Keys that open election equipment, like voting machines, are apparently available for purchase on websites like Amazon, since they utilize locks that pair with common-shape keys. Harry Hursti, organizer of the DEF CON Hacking Conference 'Voting Village,' had a bag of such keys on-hand to show attendees how vulnerable the locks on some voting machines can be. (Fox News)Now, I have access to machines that have been used or are currently in-use in 35 different states. Swing-states, coastal icons and the heartland, experts say.

Jun 15, 2016  Kongregate free online game Pocket Politics - Pocket Politics is about the best democracy money can buy. Select between liberal or conserva. Play Pocket Politics.

The coolest and probably most disturbing SWAG ever, hands-down. “These are the keys to the kingdom,” explains Harri Hursti, a hacker and data security expert with Nordic Innovation Labs. Hursti, who helped organize the DEF CON “Voting Village,” was speaking both literally and metaphorically, since some of these keys actually open the memory card enclosure on certain machines.The problem, Hursti says, is that many of the locks used for these machines work with basic keys that can be easily replaced over time, or in the event they are lost. Some of the keys are so universal that they not only open voting machines, but also mini-bars and even some elevators. Fox News obtained keys at the DEF CON 27 Hacking Conference that are widely available for purchase, and that apparently open various types of U.S.

Election equipment past and present. The above animation shows the states where the keys Fox was given can apparently open such machines. (Data Source: DEF CON Voting Village 2019)Ordering what is effectively a skeleton key off of Amazon is not the kind of “hacking” you might think of at a place like DEF CON’s Voting Village, or when brainstorming the possible vulnerabilities of the supposedly secure equipment used in U.S. Elections in general. But here we are.Indeed, the types of keys I was shown at the DEF CON “Voting Village” are available on sites like, eBay and others, as Hursti suggested.“This machine is used in 18 different states, many different swing-states.

1942 Dime Value. The 1942 dime value is $1.49 - helped by the price of silver it contains. A majority of 1942 Mercury dimes, if circulated are at this price. Collectors and dealers begin to attach a premium value to coins in 'uncirculated' condition, coins that have remained well preserved and appear as if brand new. 1942 mercury dime.

You can disrupt the ballot, you can make it say something it’s not supposed to say. And that’s undermining our democracy.” — Rachel Tobac, CEO SocialProof SecuritySure, I learned about plenty of other digital backdoors and other disturbing vulnerabilities concerning U.S.

Election equipment at DEF CON. Like the “hidden feature” that Hursti says was only recently discovered in a machine that’s been in use and under the microscope for more than a decade.“A hidden feature that enables you to reopen the polls silently, and insert more ballots and print the new evidence of the election,” Hursti says.

And despite believing that the manufacturers had learned from previously exposed vulnerabilities on that machine over the years, “these newly discovered features had been missed” the entire time, Hursti says.I watched Hursti explain this new discovery to Rep. Eric Swalwell, D-Calif., one of the numerous lawmakers who attended this year’s DEF CON, and whose face seemed to drop upon learning of the new revelation. That’s likely because this particular machine has been in use in his home state of California for years.There was a team of students who rigged two different machines to play the retro classic “PONG” with each other from across the room. A different group of researchers was able to hack a piece of equipment, previously used to check-in and verify voters on Election Day, to run the eponymous video game, “DOOM.”.

That latter machine utilized a commonly available tablet with both forward and rear-facing cameras. A media representative for Election Systems & Software (ES&S), one of the companies behind that particular piece of equipment and others at DEF CON, said 'voting machines don't have cameras. Perhaps you are referencing our previous version of e-pollbook, used to check in and verify voters.' Those tablets, they said, were only used 'in certain states to speed up the voter check-in process,' and that their equipment 'does not photograph voters or cast ballots, and there is no way the ballot can be tied to the voter at registration.' You can decide how reassured you are by those statements if you ever find yourself staring a webcam in the face while checking-in on Election Day.One voting machine was discovered to have a password of “1111.” Better than the voter ID machine with NO password. And I watched as yet another voting machine was physically dismantled, memory card and all, with just fingernails and a ballpoint pen. Rachel Tobac, CEO of SocialProof Security, a company that specializes in “social engineering” and security assessments, walked me through that last process in less than 90 seconds.

And this was only her second year of hacking voting machines.In the “kids area” at DEF CON, known as the “r00tz Asylum,” children barely out of middle school had hacked a simulated campaign contributions website to reveal donations from a deep-pocket donor named “spaghetti.” Jokes aside, the power to change the names and amounts of political donations on official state websites is no laughing matter. A simulated campaign contributions website is hacked by children at the DEF CON 27 Hacking Conference 'r00tz Asylum' kids area in Las Vegas. The simulated website was hacked to reveal a deep-pocket donor named 'spaghetti.' (Fox News)There were signs that some of the problems with U.S. Election equipment are being addressed, like the significantly larger contingent of lawmakers at this year’s DEF CON, as well as election officials and even congressional staffers from both sides of the aisle. Or the fact that more than a dozen actual voting machines were available for tinkering at this year’s Voting Village, some of them by the manufacturers themselves. Dominion Voting, another company that produces election equipment, 'sent representatives and demo equipment to DEF CON this year in the hopes of finding more ways to work with researchers and white hat hackers,' according to a representative.One prominent member of the hacking community at DEF CON told Fox that they felt as if the Voting Village's 'scorched earth' approach of dismantling voting machines in a public space may no longer be the best way to encourage a public dialogue with the companies behind the tech.

That same person said it's a very good sign that there were apparently representatives from at least one such company at DEF CON this year, with gear in tow. They also admitted that having election equipment that utilizes master keys sold on the Internet seems like an obvious and easily fixable problem.There are also technological advancements being researched to try and make the voting system more secure, like a new $10 million machine funded by the DoD, and the concept of combining with paper ballots – a federal elections Frankenstein that is at least three elections away from becoming a possible reality, according to people working on the project. A piece of U.S. Elections equipment is hacked at the DEF CON 27 Voting VIllage in Las Vegas to show an animated 'Nyan Cat,' among other things.(Fox News)While that particular project is still a few years off, mobile blockchain voting has already gone through a trial in West Virginia, and the state apparently plans to use it again in 2020. 'The security researchers who find these vulnerabilities?

We’re the first people in line on election day (when we aren’t volunteering as poll workers),' Matt Blaze, another security expert with the DEF CON Voting Village, wrote in a tweet.Regarding some of the claims emerging from this year's election hacking festivities, Dominion's representative said the company would 'need to be able to review the full report from DEF CON before responding to any claims or inquiries.' On the issues of locks and keys, and whether they support the efforts that go on at a place like DEF CON, ES&S explained to Fox that the company 'submits its equipment to testing by independent security researchers and proactively seeks to work with independent experts in election security,' in addition to partnering with the likes of the Department of Homeland Security. They added that there are additional safeguards in place beyond the obvious locks themselves. At the DEF CON Hacking Conference Voting Village, Fox News is shown a prototype for a research project that could combine blockchain technology and paper ballots embedded with codes that can be scanned digitally.

(Fox News)And while ES&S also suggested that there is no evidence that a vote in a U.S. Election has ever been compromised by a cybersecurity breach, Tobac and countless others at DEF CON this year made it clear that time is of the essence when it comes to solving the apparent problems that remain with some of this equipment.“This machine is used in 18 different states, many different swing-states,” Tobac says.

“You can disrupt the ballot, you can make it say something it’s not supposed to say. And that’s undermining our democracy,” she added.Plenty more coverage to come from my inaugural trip to DEF CON. Got a tip for me, DEF CON-related or otherwise?

Send me a DM on Twitter, or find me on Signal - alexdiaz36.

It took a village to get Hillary Clinton’s campaign chair John Podesta’s email hacked.It wasn’t technical; there wasn’t a big security breach on Google’s servers. In short, someone tricked Podesta into giving them his password, he didn’t have two-factor authentication set up as an additional check, and the campaign’s IT team led him astray. Thanks to, we now know how it happened:On March 19, Podesta received an email from “no-reply@accounts.googlemail.com” — a user falsely posing as Google, notifying Podesta that his password had been compromised by someone in Ukraine. The email provided a bit.ly link to change the password.Seemingly skeptical (and rightfully so), Podesta forwarded the email to his chief of staff, who then passed along the email to the campaign’s IT team. This is where things go so painfully wrong: The campaign’s IT team incorrectly identified the email phishing for Podesta’s password as legitimate, instructing him to change his password.To the IT team’s credit, they did send along a legitimate Google link — not the original phishing email’s bit.ly link — to change Podesta’s password and instructed him to add two factor-authentication to his account for an added level of password security. But the legitimate Google link didn’t seem to make it to Podesta, and instead he must have used the “poisoned link,” giving his password to hackers and opening up his personal email to unwelcomed eyes.This wasn’t an elaborately technical hack.

Rather, this kind of hacking is incredibly common and incredibly “easy,” Herb Lin, a cybersecurity expert at Stanford University, told me when Colin Powell’s emails were leaked earlier this summer.with seemingly familiar addresses — for example, a trusted email address with one character different — and send “poisoned” links. Click on the link, and it can take you to a page that can steal more information, running malicious software.And, as Zinaida Benenson, a researcher from University of Erlangen Nuremberg, found, people are easily fooled by this kind of email phishing. Benenson’s findings:Based on these results, Benenson concluded that just about anybody could be induced to click a dangerous link using one of several techniques. Addressing the victim by name, crafting the message to induce curiosity, spoofing a known sender, matching message content to the victim's recent experience—these are the tried and true techniques.The takeaway here is simple: There are a lot of easy, nontechnical ways to hack into your email login information. Ultimately, email technology is old and complicated, which opens it up to vulnerabilities. There are some common sense measures to protecting yourself from this kind of hackingThis election year has proved to be the year of hacked emails.From Colin Powell’s emails to Hillary Clinton’s private server to the Democratic National Committee’s email leak to Donald Trump openly encouraging Russian hackers, it’s easy to see that even those with the tightest security measures, and upmost skepticism, are still victim to break-ins.Of course, your vulnerability on email as an individual varies.

It would be inaccurate to say email is less secure than speaking on the phone. It just depends who you are.But for average email users, there are certain accessible and commonsense ways to make communication more secure.“When I send my credit number, I use two different channels,” Lin said. For example, he will send the first 12 digits over email and the phone in the last four.It’s the same idea as using two-factor authentication on your logins — where you not only have a username and password but also are sent a text with an addition code to plug in at login. Here is a video on how to works. Email servers are really complicated and prone to security flawsBehind every email address is an email server. That’s a computer located in a data center somewhere that receives email on your behalf and holds on to it until you’re ready to read it. The decentralized nature of email means that anyone, from big companies like Google to hobbyists in their basement, can set up and run an email server.This is what Hillary Clinton did — she set up a server in her home in Chappaqua, New York.

By running her own server, Clinton may have made it easier for her to use her beloved BlackBerry, and she may have been trying to make it harder for third parties to gain access to her emails using subpoenas or Freedom of Information Act requests.But by choosing to run her own server, she opened herself up to some serious security risks.By nature, mail servers are really complicated technology — they are prone to flaws that can be exploitable, Justin Cappos, a computer science professor at NYU's Tandon School of Engineering, said.They are also incredibly difficult to set up. How to set up a private server, with a warning:If you screw up and your server is compromised or used as spam relay, your domain will almost certainly wind up on blacklists. Your ability to send and receive e-mail will be diminished or perhaps even eliminated altogether.

And totally scrubbing yourself from the multitude of e-mail blacklists is about as difficult as trying to get off of the TSA's No Fly list.You have been warned.For average Americans, it’s usually safer to just go with the big mail providers like Gmail or Apple, both Cappos and Lin said. “Some mail servers are set up really poorly and because they are complicated, there are lots of issues,” Cappos said.“Gmail is pretty secure. Are they invulnerable? No,” Lin said. That’s a big takeaway —nothing is invulnerable.

As the Ars Technica article notes, going with Google or Apple means that you don’t have control over who is overseeing the transfer of your emails between different mail servers or if your data has been compromised. Email is also a very old technologyEmail technology is old.“It's the oldest still-recognizable component of the Internet, with its modern incarnation having coalesced out of several different decades-old messaging technologies including ARPANET node-to-node messaging in the early 1970s,” Ars Technica senior editor.And because it’s old, certain security developments haven’t caught up to it yet — most notably, encryption. When used correctly, encryption — which we see in iMessages or texts through apps like WhatsApp — scrambles messages in a way that prevents anyone but the intended recipient from unscrambling them. But when it comes to email, almost all mail servers operate in plain text.“It’s like if the mailman only delivered postcards instead of envelopes,” Cappos said. You could see how this could be a problem if you have a corrupt mailman or someone pretending to mailman who is really a malicious identity thief.There are some solutions to this, like using a, which would encrypt your email before sending, requiring the recipient to be able to decrypt the message.

But tools like this are hardly accessible, Cappos said.The good news is that there has been a big push toward encryption, Cappos said. As for now, however, the software is just “old and entrenched,” he said.For now, just be careful. Use two factor authentication.