Masters from the Kennedy School of Government at Harvard. A guy I went through SF Selection with competed in 2 summer Olympic Games in a rowing sport. Turns out we aren’t just a bunch of morons who can’t do anything else...
Click to expand...
Highlighted the dubious claims. Let me guess, you're 6'6" tall, 250lbs of pure muscle, bench 275 and make 6 figure income? Train UFC too?
 
Madmick said:
This generation of kids is actually less tech-savvy than Gen X and older Millennials. Fewer understand the fundamentals of operating systems or more robust, open-source, user-dependent software. This is DEFCON. This isn't reflective of the wider generation.
Click to expand...

The beginnings of LosTech, one of my absolute favourite scifi concepts.
 
IReallyDoTrainUFC said:
You all really believe that voting is necessary, sacred, or not fixed? Pffftt...

Jump back into reality. It doesn't matter who is in there, the Federal Reserve still controls the pursestrings while you rubes get locked into never ending debates about "transsexual rights" and all that other bullshit.

They've pulled the wool over your eyes.
Click to expand...

Pshhhh. Bro, if you don't know that antifa and neo-nazis are more important then tax breaks for corporations, now you know.
 
Websites has been being hacked since the 90's. SQL injections are easy anyone on Sherdog could do them with 10 minutes on google. From the Article

"The sites are not connected to vote counting equipment and could never change actual election results.”’"
 
sub_thug said:
There are web application firewalls and network firewalls, but a firewall isn't really the issue here. If it's SQL injections that are the problem, the thing needed is input sanitization to ensure that SQL statements and queries can't be entered into normal input fields. Take, for example, the fields where you enter your username and password. If not properly coded, you can run SQL commands into these fields, allowing you to see or alter databases that you shouldn't have access to. The problem is with the code itself from the manufacturer, so their developers need to go back through and change the code. Proper security configurations during the Software Development Life Cycle and periodic penetration tests of the system to look for vulnerabilities would have reduced the changes of these vulnerabilities making it to software currently in production.
Click to expand...

Yea the web server should be in the DMZ and the DB server on the internal network (no public access) with input validation, limited rights and prepared statements (like a phone number field should only have numbers) You are right thought the fuzz testing during SDLC should help eliminate a lot of the vulnerabilities. These are smart kids not that average script kid with downloadable tools I think, but I see why this got national news.

10-15 years ago you could buy a new tv or whatever you wanted off of ebay or amazon for 1$ which helped made for input validation. If any one is interested I can explain how they did that you could even do it now, it won't work successfully but you will see your cart balance is 1$ lol
 
Orgasmo said:
LosTech? You happen to be a BattleTech player?
Click to expand...

Well picked. Big fan of that setting, though the concept of lost technology is also used in other franchises, the Foundation series being another favourite of mine. It's a fascinating idea.
 
Orgasmo said:
Highlighted the dubious claims. Let me guess, you're 6'6" tall, 250lbs of pure muscle, bench 275 and make 6 figure income? Train UFC too?
Click to expand...
5'11 and about 190 pounds. Bench is actually about 365. And as I stated, I make an army salary, so the pay isn't great. The independent contracting work definitely helps, so I can clear 6 figures, but it's because I'm working two jobs.
 
Luckily no back end systems were compromised, this was more an illustration of the reliability of reporting services more than anything. This could create a situation where one result is reported, but another is the truth, which could be a good bit of chaos.

I can promise you guys though, there was nothing arcane about this. The kid gets props for being young, but it was basically bumper bowling. The Voter Village was a good time.
 
sub_thug said:
There are web application firewalls and network firewalls, but a firewall isn't really the issue here. If it's SQL injections that are the problem, the thing needed is input sanitization to ensure that SQL statements and queries can't be entered into normal input fields. Take, for example, the fields where you enter your username and password. If not properly coded, you can run SQL commands into these fields, allowing you to see or alter databases that you shouldn't have access to. The problem is with the code itself from the manufacturer, so their developers need to go back through and change the code. Proper security configurations during the Software Development Life Cycle and periodic penetration tests of the system to look for vulnerabilities would have reduced the changes of these vulnerabilities making it to software currently in production.
Click to expand...
This cheeky bastard tried to do sql injection on cctv speed traps.

18mpenleoksq8jpg.jpg
 
Ok this was really confusing. At first I thought they hacked into actual voting machines this is just websites though.
 
11yrs old using SQL injection? WTF, and you wonder why some turn into incels.
 
Orgasmo said:
Highlighted the dubious claims. Let me guess, you're 6'6" tall, 250lbs of pure muscle, bench 275 and make 6 figure income? Train UFC too?
Click to expand...

I'm going to support @sub_thug here. My brother went into active duty after medical school just because. A guy I went to law school with was a Marine sniper after undergrad. I had a male nanny for my kid who was active duty before going to medical school. By best friend went to nuke school in the Navy after finishing his Chem E. undergrad.

A lot of bright guys choose the military after college, it's a great career path and opens a ton of doors after you leave.
 
ShadowRun said:
Websites has been being hacked since the 90's. SQL injections are easy anyone on Sherdog could do them with 10 minutes on google. From the Article

"The sites are not connected to vote counting equipment and could never change actual election results.”’"
Click to expand...
Yes, I think everyone reading the thread understands this was a simulation, and that an actual election wasn't held. The cautionary issue is the real voting environment on which the simulation was based.
 
panamaican said:
I'm going to support @sub_thug here. My brother went into active duty after medical school just because. A guy I went to law school with was a Marine sniper after undergrad. I had a male nanny for my kid who was active duty before going to medical school. By best friend went to nuke school in the Navy after finishing his Chem E. undergrad.

A lot of bright guys choose the military after college, it's a great career path and opens a ton of doors after you leave.
Click to expand...
Thanks. Unfortunately, it’s a career path that is easy to politicize. Like everything else, it ebbs and flows, but right now, serving is viewed through a highly political lens. Honestly, the idea of jumping out of planes, shooting guns, and solving complex problems in tough locations just sounded really cool to me. The idea of spending all day living the life portrayed in Office Space was unbearable, so here I am. It’s just a personality thing for me, not a political one at all. I mean, it’s not like I get to select which Presidents I want to support or anything. If I did this for politics, I would spend at least half my time being sorely disappointed.
 
panamaican said:
I think the counter position presented (either by the machine manufacturers or the Florida election board, I don't remember which) is that this didn't mirror the actual scenario in real life. There was something about the kids have unfettered physical access to the machines which is not how it works in reality. I don't know how much of a difference that makes but they assert that it does matter.

That said, I think this is still a significant issue and I'd like to know that more is being done to protect this element of our democracy.
Click to expand...


This is exactly my argument when we have internal penetration tests performed . . . physically entry into the facility and direct access to the internal network is often 90% of the battle.
 
You must log in or register to reply here.

Latest posts

Forum statistics

Threads
1,237,063
Messages
55,464,486
Members
174,785
Latest member
JoyceOuthw

Share this page

Back
Top