Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:31,125 --> 00:00:34,584 Voting is about our capability 2 00:00:34,667 --> 00:00:38,125 to change the way the government works 3 00:00:38,209 --> 00:00:41,334 by changing the people who make the decisions, 4 00:00:41,417 --> 00:00:45,000 and have a peaceful transfer of power 5 00:00:45,083 --> 00:00:47,918 when the people have made that choice. 6 00:00:49,042 --> 00:00:51,250 If you don't have that, 7 00:00:51,334 --> 00:00:53,584 then the alternatives are revolutions. 8 00:00:53,667 --> 00:00:56,834 The problem is once you understand how everything works, 9 00:00:56,918 --> 00:00:59,500 you understand how fragile everything is, 10 00:00:59,584 --> 00:01:03,876 and how easy it is to... lose this all. 11 00:01:06,751 --> 00:01:09,584 Do you have any doubt 12 00:01:09,667 --> 00:01:11,751 that Russia attempted to interfere 13 00:01:11,834 --> 00:01:14,626 - in the 2016 elections? - None. 14 00:01:14,709 --> 00:01:17,083 In 2016, we know that Russian actors 15 00:01:17,167 --> 00:01:19,292 targeted state election systems. 16 00:01:19,375 --> 00:01:22,083 Has the department conducted any kind of 17 00:01:22,167 --> 00:01:26,292 post-election forensics on the voting machines 18 00:01:26,375 --> 00:01:28,918 that were used in 2016? 19 00:01:29,000 --> 00:01:31,167 Our department has not conducted forensics 20 00:01:31,250 --> 00:01:32,667 on specific voting machines. 21 00:01:32,751 --> 00:01:34,431 I think it had no bearing on the election. 22 00:01:34,500 --> 00:01:36,500 We have no evidence that votes were changed. 23 00:01:36,584 --> 00:01:38,500 No actual votes were changed. 24 00:01:48,959 --> 00:01:51,209 I keep hearing that 25 00:01:51,292 --> 00:01:53,751 the system is unhackable. 26 00:01:53,834 --> 00:01:55,417 Bzzz! Wrong. 27 00:01:55,500 --> 00:01:57,918 Everything is hackable, always. 28 00:01:58,000 --> 00:01:59,626 These are just computers. 29 00:01:59,709 --> 00:02:01,918 We call them voting machines, 30 00:02:02,000 --> 00:02:04,626 but they're nothing more than obsolete computers. 31 00:02:04,709 --> 00:02:06,042 Wow. 32 00:02:06,125 --> 00:02:08,292 WoPassword. Do we want...? For admin. Yeah. 33 00:02:08,375 --> 00:02:10,000 - Admin. - Yeah. 34 00:02:10,083 --> 00:02:11,249 - Awesome. - Success! 35 00:02:11,250 --> 00:02:12,542 We are in! 36 00:02:12,626 --> 00:02:14,542 It's not just about hardware. 37 00:02:14,626 --> 00:02:16,876 It's the hardware of our democracy. 38 00:02:16,959 --> 00:02:19,268 - Thank you for voting. - When people say 39 00:02:19,292 --> 00:02:21,375 no votes were changed, it misses the point. 40 00:02:21,459 --> 00:02:24,209 What matters is that you create chaos 41 00:02:24,292 --> 00:02:27,167 in the election system. 42 00:02:27,250 --> 00:02:31,417 We tend to see these events as random and disconnected, 43 00:02:31,500 --> 00:02:34,626 but, in fact, there's a pattern you can see. 44 00:02:34,709 --> 00:02:37,918 In cyberwarfare, it's called a "kill chain." 45 00:02:38,000 --> 00:02:41,292 We may be buying the world's best 20th century military, 46 00:02:41,375 --> 00:02:45,500 when the battlefront in the 21st century is election security, 47 00:02:45,584 --> 00:02:47,000 cybersecurity. 48 00:02:47,083 --> 00:02:49,292 In order for us to find a way forward, 49 00:02:49,375 --> 00:02:52,167 we have to understand how broken the system is 50 00:02:52,250 --> 00:02:56,375 and what are the fundamental problems we are facing. 51 00:02:56,459 --> 00:02:58,209 This shouldn't be a partisan issue. 52 00:02:58,292 --> 00:03:00,250 This is our common problem, 53 00:03:00,334 --> 00:03:03,584 owned by everyone living in the United States, 54 00:03:03,667 --> 00:03:06,417 and we have to solve it in order to preserve 55 00:03:06,500 --> 00:03:09,125 our way of life, our society, 56 00:03:09,209 --> 00:03:12,417 the rule of law, and our right to self-govern. 57 00:03:53,000 --> 00:03:56,876 So, how we vote in the United States is very complicated. 58 00:03:58,834 --> 00:04:01,417 Elections are run locally. 59 00:04:01,500 --> 00:04:04,918 There's no national election system, 60 00:04:05,000 --> 00:04:08,167 no agency, and all of this is left up 61 00:04:08,250 --> 00:04:10,042 to the states, and within the states, 62 00:04:10,125 --> 00:04:13,375 it's left up to, typically, to the counties. 63 00:04:13,459 --> 00:04:16,125 There are many, many, many counties in the United States. 64 00:04:16,209 --> 00:04:18,125 Within the counties, it's then left 65 00:04:18,209 --> 00:04:20,584 to the election officials in those counties, 66 00:04:20,667 --> 00:04:23,292 and they get to decide how we vote. 67 00:04:23,375 --> 00:04:26,626 They get to decide what machines we use, 68 00:04:26,709 --> 00:04:29,876 and there are many different kinds of election machines. 69 00:04:29,959 --> 00:04:33,334 Then the memory card is placed into the voting machine. 70 00:04:35,792 --> 00:04:38,626 Some places also use paper ballots, 71 00:04:38,709 --> 00:04:41,709 and all of the paper ballots go into a scanner. 72 00:04:41,792 --> 00:04:43,918 Paper ballot here, hand-mark it, 73 00:04:44,000 --> 00:04:45,626 and feed it to our precinct scanner. 74 00:04:45,709 --> 00:04:49,167 Other districts will use what are called 75 00:04:49,250 --> 00:04:51,918 "direct recording electronic machines," 76 00:04:52,042 --> 00:04:54,584 which are touch-screen computers, 77 00:04:54,667 --> 00:04:56,876 and then, ultimately, all of these votes 78 00:04:56,959 --> 00:05:01,042 will go into a central location that will tabulate the votes. 79 00:05:01,125 --> 00:05:04,500 So, at the end of the night, when you close the machine down from voting, 80 00:05:04,584 --> 00:05:06,083 there's a thumb drive... 81 00:05:06,167 --> 00:05:09,417 As soon as the voting stops, the coordinator pulls this out, 82 00:05:09,500 --> 00:05:12,667 has a special laptop, to just put it in the side of that machine, 83 00:05:12,751 --> 00:05:15,167 and they send it to the right place, 84 00:05:15,250 --> 00:05:17,876 and then it's done. Pow! 85 00:05:17,959 --> 00:05:20,584 Basically, there is no way 86 00:05:20,667 --> 00:05:23,000 that you can say, "This is how America votes," 87 00:05:23,083 --> 00:05:25,959 because America votes in this very, 88 00:05:26,042 --> 00:05:29,751 kind of chaotic, very idiosyncratic way. 89 00:05:32,459 --> 00:05:36,250 Our vote system in the United States is very, very hard 90 00:05:36,334 --> 00:05:39,417 for someone to hack into 'cause it's so clunky and dispersed. 91 00:05:39,500 --> 00:05:41,167 It's Mary and Fred putting a machine 92 00:05:41,250 --> 00:05:42,918 under the basketball hoop at the gym. 93 00:05:43,000 --> 00:05:46,417 The overlapping layers of the system are what give us confidence, 94 00:05:46,500 --> 00:05:49,584 the fact that there's a wide variety of machines in use, 95 00:05:49,667 --> 00:05:52,083 a wide variety of procedures across jurisdictions. 96 00:05:52,167 --> 00:05:54,125 Thousands of machines 97 00:05:54,209 --> 00:05:57,042 at thousands of locations across the United States... 98 00:05:57,125 --> 00:05:59,834 Means that there's no national system that a hacker 99 00:05:59,918 --> 00:06:02,292 or bad actor can infiltrate to affect 100 00:06:02,375 --> 00:06:06,000 the American elections as a whole. 101 00:06:08,709 --> 00:06:10,959 There is a commonly repeated statement, 102 00:06:11,042 --> 00:06:12,542 repeated over and over again, 103 00:06:12,626 --> 00:06:15,459 that the US election system 104 00:06:15,542 --> 00:06:18,292 is protected by its vast diversity, 105 00:06:18,375 --> 00:06:20,918 uh, that's not exactly true. 106 00:06:27,542 --> 00:06:30,792 The laws are actually very similar across the US, 107 00:06:30,876 --> 00:06:32,959 but so are also the voting machines. 108 00:06:33,042 --> 00:06:37,209 There is commonalities between, basically, all makes and models, 109 00:06:37,292 --> 00:06:40,918 and one of the commonalities is that 110 00:06:41,000 --> 00:06:45,417 the key element to carry and store the votes 111 00:06:45,500 --> 00:06:48,751 seems to always be a removable medium. 112 00:06:51,000 --> 00:06:54,250 Whether it's a card or whether it's a USB stick, 113 00:06:54,334 --> 00:06:55,667 it doesn't matter... 114 00:06:55,751 --> 00:06:58,167 It's still a removable storage medium. 115 00:07:00,042 --> 00:07:04,334 Every single step of the way, it is vulnerable to attack. 116 00:07:04,417 --> 00:07:06,375 One machine, then another machine, 117 00:07:06,459 --> 00:07:08,959 then another machine, and so on. 118 00:07:11,083 --> 00:07:13,292 It is also important to understand 119 00:07:13,375 --> 00:07:18,584 that modern storage devices are computers of their own. 120 00:07:18,667 --> 00:07:21,500 It is not just where data is stored, 121 00:07:21,584 --> 00:07:24,500 also storing instructions 122 00:07:24,584 --> 00:07:27,209 for the voting machine, how it should operate. 123 00:07:39,083 --> 00:07:41,667 What we are going to do here is modify one card. 124 00:07:41,751 --> 00:07:45,083 And it's a very simple process... You just add the card in, 125 00:07:45,167 --> 00:07:47,417 and tell exactly what file 126 00:07:47,500 --> 00:07:49,459 you want to be put in. 127 00:07:49,542 --> 00:07:51,667 You run the rewrite program, 128 00:07:51,751 --> 00:07:54,834 and then bring it to the election supervisor's office. 129 00:07:54,918 --> 00:07:57,209 Here is the memory card I have touched. 130 00:07:57,292 --> 00:07:59,250 Okay. Now this is the only piece 131 00:07:59,334 --> 00:08:02,500 - of Diebold equipment that you've used? - That's correct. 132 00:08:12,751 --> 00:08:16,500 What we have here is a programmed optical-scan ballot. 133 00:08:16,584 --> 00:08:20,125 Now there is only one question on this ballot. 134 00:08:20,209 --> 00:08:23,250 Two individuals will be voting "yes," 135 00:08:23,334 --> 00:08:25,292 the rest of us will be voting "no," 136 00:08:25,375 --> 00:08:27,459 and then we'll scrutinize the ballots afterwards, 137 00:08:27,542 --> 00:08:29,918 to ensure that that is indeed the mark. 138 00:08:38,667 --> 00:08:40,459 Oh my. 139 00:08:40,542 --> 00:08:41,834 Oh no! 140 00:08:41,918 --> 00:08:44,876 - What is it? What is it? - WoSeven yes, one no! 141 00:08:44,959 --> 00:08:47,083 Oh my gosh! 142 00:08:47,167 --> 00:08:49,834 Seven people said it could be hacked. 143 00:08:49,918 --> 00:08:52,459 - And we put through... - Six and two. 144 00:08:52,542 --> 00:08:55,292 Six no's and two yes's. 145 00:08:55,375 --> 00:08:57,209 Oh my gosh. Do you know what this means? 146 00:08:57,292 --> 00:08:59,792 The memory card can be altered, 147 00:08:59,876 --> 00:09:03,250 and that will cause incorrect results, 148 00:09:03,334 --> 00:09:05,876 and every single element of the system 149 00:09:05,959 --> 00:09:09,083 will be reporting the same incorrect results, 150 00:09:09,167 --> 00:09:11,709 seamlessly, leaving no evidence, 151 00:09:11,792 --> 00:09:13,417 nothing to be detected. 152 00:09:25,334 --> 00:09:29,751 The first reaction was to shoot the messenger, 153 00:09:29,834 --> 00:09:35,292 to try to use any legal means possible to cause a chilling effect. 154 00:09:35,375 --> 00:09:38,751 And there was a huge amount of resources used 155 00:09:38,834 --> 00:09:40,626 just to stop the communications, 156 00:09:40,709 --> 00:09:45,417 just to stop people discovering the vulnerabilities. 157 00:09:45,500 --> 00:09:47,334 There was a huge amount of lobbying, 158 00:09:47,417 --> 00:09:50,209 advertising, marketing to assure customers 159 00:09:50,292 --> 00:09:52,125 everything is fine when it was not. 160 00:09:52,209 --> 00:09:54,500 If those same resources would have been put 161 00:09:54,584 --> 00:09:57,459 to actually fix the problem, that would've been way cheaper. 162 00:10:10,751 --> 00:10:14,292 The real differentiation of Dominion is we are customer-driven. 163 00:10:14,375 --> 00:10:16,918 Our employees partner with our customers to make elections 164 00:10:17,000 --> 00:10:20,209 simpler, more secure, and more accessible. 165 00:10:51,042 --> 00:10:54,709 We are right now outside of Tallahassee, Florida, in Leon County. 166 00:10:55,918 --> 00:10:58,250 It's been almost 15 years 167 00:10:58,334 --> 00:11:00,667 from when we hacked the voting machines 168 00:11:00,751 --> 00:11:02,709 back in 2005. 169 00:11:06,375 --> 00:11:09,918 And we are here to see our old friend, lon Sancho, 170 00:11:10,000 --> 00:11:13,334 who was the election supervisor 171 00:11:13,417 --> 00:11:15,000 of Leon County. 172 00:11:16,542 --> 00:11:20,209 On September 30th of 2016, 173 00:11:20,292 --> 00:11:23,834 we get this cryptic email 174 00:11:23,918 --> 00:11:27,375 from the secretary of state of Florida's office, saying, 175 00:11:27,459 --> 00:11:30,834 "All supervisors of elections must be 176 00:11:30,918 --> 00:11:35,042 "on this conference call at such and such a time. 177 00:11:35,125 --> 00:11:36,918 "This is secure. 178 00:11:37,000 --> 00:11:40,292 You will be there, and you will not mention this call to anybody." 179 00:11:40,375 --> 00:11:43,876 - Mm-hmm. - We gathered our staff, put it on a speakerphone, 180 00:11:43,959 --> 00:11:47,083 and what it was, was the FBI 181 00:11:47,167 --> 00:11:50,792 was telling Florida election officials 182 00:11:50,876 --> 00:11:53,209 that a foreign power 183 00:11:53,292 --> 00:11:55,751 had penetrated a vendor 184 00:11:55,834 --> 00:11:59,542 - which does work in Florida. - Mm-hmm. 185 00:11:59,626 --> 00:12:01,125 It didn't take us long 186 00:12:01,209 --> 00:12:03,584 to figure out that they were talking about 187 00:12:03,667 --> 00:12:08,584 the GRU, i.e., Russia's military intelligence service. 188 00:12:10,542 --> 00:12:12,709 And the vendor was a Tallahassee vendor, 189 00:12:12,792 --> 00:12:14,417 - VR... - Mm-hmm. 190 00:12:14,500 --> 00:12:16,542 Which did all the programming 191 00:12:16,626 --> 00:12:19,584 for a majority of the counties in the state of Florida. 192 00:12:19,667 --> 00:12:22,083 They do the absentee ballots. 193 00:12:22,167 --> 00:12:24,918 They do the early voting operation. 194 00:12:26,000 --> 00:12:28,459 This... This company, 195 00:12:28,542 --> 00:12:30,667 if it had been hacked, 196 00:12:30,751 --> 00:12:34,542 it had the potential to really impact on Florida elections. 197 00:12:37,751 --> 00:12:41,042 VR Systems sells what are called electronic poll books, 198 00:12:41,125 --> 00:12:44,500 which are software or hardware or both, 199 00:12:44,584 --> 00:12:48,250 that have digitized the voter databases 200 00:12:48,334 --> 00:12:49,876 that are used to verify 201 00:12:49,959 --> 00:12:52,751 who is a legitimate voter and who's not. 202 00:12:52,834 --> 00:12:56,209 And VR Systems are responsible for the poll books 203 00:12:56,292 --> 00:12:59,125 in almost every county in Florida. 204 00:12:59,209 --> 00:13:01,709 I think there's 67 or 68 counties, 205 00:13:01,792 --> 00:13:05,209 and they had sold poll books in 64 of them. 206 00:13:06,709 --> 00:13:09,125 They also sell them around the country. 207 00:13:09,209 --> 00:13:11,250 They're in eight states. 208 00:13:11,334 --> 00:13:14,584 In this case, the vendor was VR Systems. 209 00:13:16,167 --> 00:13:19,542 Maybe the vendor was the first target, but it's not the real target. 210 00:13:19,626 --> 00:13:23,876 The real target was the jurisdictions of the customers. 211 00:13:23,959 --> 00:13:26,125 If what the bad guys wanna do is 212 00:13:26,209 --> 00:13:28,375 hack into the voting process, 213 00:13:28,459 --> 00:13:30,876 then they might target voter registration databases 214 00:13:30,959 --> 00:13:34,042 because they are open to the Internet by definition. 215 00:13:34,125 --> 00:13:37,334 Like if you want people to be able to register online, 216 00:13:37,417 --> 00:13:40,334 they have to be open to the Internet, so you can get to them. 217 00:13:40,417 --> 00:13:43,500 The other thing is that with a voter registration database, 218 00:13:43,584 --> 00:13:45,500 imagine you go in and you flip 219 00:13:45,584 --> 00:13:49,709 the second and third digits of everybody's address, 220 00:13:49,792 --> 00:13:53,334 so that, now, when they show up to the polls, 221 00:13:53,417 --> 00:13:56,542 their ID does not match their address on file 222 00:13:56,626 --> 00:13:58,751 in the voter registration database. 223 00:13:59,751 --> 00:14:02,626 It's virtually impossible to detect by eye, 224 00:14:02,709 --> 00:14:04,751 so a human's not gonna notice it, 225 00:14:04,834 --> 00:14:07,584 and yet, you could cause a lot of chaos at the polls. 226 00:14:07,667 --> 00:14:10,751 CBS North Carolina's Jonathan Rodriguez joins us live from Durham. 227 00:14:10,834 --> 00:14:12,667 It's been a very busy day of voting here. 228 00:14:12,751 --> 00:14:14,351 We're here at the Bethesda Ruritan Club, 229 00:14:14,375 --> 00:14:15,792 where people can go out and vote. 230 00:14:15,876 --> 00:14:18,000 It started a little bit rocky for voters out here, 231 00:14:18,083 --> 00:14:20,042 and it's all due to a technical glitch. 232 00:14:20,125 --> 00:14:21,709 Normally, when you go inside here, 233 00:14:21,792 --> 00:14:23,458 they would get on a computer and get your name 234 00:14:23,459 --> 00:14:25,339 and your information to see who's voting, right? 235 00:14:25,375 --> 00:14:27,542 Well, that's the system that had a glitch 236 00:14:27,626 --> 00:14:30,042 and required them to go back to paper polling, 237 00:14:30,125 --> 00:14:31,375 the old-school way of doing it. 238 00:14:31,459 --> 00:14:32,958 Durham County was ordered 239 00:14:32,959 --> 00:14:36,083 to go to the paper poll books 240 00:14:36,167 --> 00:14:37,876 and to shut down the computers. 241 00:14:37,959 --> 00:14:40,375 Basically now, it's a big stack of papers that has 242 00:14:40,459 --> 00:14:44,125 every registered voter on it, and they have to check you in that way. 243 00:14:44,209 --> 00:14:46,792 They said it impacted at least six other precincts, 244 00:14:46,876 --> 00:14:48,584 slowing down voting times. 245 00:14:51,250 --> 00:14:55,626 "It's a glitch why all of the electronic voter ID systems 246 00:14:55,709 --> 00:14:58,042 "in particular precincts in America 247 00:14:58,125 --> 00:15:00,083 went down uniformly. Oh, it's a glitch." 248 00:15:00,167 --> 00:15:03,542 Excuse me. There is no such thing as a glitch. 249 00:15:03,626 --> 00:15:06,167 - No. - That's a term 250 00:15:06,250 --> 00:15:09,751 that we use to hide problems, not illuminate problems. 251 00:15:09,834 --> 00:15:12,792 Long lines and some equipment malfunctions were reported. 252 00:15:12,876 --> 00:15:16,125 Machine malfunction forces wait times to exceed two hours. 253 00:15:16,209 --> 00:15:20,042 This line, all the way around the building, waiting to vote. 254 00:15:20,125 --> 00:15:23,250 I work. I won't be able to get back over here 255 00:15:23,334 --> 00:15:24,959 in time to vote. 256 00:15:25,042 --> 00:15:28,500 If your goal is to undermine democracy, 257 00:15:28,584 --> 00:15:31,209 you actually don't need to change votes 258 00:15:31,292 --> 00:15:33,083 to hack an election. 259 00:15:33,167 --> 00:15:35,334 When you prevent people from casting a ballot, 260 00:15:35,417 --> 00:15:37,542 you've hacked an election. 261 00:15:38,083 --> 00:15:40,792 Quite frankly, all election officials in America 262 00:15:40,876 --> 00:15:43,500 were clueless of what was going on. 263 00:15:43,584 --> 00:15:46,292 In fact, we heard nothing 264 00:15:46,375 --> 00:15:49,834 until a national security subcontractor 265 00:15:49,918 --> 00:15:52,459 - called Reality Winner. - Mm-hmm. 266 00:15:52,542 --> 00:15:55,375 Reality Winner ran across 267 00:15:55,459 --> 00:15:58,626 a report from National Security, 268 00:15:58,709 --> 00:16:01,209 detailing how the attacks were done 269 00:16:01,292 --> 00:16:03,834 around the states in the United States of America. 270 00:16:06,334 --> 00:16:08,959 This was considered top secret... 271 00:16:12,584 --> 00:16:14,542 and no election official 272 00:16:14,626 --> 00:16:17,792 - in the country knew about it. - Mm-hmm. 273 00:16:17,876 --> 00:16:19,918 It was about a year later before the states 274 00:16:20,000 --> 00:16:21,680 that were actually attacked by the Russians 275 00:16:21,751 --> 00:16:23,951 were able to hear and know it was the Russians doing it. 276 00:16:24,000 --> 00:16:25,959 We should never have that. 277 00:16:27,292 --> 00:16:29,500 Barely one hour after The Intercept, 278 00:16:29,584 --> 00:16:31,709 an online news site, posted a story about 279 00:16:31,792 --> 00:16:35,292 a top-secret US government document on Russian hacking, 280 00:16:35,375 --> 00:16:38,792 the Justice Department said a 25-year-old Georgia woman, 281 00:16:38,876 --> 00:16:41,167 Reality Leigh Winner, had been arrested for leaking it. 282 00:16:41,250 --> 00:16:44,584 The document that she leaked was the actual proof 283 00:16:44,667 --> 00:16:46,876 that the Russians had attempted 284 00:16:46,959 --> 00:16:49,626 to hack into our voting software. 285 00:16:49,709 --> 00:16:51,959 She was trapped in a world where she was going to work 286 00:16:52,042 --> 00:16:54,250 every day at the NSA, 287 00:16:54,334 --> 00:16:56,626 and the news was conflicting 288 00:16:56,709 --> 00:16:59,584 with the proof that was right on her computer screen. 289 00:16:59,667 --> 00:17:01,918 She was basically releasing information 290 00:17:02,000 --> 00:17:04,250 that we were under attack. 291 00:17:07,584 --> 00:17:10,042 Based on the volume and the level of activity 292 00:17:10,125 --> 00:17:12,751 that we had seen, I had no reason to believe 293 00:17:12,834 --> 00:17:15,876 that the Russians hadn't tried to access 294 00:17:15,959 --> 00:17:18,834 some kind of voter system in all of the states. 295 00:17:18,918 --> 00:17:21,626 That was really a moment where we realized, like, 296 00:17:21,709 --> 00:17:26,209 that this was, uh, a very large-scale operation 297 00:17:26,292 --> 00:17:28,751 beyond anything that we had really, I think, 298 00:17:28,834 --> 00:17:31,959 anticipated up to that point. 299 00:17:48,500 --> 00:17:51,834 Reality Winner will now serve more than five years in prison. 300 00:17:51,918 --> 00:17:54,375 That's the longest sentence ever imposed 301 00:17:54,459 --> 00:17:57,250 for this kind of violation. 302 00:17:57,334 --> 00:17:59,625 I think she's a heroine for releasing that information 303 00:17:59,626 --> 00:18:02,250 because, until that moment, we did not know 304 00:18:02,334 --> 00:18:04,459 the extent of this operation. 305 00:18:06,292 --> 00:18:08,918 She's got a minimum of a five-year sentence 306 00:18:09,000 --> 00:18:11,667 that she's serving in federal prison. 307 00:18:11,751 --> 00:18:14,959 But that's not gonna prevent an attack on our system 308 00:18:15,042 --> 00:18:17,542 or ensure that our votes are being counted. 309 00:18:20,500 --> 00:18:22,792 The American government was caught off guard. 310 00:18:22,876 --> 00:18:27,000 The election systems were caught off guard in 2016. 311 00:18:27,709 --> 00:18:29,375 In a way, 312 00:18:29,459 --> 00:18:31,459 it was a failure of imagination on our part, 313 00:18:31,542 --> 00:18:35,292 because if we look back at the Russian military doctrines 314 00:18:35,375 --> 00:18:39,584 that were outlined in 2011 by General Gerasimov, 315 00:18:39,667 --> 00:18:41,292 who was the equivalent of the Russian 316 00:18:41,375 --> 00:18:43,375 Chairman of the Joint Chiefs of Staff, 317 00:18:43,459 --> 00:18:45,792 he said in 2011 that 318 00:18:45,876 --> 00:18:48,876 Russia could not compete with the West 319 00:18:48,959 --> 00:18:51,876 in tanks and trucks and planes and bullets. 320 00:18:51,959 --> 00:18:56,125 But they could compete in the area of cyber and misinformation, 321 00:18:56,209 --> 00:18:58,792 disinformation, and sowing dissension. 322 00:18:58,876 --> 00:19:00,959 And what better way to sow dissension 323 00:19:01,042 --> 00:19:03,292 than to corrupt an election process? 324 00:19:03,375 --> 00:19:05,166 I serve on the Senate Intelligence Committee, 325 00:19:05,167 --> 00:19:07,584 and I can tell you every single country in NATO 326 00:19:07,667 --> 00:19:10,626 has had Russian interference in their elections, every one of them. 327 00:19:10,709 --> 00:19:13,167 The campaign of centrist Emmanuel Macron 328 00:19:13,250 --> 00:19:15,167 claims it suffered a massive 329 00:19:15,250 --> 00:19:17,918 and coordinated 11th-hour cyber attack, 330 00:19:18,000 --> 00:19:20,667 with leaked documents designed to destabilize 331 00:19:20,751 --> 00:19:22,542 tomorrow's runoff election. 332 00:19:22,626 --> 00:19:24,786 Analysts say Putin wants to work against Macron 333 00:19:24,834 --> 00:19:27,667 to tilt the election toward his favorite candidate, 334 00:19:27,751 --> 00:19:30,125 the far-right populist Marine Le Pen, 335 00:19:30,209 --> 00:19:32,834 who wants to bring France out of NATO and the EU. 336 00:19:32,918 --> 00:19:34,500 The day before the Ukrainian 337 00:19:34,584 --> 00:19:36,417 presidential election results were announced, 338 00:19:36,500 --> 00:19:39,918 a hacker group calling themselves CyberBerkut 339 00:19:40,000 --> 00:19:43,250 infiltrated Ukraine's central election computer systems. 340 00:19:43,334 --> 00:19:46,584 According to Ukraine officials, if the malicious software 341 00:19:46,667 --> 00:19:49,542 they installed had not been discovered and removed, 342 00:19:49,626 --> 00:19:51,792 it would've portrayed that ultra-nationalist 343 00:19:51,876 --> 00:19:54,042 Right Sector leader Dmytro Yarosh 344 00:19:54,125 --> 00:19:56,209 had won with 37 percent of the vote, 345 00:19:56,292 --> 00:19:59,542 instead of the one percent he actually received. 346 00:19:59,626 --> 00:20:01,125 Moderate Petro Poroshenko, 347 00:20:01,209 --> 00:20:03,292 the actual winner with a majority of the vote, 348 00:20:03,375 --> 00:20:06,626 would've been placed in second with 29 percent. 349 00:20:06,709 --> 00:20:10,292 That evening, Russian Channel One aired a bulletin declaring 350 00:20:10,375 --> 00:20:13,959 Mr. Yarosh the winner, quoting these exact percentages. 351 00:20:16,042 --> 00:20:17,959 We are more vulnerable 352 00:20:18,042 --> 00:20:22,542 to this kind of subtle, hard-to-attribute attack 353 00:20:22,626 --> 00:20:25,792 than we are to tanks, airplanes, and ships. 354 00:20:25,876 --> 00:20:30,292 And we need to shift the mentality away from, 355 00:20:30,375 --> 00:20:32,209 "The Internet is secure, 356 00:20:32,292 --> 00:20:34,667 "and no one is able to tamper 357 00:20:34,751 --> 00:20:36,584 with the American election system," 358 00:20:36,667 --> 00:20:39,751 to the reality that was demonstrated in 2016. 359 00:20:39,834 --> 00:20:42,334 We're in 2016. We just assumed we're the big dog, 360 00:20:42,417 --> 00:20:44,876 and no one's gonna mess with the big dog on the porch. 361 00:20:44,959 --> 00:20:46,751 That's not true of the Russians. 362 00:21:12,876 --> 00:21:16,959 So, this is the land border between Finland and Russia. 363 00:21:17,042 --> 00:21:20,417 This border is very closely monitored and guarded. 364 00:21:21,876 --> 00:21:23,834 We don't know what is on the Russian side. 365 00:21:23,918 --> 00:21:25,667 We only know what is on Finnish side. 366 00:21:25,751 --> 00:21:29,000 Finnish side has a constant electronic surveillance 367 00:21:29,083 --> 00:21:32,459 to make certain that anything crossing the border will be detected 368 00:21:32,542 --> 00:21:36,500 and will be intercepted by the border guards, who are always on duty. 369 00:21:41,500 --> 00:21:44,042 The borderline between Finland and Russia 370 00:21:44,125 --> 00:21:45,876 was altered in Second World War, 371 00:21:45,959 --> 00:21:48,751 where large portions of the land 372 00:21:48,834 --> 00:21:52,459 was lost to Russia, so Soviet Union back in those days. 373 00:21:52,542 --> 00:21:56,167 So, we do have a long-lasting distrust 374 00:21:56,250 --> 00:21:58,334 to our neighbors, and really, 375 00:21:58,417 --> 00:22:03,042 the political climate where we are right now, it's... 376 00:22:03,125 --> 00:22:05,167 we are in a new Cold War, 377 00:22:05,250 --> 00:22:07,459 in a very real sense. 378 00:22:34,000 --> 00:22:35,720 Yeah, that was a mainframe computer. 379 00:22:35,792 --> 00:22:37,918 That's actually, I think, this is Honeywell. 380 00:22:38,000 --> 00:22:40,626 It's kind of funny to see the old... 381 00:22:40,709 --> 00:22:44,417 big tape... mass storage units. 382 00:22:44,876 --> 00:22:48,083 Actually, the first thing here is... 383 00:22:48,500 --> 00:22:50,751 "Harri, 15 years old, 384 00:22:50,834 --> 00:22:54,459 "is programming enterprise... 385 00:22:54,542 --> 00:22:56,000 computer systems." 386 00:22:56,083 --> 00:22:58,751 And here's my software, which was used in, uh, 387 00:22:58,834 --> 00:23:01,876 new... developing new treatments for cancer 388 00:23:01,959 --> 00:23:04,542 and "Leukemia: A New Hope." 389 00:23:04,626 --> 00:23:08,209 Two different medical systems, which I helped to build. 390 00:23:08,292 --> 00:23:10,417 Another one is a blood analysis. 391 00:23:10,500 --> 00:23:14,667 Another one is imaging, heart imaging system, with visible... 392 00:23:14,751 --> 00:23:16,584 Simon Ardizzone: 393 00:23:16,667 --> 00:23:20,083 Uh, 13... 394 00:23:20,167 --> 00:23:22,459 No, I was younger, 12. 395 00:23:58,000 --> 00:23:59,375 Three years old. 396 00:24:03,584 --> 00:24:06,834 Hmm. I don't know if I want it, but... 397 00:24:09,042 --> 00:24:10,667 So, this is the... 398 00:24:11,542 --> 00:24:14,083 third-highest medal which can be given 399 00:24:14,167 --> 00:24:16,000 by the military to a civilian. 400 00:24:17,042 --> 00:24:19,375 - Given for me. - What was it given for, Harri? 401 00:24:19,459 --> 00:24:22,626 - Writing software. - Must've been pretty good software to get a medal. 402 00:24:22,709 --> 00:24:25,626 Yep. Pretty good software. 403 00:24:25,709 --> 00:24:27,709 'Cause those are not floating around. 404 00:24:27,792 --> 00:24:31,167 - Can you tell us what the software did? - No. 405 00:24:32,709 --> 00:24:34,834 It's for general service. 406 00:24:40,334 --> 00:24:43,042 If the endgame of the Russians 407 00:24:43,125 --> 00:24:45,751 in the last US presidential elections was 408 00:24:45,834 --> 00:24:47,834 to make United States weaker, 409 00:24:47,918 --> 00:24:49,918 they absolutely did that. 410 00:24:50,000 --> 00:24:53,667 A divided nation is a weaker nation. 411 00:24:58,083 --> 00:25:01,125 We've been tracking Russian cyber operations 412 00:25:01,209 --> 00:25:05,459 for 15 years, and it's remarkable how... 413 00:25:06,125 --> 00:25:08,334 how good they are in this, and how, how, how 414 00:25:08,417 --> 00:25:09,834 brazen they are. 415 00:25:09,918 --> 00:25:13,167 They're actually not worried about getting caught, 416 00:25:13,250 --> 00:25:15,751 and that's, that's, that's remarkable. 417 00:25:15,834 --> 00:25:19,042 'Cause I remember the first white papers we released 418 00:25:19,125 --> 00:25:22,250 about their targets in Central Europe, 419 00:25:22,334 --> 00:25:24,751 or in Poland, or in Ukraine, 420 00:25:24,834 --> 00:25:28,584 and we thought we had a really explosive report. 421 00:25:28,667 --> 00:25:31,500 We were publishing their, their servers, 422 00:25:31,584 --> 00:25:36,042 their IP ranges, their encryption keys, everything. 423 00:25:36,125 --> 00:25:38,834 And then we put it out, we put out the PDF, on our website, 424 00:25:38,918 --> 00:25:41,459 we get thousands of downloads from all over the world. 425 00:25:41,542 --> 00:25:44,167 Now we're watching like, how are they gonna react? 426 00:25:44,250 --> 00:25:46,792 What are they gonna do? Are they gonna stop everything? 427 00:25:46,876 --> 00:25:49,125 They did nothing. The next day, 428 00:25:49,209 --> 00:25:51,500 they continue with the same operations, 429 00:25:51,584 --> 00:25:55,292 same IP addresses, same encryption keys, same pieces of malware. 430 00:25:55,375 --> 00:26:00,167 They just didn't care, and that's the only evidence you need 431 00:26:00,250 --> 00:26:02,209 that these are governmental operations. 432 00:26:02,292 --> 00:26:04,042 They're not worried about getting caught. 433 00:26:04,125 --> 00:26:06,751 They're not worried about getting police at their doors. 434 00:26:06,834 --> 00:26:08,584 Police won't come to their doors 435 00:26:08,667 --> 00:26:10,347 because they are the government themselves. 436 00:26:10,375 --> 00:26:14,083 Well, actually, they probably are building it into the model. 437 00:26:14,167 --> 00:26:17,459 That's part of the thing, they are expecting to be caught, 438 00:26:17,542 --> 00:26:19,584 and it's on your face, it's a power play. 439 00:26:19,667 --> 00:26:22,250 It's like, "See what I can do? I don't care!" 440 00:26:22,334 --> 00:26:24,792 I hate the way you think, Harri. 441 00:26:24,876 --> 00:26:26,918 I hate the way you think! 442 00:26:27,000 --> 00:26:29,459 Well, you know, I think like the bad person. 443 00:26:29,542 --> 00:26:32,000 - Yes! - That's... That's what I do. 444 00:26:32,083 --> 00:26:34,250 Right, right, right. 445 00:26:44,667 --> 00:26:46,747 My name is Thomas Hicks and I'm chairman 446 00:26:46,751 --> 00:26:50,292 of the United States Election Assistance Commission, or EAC. 447 00:26:57,459 --> 00:27:00,417 What is important in identifying in today's hearing is that 448 00:27:00,500 --> 00:27:03,417 the complexity of our American election assistance... 449 00:27:03,500 --> 00:27:06,250 System both deters attacks 450 00:27:06,334 --> 00:27:08,375 and allows election officials to ensure 451 00:27:08,459 --> 00:27:11,000 the integrity of the election in the event of an attack. 452 00:27:11,083 --> 00:27:13,042 So, you've got a couple of systems that are here 453 00:27:13,125 --> 00:27:15,458 in the election structure that most Americans don't know about. 454 00:27:15,459 --> 00:27:18,042 They know about where they go to vote and their polling place. 455 00:27:18,125 --> 00:27:20,167 They don't know the system from their polling place 456 00:27:20,250 --> 00:27:22,500 to their state or their county and how that gets counted, 457 00:27:22,584 --> 00:27:25,375 or even something called the election assistance commission, 458 00:27:25,459 --> 00:27:27,250 which is an advisory commission 459 00:27:27,334 --> 00:27:29,174 to be able to help everyone in their elections. 460 00:27:29,209 --> 00:27:31,000 First and foremost, I am here 461 00:27:31,083 --> 00:27:34,834 to communicate one message, that message is that our elections are secure. 462 00:27:34,918 --> 00:27:38,292 They are secure because the American Election Administration system 463 00:27:38,375 --> 00:27:39,709 inherently protects them. 464 00:27:57,584 --> 00:28:00,709 Andrei Barysevich: 465 00:28:09,792 --> 00:28:12,709 On forums, you can find compromised credentials. 466 00:28:12,792 --> 00:28:15,167 You can find malware. You can find partners 467 00:28:15,250 --> 00:28:16,626 for cash-out operations, 468 00:28:16,709 --> 00:28:18,584 and this is where Rasputin 469 00:28:18,667 --> 00:28:21,083 was attempting to sell his information. 470 00:28:21,167 --> 00:28:23,292 Barysevich: 471 00:28:49,209 --> 00:28:50,334 Yeah. 472 00:28:59,959 --> 00:29:02,542 Well, this is very interesting. 473 00:29:03,209 --> 00:29:04,667 EAC is acting 474 00:29:04,751 --> 00:29:07,083 as the ultimate clearing house 475 00:29:07,167 --> 00:29:11,417 of all the information for best practices, for testing. 476 00:29:11,500 --> 00:29:13,334 Also, they have a lot of information 477 00:29:13,417 --> 00:29:15,167 which systems are deployed and where. 478 00:29:15,250 --> 00:29:17,292 Hart InterCivic, Dominion, 479 00:29:17,375 --> 00:29:18,876 ES&S. 480 00:29:18,959 --> 00:29:21,667 You basically have way over 80 percent 481 00:29:21,751 --> 00:29:23,834 of all the system which is on the first page. 482 00:29:23,918 --> 00:29:27,334 So, for anyone who is wanting to do illegal acts, 483 00:29:27,417 --> 00:29:29,167 this gives you one-stop shop 484 00:29:29,250 --> 00:29:32,250 all the information you need to plan your attack campaign. 485 00:29:32,334 --> 00:29:35,042 - It's a very horrible scenario. - Yeah. 486 00:29:36,209 --> 00:29:38,959 - "Daniel Brandes." - Yeah, stolen credentials. 487 00:29:39,042 --> 00:29:42,459 Some guy whose credentials got stolen. 488 00:29:42,542 --> 00:29:45,375 My name was on that screenshot, but it could've been anybody. 489 00:29:45,459 --> 00:29:49,125 To this day, I still don't know why they chose me. 490 00:29:49,209 --> 00:29:51,375 But it was quite a shock. 491 00:29:52,334 --> 00:29:56,042 Maybe I was on Rasputin's hack because I was the new guy, 492 00:29:56,125 --> 00:29:59,417 and he wanted to exploit the new guy 493 00:29:59,876 --> 00:30:02,709 'cause that would be the path of least resistance. 494 00:30:02,792 --> 00:30:06,125 What Rasputin did was he went to the login page, 495 00:30:06,209 --> 00:30:08,459 and where you put your username in, 496 00:30:08,542 --> 00:30:11,375 he had put his exploit code in there, 497 00:30:11,459 --> 00:30:14,584 and then he had full access to the database. 498 00:30:14,667 --> 00:30:16,918 Barysevich: 499 00:30:22,250 --> 00:30:24,834 There's very recent dates. We are talking here 500 00:30:24,918 --> 00:30:27,000 September 2016, 501 00:30:27,083 --> 00:30:30,375 - October... - October to November 2016, 502 00:30:30,459 --> 00:30:32,167 so this is very recent. 503 00:30:32,250 --> 00:30:34,876 They can do whatever they want to that database. 504 00:30:34,959 --> 00:30:38,417 And now, the database and the server were separate, 505 00:30:38,500 --> 00:30:41,125 so now if you have access to the database, 506 00:30:41,209 --> 00:30:43,709 then you can get into the server. 507 00:30:43,792 --> 00:30:46,918 And the proprietary information was not 508 00:30:47,000 --> 00:30:49,125 on the database, it was on the server. 509 00:30:50,500 --> 00:30:52,584 Barysevich: 510 00:31:39,334 --> 00:31:43,167 One of the document archives was the test reports 511 00:31:43,250 --> 00:31:45,751 of voting machines, and these reports 512 00:31:45,834 --> 00:31:47,500 have a list of file names. 513 00:31:47,584 --> 00:31:50,709 One could argue that file name list is not valuable, 514 00:31:50,792 --> 00:31:53,459 but for attacker, it is extremely valuable. 515 00:31:53,542 --> 00:31:56,876 Now you know of third-party libraries. 516 00:31:56,959 --> 00:31:59,709 You know open-source software. 517 00:31:59,792 --> 00:32:01,375 You learn a lot. 518 00:32:01,459 --> 00:32:03,209 Rasputin, to this day, 519 00:32:03,292 --> 00:32:05,334 could still have that information. 520 00:32:05,417 --> 00:32:07,584 I mean, if he copied them all, 521 00:32:07,667 --> 00:32:11,500 he probably still has all that very sensitive information 522 00:32:11,584 --> 00:32:15,167 that he could end up selling still. 523 00:32:15,250 --> 00:32:18,834 As soon as we learned the full extent of his hack, 524 00:32:18,918 --> 00:32:22,042 we knew that it was tremendously important. 525 00:32:22,751 --> 00:32:25,792 And I spent all night long talking to him 526 00:32:25,876 --> 00:32:27,292 and waiting for law enforcement 527 00:32:27,375 --> 00:32:28,876 to get back to us in the morning. 528 00:32:28,959 --> 00:32:31,292 And then you learn where a state has vulnerability 529 00:32:31,375 --> 00:32:33,250 by hacking into the EAC. 530 00:32:33,334 --> 00:32:35,042 So, if someone gets into the EAC, 531 00:32:35,125 --> 00:32:37,334 there may be communication from one state saying, 532 00:32:37,417 --> 00:32:39,374 "Hey, we're having a problem with a certain county." 533 00:32:39,375 --> 00:32:41,751 They now know where the weak link is, 534 00:32:41,834 --> 00:32:44,083 and they can try to reach in that weak link. 535 00:32:44,167 --> 00:32:46,584 So, it's a long system, but for a persistent actor, 536 00:32:46,667 --> 00:32:49,250 especially for a foreign government who has the finances 537 00:32:49,334 --> 00:32:51,709 and the capability to be able to be persistent in it, 538 00:32:51,792 --> 00:32:53,292 this is a way to do it. 539 00:32:55,751 --> 00:32:59,000 We have three main election vendors 540 00:32:59,083 --> 00:33:01,375 that are running the election machinery 541 00:33:01,459 --> 00:33:03,667 that run our democracy in this country. 542 00:33:03,751 --> 00:33:07,334 Dominion, ES&S, and Hart. 543 00:33:07,417 --> 00:33:10,500 We're very concerned because there's only three companies. 544 00:33:10,584 --> 00:33:13,000 You could easily hack into them. 545 00:33:13,083 --> 00:33:16,209 It makes it seem like all these states are doing 546 00:33:16,292 --> 00:33:19,834 different things, but, in fact, three companies are controlling this. 547 00:33:19,918 --> 00:33:22,083 We don't know anything about 548 00:33:22,167 --> 00:33:24,626 how they organize themselves and how 549 00:33:24,709 --> 00:33:28,918 their software works because it's all proprietary. 550 00:33:29,000 --> 00:33:32,375 The degree to which the voting machine companies 551 00:33:32,459 --> 00:33:34,834 will say, "We got this," 552 00:33:34,918 --> 00:33:37,417 that's almost always a warning sign for anybody 553 00:33:37,500 --> 00:33:39,834 in the cybersecurity business, because... 554 00:33:39,918 --> 00:33:42,417 um, unless they are really, truly skilled, 555 00:33:42,500 --> 00:33:44,417 and have been doing cybersecurity 556 00:33:44,500 --> 00:33:46,334 as their main business for a long time, 557 00:33:46,417 --> 00:33:47,751 they usually don't got this. 558 00:33:47,834 --> 00:33:51,751 Unlike Microsoft, who's actually very transparent 559 00:33:51,834 --> 00:33:53,584 about their security issues, 560 00:33:53,667 --> 00:33:55,500 and they have hackers 561 00:33:55,584 --> 00:33:58,042 routinely come in and hack them, 562 00:33:58,125 --> 00:34:00,083 and then they make their vulnerabilities 563 00:34:00,167 --> 00:34:03,042 public information, in most cases, 564 00:34:03,125 --> 00:34:06,626 the voting machine vendors are the opposite of that. 565 00:34:06,709 --> 00:34:08,549 You know, one of the things me and my teammates 566 00:34:08,626 --> 00:34:10,500 here at ES&S talk about frequently 567 00:34:10,584 --> 00:34:12,584 is we really wish we had the opportunity 568 00:34:12,667 --> 00:34:14,584 for all of you, our customers, 569 00:34:14,667 --> 00:34:16,792 to come visit us here in Omaha, 570 00:34:16,876 --> 00:34:18,751 and see what we do live and in action. 571 00:34:18,834 --> 00:34:23,209 Those companies will give lip service to cybersecurity, 572 00:34:23,292 --> 00:34:26,667 but when cybersecurity experts come in and say, 573 00:34:26,751 --> 00:34:28,584 "We would like to talk to you about this," 574 00:34:28,667 --> 00:34:31,751 or "We would like to see how you are handling this," 575 00:34:31,834 --> 00:34:34,042 they are actually very, very negative. 576 00:34:34,125 --> 00:34:38,042 What I've found, especially in the voting system arena, 577 00:34:38,125 --> 00:34:41,000 is that security is not really taken very seriously. 578 00:34:48,250 --> 00:34:50,000 We posted a testing plan 579 00:34:50,083 --> 00:34:51,750 with the California Secretary of State's office, 580 00:34:51,751 --> 00:34:53,417 saying we were gonna do X, Y, and Z, 581 00:34:53,500 --> 00:34:55,250 and they approved that plan, and so, 582 00:34:55,334 --> 00:34:58,000 we started that plan of testing. 583 00:34:59,626 --> 00:35:03,417 Voting on the DS-200 is as easy as 1, 2, 3. 584 00:35:03,500 --> 00:35:07,042 The DS-200 digital scanner is a simple-to-use... 585 00:35:07,125 --> 00:35:10,959 And what we found is, just it's staggering. 586 00:35:11,042 --> 00:35:12,584 There were multiple vulnerabilities 587 00:35:12,667 --> 00:35:16,125 that could allow an attacker to get 588 00:35:16,209 --> 00:35:20,125 the highest level of privilege or the highest level of rights, 589 00:35:20,209 --> 00:35:22,709 and then gain remote access into the system, 590 00:35:22,792 --> 00:35:26,292 and do what you wanna do, whether it's 591 00:35:26,375 --> 00:35:28,834 change an election or shut the system down. 592 00:35:28,918 --> 00:35:32,334 Our dedication is to the absolute highest standards 593 00:35:32,417 --> 00:35:35,751 of accuracy, security, and reliability. 594 00:35:37,209 --> 00:35:42,209 We believe in honesty, commitment, trust, and respect. 595 00:35:42,292 --> 00:35:44,792 And when ES&S discovered 596 00:35:44,876 --> 00:35:47,125 that we were not using their testing plan, 597 00:35:47,209 --> 00:35:48,667 they were appalled. 598 00:35:48,751 --> 00:35:50,071 When we used our own testing plan 599 00:35:50,083 --> 00:35:51,375 and found these vulnerabilities, 600 00:35:51,459 --> 00:35:53,374 they pretty much told us that they had their own team 601 00:35:53,375 --> 00:35:54,735 and that they were not interested. 602 00:35:54,792 --> 00:35:56,500 The fact that we have vendors that say, 603 00:35:56,584 --> 00:35:58,792 "You cannot look at our code," 604 00:35:58,876 --> 00:36:01,626 is the first problem. 605 00:36:01,709 --> 00:36:05,500 In 2014, we evaluated Dominion's Democracy Suite. 606 00:36:05,584 --> 00:36:08,542 We're on the forefront of really something that 607 00:36:08,626 --> 00:36:11,709 is gonna be accessible, it's gonna be cost-effective, 608 00:36:11,792 --> 00:36:13,542 and it's gonna be efficient. 609 00:36:13,626 --> 00:36:15,208 We'd found a number of vulnerabilities. 610 00:36:15,209 --> 00:36:18,918 The same thing with ES&S, we found multiple, 611 00:36:19,000 --> 00:36:21,626 um, operating system patches missing. 612 00:36:21,709 --> 00:36:23,209 And, essentially, what that means 613 00:36:23,292 --> 00:36:26,000 is an attacker can inject code into that system, 614 00:36:26,083 --> 00:36:28,584 execute that with a possibility of 615 00:36:28,667 --> 00:36:30,876 receiving some sort of control. 616 00:36:31,959 --> 00:36:33,833 If I can get on that system, if I can get access 617 00:36:33,834 --> 00:36:36,709 to the database, and if I can change the elections, 618 00:36:36,792 --> 00:36:42,250 change an election for a city, for a county, for a state, however. 619 00:36:44,209 --> 00:36:47,209 How can a vendor sell a voting system 620 00:36:47,292 --> 00:36:49,709 with this many vulnerabilities? 621 00:36:49,792 --> 00:36:53,000 And I just can't find a straight answer. 622 00:36:53,083 --> 00:36:55,166 What's happened over the last couple years is, obviously, 623 00:36:55,167 --> 00:36:57,417 there's been a revolution in the kind of devices 624 00:36:57,500 --> 00:36:59,940 that you can get off the shelf, and it's really allowed us to, 625 00:37:00,000 --> 00:37:02,125 again, to focus on the actual election software 626 00:37:02,209 --> 00:37:04,751 that we're loading up on these off-the-shelf components. 627 00:37:04,834 --> 00:37:07,834 A lot of developers today developing 628 00:37:07,918 --> 00:37:09,876 applications, which are critical, 629 00:37:09,959 --> 00:37:11,918 don't really know what they are doing. 630 00:37:12,000 --> 00:37:16,250 And they are simply picking up a ready-made box, 631 00:37:16,334 --> 00:37:19,626 and building the application by using these blocks, 632 00:37:19,709 --> 00:37:22,000 and not that careful. 633 00:37:22,083 --> 00:37:24,918 Because people are only looking, "Is it functional?" 634 00:37:25,000 --> 00:37:27,167 And I think that's probably one of the issues 635 00:37:27,250 --> 00:37:29,000 that the vendors are having is 636 00:37:29,083 --> 00:37:31,667 that they don't know what they have in those systems. 637 00:37:31,751 --> 00:37:33,834 They don't know what code is in those systems. 638 00:37:33,918 --> 00:37:37,000 They just make it work, and they sell it. 639 00:37:37,083 --> 00:37:39,292 We should know every single line of code 640 00:37:39,375 --> 00:37:41,000 that is in that software. 641 00:37:41,083 --> 00:37:43,125 We should know every bit and byte 642 00:37:43,209 --> 00:37:45,584 that goes across the lines in that hardware, 643 00:37:45,667 --> 00:37:47,227 and we should be able to validate that. 644 00:37:47,250 --> 00:37:49,292 We should have procedures to validate 645 00:37:49,375 --> 00:37:50,834 that everything that we're doing 646 00:37:50,918 --> 00:37:53,125 is the right way of doing things. 647 00:38:24,209 --> 00:38:28,292 In a half mile, continue onto 14 East. 648 00:38:28,375 --> 00:38:31,709 There is a gentleman who is on eBay selling 649 00:38:31,792 --> 00:38:34,042 AccuVote TSX voting machine, 650 00:38:34,125 --> 00:38:37,334 and that is a voting machine system used here in Ohio. 651 00:38:38,083 --> 00:38:39,751 Well, it will be interesting to see 652 00:38:39,834 --> 00:38:41,500 what is the story behind this, 653 00:38:41,584 --> 00:38:44,542 why these are $79 each. 654 00:38:44,626 --> 00:38:47,792 It's gonna be very interesting to learn what's going on here. 655 00:38:52,709 --> 00:38:56,000 Yeah, I used to grow up in places like this. 656 00:38:56,834 --> 00:38:59,584 Building stuff from salvaged electronics. 657 00:38:59,667 --> 00:39:01,792 The smell of old. 658 00:39:02,709 --> 00:39:04,834 Actually condensators. 659 00:39:06,500 --> 00:39:08,083 Oh wow. 660 00:39:09,375 --> 00:39:11,000 Look at that. 661 00:39:12,876 --> 00:39:15,250 That's a lot more than I was expecting. 662 00:39:15,334 --> 00:39:17,500 Oh my God. 663 00:39:18,459 --> 00:39:21,209 The AccuVote TSX is 664 00:39:21,292 --> 00:39:24,918 one of the most popular voting machines in the United States. 665 00:39:25,000 --> 00:39:28,584 It's a direct-recording electronic machine. 666 00:39:31,292 --> 00:39:34,042 It's an extremely vulnerable machine. 667 00:39:34,125 --> 00:39:36,459 It's also a very old machine, 668 00:39:36,542 --> 00:39:40,375 and yet, it's still being used all over the country. 669 00:39:43,209 --> 00:39:45,334 I was contacted by the insurance company 670 00:39:45,417 --> 00:39:47,167 that did the buyout. 671 00:39:47,876 --> 00:39:49,667 I had not... 672 00:39:49,751 --> 00:39:52,209 printed off and looked at all of them when the last time 673 00:39:52,292 --> 00:39:54,167 it was in service. I just know... 674 00:39:54,250 --> 00:39:56,834 in 2002 is when they put them in service, 675 00:39:56,918 --> 00:39:59,167 and they turned around... 676 00:39:59,250 --> 00:40:01,708 - Well, let's take a look. - That's when you get all those touch screens, 677 00:40:01,709 --> 00:40:03,667 right after the 2000 election. 678 00:40:03,751 --> 00:40:05,375 So, 2011... 679 00:40:06,417 --> 00:40:09,542 - Oh yeah. Oh wow. - 2012... 680 00:40:09,626 --> 00:40:11,584 Looks like this has been last time used in 681 00:40:11,667 --> 00:40:13,792 June, July 2013. 682 00:40:14,209 --> 00:40:15,417 That's the newer one. 683 00:40:15,500 --> 00:40:19,167 That's the one which the vendor claims to be secure. 684 00:40:20,542 --> 00:40:22,584 200... 685 00:40:22,667 --> 00:40:24,250 20... 686 00:40:25,626 --> 00:40:28,083 - And five. - All righty. 687 00:40:28,167 --> 00:40:30,000 - Thank you, sir. - Thank you. 688 00:40:30,083 --> 00:40:33,167 So, do you sell these anywhere in the world? 689 00:40:33,250 --> 00:40:37,292 I don't right now, but I would have absolutely no problem in doing that. 690 00:40:37,375 --> 00:40:40,083 You know, I'm a recycle center. I get them in, 691 00:40:40,167 --> 00:40:42,000 it doesn't matter to me where they came from. 692 00:40:42,083 --> 00:40:43,459 I'm just gonna try to make 693 00:40:43,542 --> 00:40:46,209 a dime on them or recycle them, one way or the other. 694 00:40:50,667 --> 00:40:53,292 The common defense that why the systems 695 00:40:53,375 --> 00:40:55,918 are unhackable in the election world 696 00:40:56,000 --> 00:40:57,876 has always been that the bad people 697 00:40:57,959 --> 00:41:00,083 will have no access to the machines. 698 00:41:00,167 --> 00:41:02,209 We have 1,200 machines, 699 00:41:02,292 --> 00:41:04,042 auctioned on eBay. 700 00:41:04,125 --> 00:41:05,417 This takes away that argument. 701 00:41:05,500 --> 00:41:08,250 Anyone who has any kind of motivation, 702 00:41:08,334 --> 00:41:10,209 and $75 in their pocket, 703 00:41:10,292 --> 00:41:12,000 can now get access to the machine, 704 00:41:12,083 --> 00:41:13,751 as many machines as they need, 705 00:41:13,834 --> 00:41:16,000 and fine-tune their attacks. 706 00:41:19,209 --> 00:41:21,792 There is a term called "asymmetrical warfare," 707 00:41:21,876 --> 00:41:24,751 applies to a whole series of tactics 708 00:41:24,834 --> 00:41:29,000 which are very inexpensive to produce, 709 00:41:29,918 --> 00:41:32,209 which have an outsized impact. 710 00:41:32,292 --> 00:41:34,167 And unfortunately, 711 00:41:34,250 --> 00:41:37,792 the Internet is a perfect asymmetric tool. 712 00:41:38,417 --> 00:41:41,334 From what we've determined, no voting machines 713 00:41:41,417 --> 00:41:42,834 are connected to the Internet. 714 00:41:42,918 --> 00:41:45,375 Voting machines themselves are not connected to the Internet. 715 00:41:45,459 --> 00:41:48,000 They are non-network pieces of hardware 716 00:41:48,083 --> 00:41:49,751 that do not connect to the Internet. 717 00:41:49,834 --> 00:41:51,751 The devices are not connected to the Internet. 718 00:41:51,834 --> 00:41:53,751 Those things are not connected to the Internet. 719 00:41:53,834 --> 00:41:55,250 Not connected to the Internet, 720 00:41:55,334 --> 00:41:57,042 and, therefore, cannot be attacked. 721 00:41:57,125 --> 00:41:58,791 None of them are connected to the Internet, 722 00:41:58,792 --> 00:42:01,667 and so, there will not be any sort of Internet hack 723 00:42:01,751 --> 00:42:03,500 or Internet incidents. 724 00:42:04,500 --> 00:42:07,542 All right, Maggie, probably best if you take this down... 725 00:42:07,626 --> 00:42:10,042 Okay. 726 00:42:10,125 --> 00:42:13,292 Every single system we have, 727 00:42:13,375 --> 00:42:17,042 there is a place where it touches Internet. 728 00:42:17,125 --> 00:42:20,459 There's nothing anymore in our world, really, 729 00:42:20,542 --> 00:42:22,918 which doesn't touch Internet one way or another. 730 00:42:23,000 --> 00:42:26,918 It might be indirect, it might be infrequent, 731 00:42:28,042 --> 00:42:30,709 but it's always there. 732 00:42:32,709 --> 00:42:33,918 All right. 733 00:42:34,000 --> 00:42:35,209 Oh! 734 00:42:35,292 --> 00:42:38,834 It wants to go to Internet. That's very nice of it. 735 00:42:39,292 --> 00:42:40,959 The fact that it's the first option 736 00:42:41,042 --> 00:42:42,834 it's offering is kind of interesting. 737 00:42:42,918 --> 00:42:45,626 A commonly used argument 738 00:42:45,709 --> 00:42:48,834 that these machines are safe from hacking 739 00:42:49,417 --> 00:42:53,375 because they are never connected to Internet. 740 00:42:54,334 --> 00:42:56,751 It immediately asked, do I want to connect 741 00:42:56,834 --> 00:42:58,417 to the local area network. 742 00:42:58,500 --> 00:43:01,542 Local area network can always be connected to Internet, 743 00:43:01,626 --> 00:43:03,834 so the reality here is once you are 744 00:43:03,918 --> 00:43:06,834 connected to network, you don't know where the network is. 745 00:43:06,918 --> 00:43:08,834 What else is connected to the Internet? 746 00:43:08,918 --> 00:43:10,834 That is the problem of the network. 747 00:43:12,834 --> 00:43:15,000 Election offices 748 00:43:15,083 --> 00:43:17,918 think that connected to Internet 749 00:43:18,000 --> 00:43:19,876 is dangerous only when 750 00:43:19,959 --> 00:43:21,626 it's within an election cycle. 751 00:43:21,709 --> 00:43:23,417 Actually, in many cases, 752 00:43:23,500 --> 00:43:25,834 it has been found that barriers are 753 00:43:25,918 --> 00:43:28,751 lowered between the election cycles. 754 00:43:28,834 --> 00:43:30,876 Malware can infect machines 755 00:43:30,959 --> 00:43:34,042 between the cycles and stay dormant, 756 00:43:34,125 --> 00:43:36,209 waiting for the right time to activate. 757 00:43:36,292 --> 00:43:39,459 It's very, very easy 758 00:43:39,542 --> 00:43:41,792 to write a software piece 759 00:43:41,876 --> 00:43:44,125 in this machine which will 760 00:43:44,209 --> 00:43:45,626 silently change the votes 761 00:43:45,709 --> 00:43:48,250 as they come and go, and it will wipe itself clean 762 00:43:48,334 --> 00:43:50,626 and there will be no evidence on the machine 763 00:43:50,709 --> 00:43:52,918 that it ever existed. 764 00:43:55,334 --> 00:43:57,000 I think over the last 10 years, 765 00:43:57,083 --> 00:43:59,042 people have gotten really adept now 766 00:43:59,125 --> 00:44:01,667 at going to an unknown piece of hardware 767 00:44:01,751 --> 00:44:03,708 and taking it apart and figuring out how it works. 768 00:44:03,709 --> 00:44:06,500 So, that's why when I hear these stories that, 769 00:44:06,584 --> 00:44:08,167 "As far as we can tell, the machines 770 00:44:08,250 --> 00:44:09,542 have not been tampered with." 771 00:44:09,626 --> 00:44:11,959 It's like, yeah, but it's a pretty simple machine. 772 00:44:12,042 --> 00:44:15,250 It wouldn't be hard to remove the traces. 773 00:44:19,417 --> 00:44:23,125 In a half mile, continue onto Michigan 14 East. 774 00:44:29,250 --> 00:44:32,167 Maybe Harri takes it a little bit personally 775 00:44:32,250 --> 00:44:35,792 when people do stupid things with technology. 776 00:44:37,584 --> 00:44:41,751 I do in a little way, but maybe not as much as Harri does. 777 00:44:42,626 --> 00:44:44,375 I think I first met Harri 778 00:44:44,459 --> 00:44:46,876 probably back in about 2007. 779 00:44:46,959 --> 00:44:49,167 We went to Estonia together, 780 00:44:49,250 --> 00:44:51,876 and highlighted all of these terrible problems 781 00:44:51,959 --> 00:44:53,792 with their Internet voting system. 782 00:44:55,667 --> 00:44:58,292 When we were in Estonia, Harri went out 783 00:44:58,375 --> 00:45:02,042 drinking with the security supervisor 784 00:45:02,125 --> 00:45:04,375 for the Estonia voting system, 785 00:45:04,459 --> 00:45:06,125 who was Russian. 786 00:45:06,667 --> 00:45:10,042 And he told us that after each of them 787 00:45:10,125 --> 00:45:14,000 had finished a full bottle of vodka, um, 788 00:45:14,083 --> 00:45:16,292 he drank the root password 789 00:45:16,375 --> 00:45:18,542 to the Estonia voting servers 790 00:45:18,626 --> 00:45:20,459 out of their chief of security. 791 00:45:20,542 --> 00:45:23,250 That's what Harri claims! 792 00:45:24,042 --> 00:45:26,125 - How you doing? - HalderHow are you? 793 00:45:26,209 --> 00:45:28,459 - Good to see you, sir! - Long time! 794 00:45:29,000 --> 00:45:30,875 - Great to see you! This is Matt. - Hi, Matt. 795 00:45:30,876 --> 00:45:33,756 - Nice to meet you. - Yeah, I've seen you a number of times, 796 00:45:33,792 --> 00:45:37,083 - but only on a screen. - HalderWow! Look at this. 797 00:45:38,500 --> 00:45:40,751 Yeah, that was one hell of a warehouse. 798 00:45:40,834 --> 00:45:42,083 Looks like a TSX. 799 00:45:42,167 --> 00:45:44,584 75 bucks. Take as many as we want. 800 00:45:44,667 --> 00:45:48,000 All right, let's plug it in and turn it on and see what happens. 801 00:45:49,417 --> 00:45:52,042 And... Aha! 802 00:45:52,125 --> 00:45:55,167 "Ballot station secure touchscreen voting terminal." 803 00:45:55,250 --> 00:45:57,500 What do you think the security pin is? 804 00:45:57,584 --> 00:46:00,334 I don't know. I mean, it used to be 1-1-1, 805 00:46:00,417 --> 00:46:03,792 but I know they upgraded to 1-1-1-1-1-1. 806 00:46:06,083 --> 00:46:07,959 I'm sorry. That was not a joke. 807 00:46:12,000 --> 00:46:14,209 Well, these are not tight at all. 808 00:46:15,959 --> 00:46:17,459 No. 809 00:46:18,417 --> 00:46:20,375 That's... There you go. 810 00:46:20,459 --> 00:46:22,292 This is the slot that can sometimes be used 811 00:46:22,375 --> 00:46:23,626 for a modem, right? 812 00:46:23,709 --> 00:46:26,209 Not only modem. There's a telephone jack here, 813 00:46:26,292 --> 00:46:29,000 but this also can have an Ethernet network card. 814 00:46:29,083 --> 00:46:30,125 Ah, yes. 815 00:46:30,209 --> 00:46:32,626 And the other thing which is interesting is 816 00:46:32,709 --> 00:46:34,209 the SD slot, 817 00:46:34,292 --> 00:46:37,334 which not only can have an additional memory card, 818 00:46:37,417 --> 00:46:39,542 but also, it can be used for wireless. 819 00:46:39,626 --> 00:46:42,626 Oh, I forgot about this. Yeah, there's an SD slot. 820 00:46:42,709 --> 00:46:45,834 You showed years ago how just putting in a card 821 00:46:45,918 --> 00:46:48,125 with a special file name could rewrite 822 00:46:48,209 --> 00:46:52,000 all the software in the machine, make it do whatever you want. 823 00:46:52,626 --> 00:46:54,250 I mean, there are no two ways about it. 824 00:46:54,334 --> 00:46:56,792 This is architecturally not 825 00:46:56,876 --> 00:47:00,042 a safe way to cast votes, and, boy, 826 00:47:00,584 --> 00:47:04,500 I'm worried now more than ever about nation-state attackers, 827 00:47:04,584 --> 00:47:07,125 about real state-level attacks on these machines. 828 00:47:07,209 --> 00:47:10,209 That's true, however, I still think that 829 00:47:10,292 --> 00:47:13,417 the one problem with the nation-state attacks being talk 830 00:47:13,500 --> 00:47:16,250 is that it gives you a false sense of security, 831 00:47:16,334 --> 00:47:18,334 that the lone wolf and smaller guy 832 00:47:18,417 --> 00:47:20,292 cannot do it themselves, too. 833 00:47:20,375 --> 00:47:22,167 Everything we discovered, how easy it is 834 00:47:22,250 --> 00:47:25,417 or hackable for lone wolf, is still true, too. 835 00:47:25,500 --> 00:47:27,250 Just look at this motherboard. 836 00:47:27,334 --> 00:47:30,167 There's so many different wires connecting to it. 837 00:47:30,250 --> 00:47:33,834 Each of these is a different type of input or output device. 838 00:47:33,918 --> 00:47:37,876 These machines want to be talking to other devices. 839 00:47:37,959 --> 00:47:40,918 They're built for it, and, um, 840 00:47:41,000 --> 00:47:43,959 that's what magnifies the threat because, ultimately, 841 00:47:44,042 --> 00:47:47,459 just hacking one machine, coming up to one, 842 00:47:47,542 --> 00:47:49,375 opening it up, resoldering it, 843 00:47:49,459 --> 00:47:51,500 that's not an attack that will scale. 844 00:47:51,584 --> 00:47:53,292 But the thing that will scale 845 00:47:53,375 --> 00:47:55,500 is piggybacking on the data 846 00:47:55,584 --> 00:47:58,250 that's being copied into the machines. 847 00:47:58,334 --> 00:48:00,792 That's what's going to allow an attacker to upset 848 00:48:00,876 --> 00:48:03,334 an election across an entire county, 849 00:48:03,417 --> 00:48:05,876 an entire state, an entire country. 850 00:48:09,876 --> 00:48:12,250 Here, I have a set of tools 851 00:48:12,334 --> 00:48:15,125 that I've built for vote-stealing software, 852 00:48:15,209 --> 00:48:16,626 and it can piggyback 853 00:48:16,709 --> 00:48:19,626 on the normal pre-election processes... 854 00:48:19,709 --> 00:48:21,834 - to get to every voting machine. - Yep. 855 00:48:21,918 --> 00:48:24,250 You also have here the actual 856 00:48:24,334 --> 00:48:26,375 - software driving the printer. - HalderRight. 857 00:48:26,459 --> 00:48:29,459 It completely controls the paper summary tapes, 858 00:48:29,542 --> 00:48:31,459 the things it prints at the end 859 00:48:31,542 --> 00:48:33,417 of elections that have the totals. 860 00:48:33,500 --> 00:48:37,375 So, an attacker can program the machine 861 00:48:37,459 --> 00:48:38,876 to print out whatever they want 862 00:48:38,959 --> 00:48:42,292 even to just completely disregard the election results. 863 00:48:42,375 --> 00:48:44,918 And then the code to run the machine 864 00:48:45,000 --> 00:48:46,834 and the printer gets delivered 865 00:48:46,918 --> 00:48:50,375 to every voting machine along with the ballot programming. 866 00:48:50,459 --> 00:48:52,626 What is your estimation, how many hours it took... 867 00:48:52,709 --> 00:48:55,334 - for you to create a tool set? - Oh, this was just 868 00:48:55,417 --> 00:48:58,375 part-time over a couple of months. 869 00:48:58,459 --> 00:49:01,250 Certainly more than, I think, people could do 870 00:49:01,334 --> 00:49:04,000 in a long weekend, but not something that 871 00:49:04,083 --> 00:49:07,417 - requires nation-state level effort either. - Mm-hmm, mm-hmm. 872 00:49:13,000 --> 00:49:14,959 Let's go. 873 00:49:41,042 --> 00:49:43,876 Hello, everybody! Welcome to the voting village! 874 00:49:43,959 --> 00:49:47,500 We have a variety of voting machines 875 00:49:47,584 --> 00:49:50,584 available here. One of the reasons we're doing this 876 00:49:50,667 --> 00:49:52,667 is to broaden the community of people 877 00:49:52,751 --> 00:49:54,876 who are gonna be experts in how 878 00:49:54,959 --> 00:49:56,751 voting machines work. 879 00:49:56,834 --> 00:49:59,000 - Harri, do you wanna say a few words? - Yes. 880 00:49:59,083 --> 00:50:02,000 Every voting machine in this room is in use 881 00:50:02,083 --> 00:50:05,209 in next elections, every single one, 882 00:50:05,292 --> 00:50:08,751 every single model is a model still in use. 883 00:50:08,834 --> 00:50:10,751 We are actually asking your help 884 00:50:10,834 --> 00:50:13,459 because we don't know much about those devices. 885 00:50:13,542 --> 00:50:15,834 Basically, the idea here is all the machines 886 00:50:15,918 --> 00:50:18,250 are there to be tested, to be used. 887 00:50:18,334 --> 00:50:20,542 You can open it. Don't break all of them, 888 00:50:20,626 --> 00:50:23,500 but if something breaks, that's fine. 889 00:50:23,584 --> 00:50:24,959 They are bought from eBay, 890 00:50:25,042 --> 00:50:27,375 and they do have the previous election in. 891 00:50:27,459 --> 00:50:29,542 If you see something, say something! 892 00:50:29,626 --> 00:50:31,334 Tell what you found! 893 00:50:31,417 --> 00:50:33,959 Every discovery, every information you have, 894 00:50:34,042 --> 00:50:37,167 please let them know, so that we can inform people 895 00:50:37,250 --> 00:50:39,792 what you have discovered and what you have found. 896 00:50:39,876 --> 00:50:42,751 We are here to help, so that you can have fun 897 00:50:42,834 --> 00:50:45,125 and explore and discover new things. Thank you. 898 00:50:45,209 --> 00:50:49,334 Thank you. 899 00:50:52,834 --> 00:50:56,459 So, at Def Con, we're always a really open conference. 900 00:50:56,542 --> 00:50:58,792 We knew, even though we were some, 901 00:50:58,876 --> 00:51:00,250 you know, sketchy hackers, 902 00:51:00,334 --> 00:51:02,918 the manufacturers were gonna wanna know what's going on. 903 00:51:03,000 --> 00:51:05,792 So, instead of creating an adversarial relationship, 904 00:51:05,876 --> 00:51:08,500 we know you're gonna try to be there, let's just invite you. 905 00:51:08,584 --> 00:51:10,584 We're doing this thing, you might not like it, 906 00:51:10,667 --> 00:51:13,876 but come and participate. Tell us why we're wrong. 907 00:51:13,959 --> 00:51:15,039 Bring your latest equipment 908 00:51:15,083 --> 00:51:16,499 if we're testing the wrong equipment. 909 00:51:16,500 --> 00:51:18,000 Get some free consulting. I mean, 910 00:51:18,083 --> 00:51:20,334 you've got some of the world's best hackers. 911 00:51:20,417 --> 00:51:22,250 Maybe this is a free test. 912 00:51:22,334 --> 00:51:24,876 Maybe you can get some advice out of it. 913 00:51:24,959 --> 00:51:27,375 And nobody took us up on the offer. 914 00:51:27,459 --> 00:51:30,834 This is the first time we have a public to be able to 915 00:51:30,918 --> 00:51:32,918 experience and take a look 916 00:51:33,000 --> 00:51:35,375 into the critical spot, which has been 917 00:51:35,459 --> 00:51:38,000 little bit hiding in the shadow in all the previous election 918 00:51:38,083 --> 00:51:40,167 and voting machine security studies. 919 00:51:40,250 --> 00:51:44,542 Finally, for the first time, non-experts, 920 00:51:44,626 --> 00:51:49,042 non-having signed a non-disclosure agreement researchers 921 00:51:49,125 --> 00:51:50,792 are having a chance to see 922 00:51:50,876 --> 00:51:53,334 what these machines are like, how incredibly, 923 00:51:53,417 --> 00:51:56,083 trivially vulnerable they are. 924 00:51:56,709 --> 00:51:59,167 And what effect this is gonna have 925 00:51:59,250 --> 00:52:01,334 on their democracy if they don't get involved. 926 00:52:03,709 --> 00:52:06,125 Trying to see if there's any obvious storage on here. 927 00:52:06,209 --> 00:52:08,042 This is a Diebold 928 00:52:08,125 --> 00:52:11,584 voter registration machine, and its purpose 929 00:52:11,667 --> 00:52:13,267 is to just hold voter registration data, 930 00:52:13,334 --> 00:52:15,042 like names, addresses, 931 00:52:15,125 --> 00:52:17,834 social security numbers, lots of scary stuff. 932 00:52:17,918 --> 00:52:19,959 And the database is stored on these cards. 933 00:52:20,042 --> 00:52:22,709 'Cause one of the things that you can do with these machines 934 00:52:22,792 --> 00:52:24,042 is install your own malware 935 00:52:24,125 --> 00:52:26,834 on whatever the memory media is. 936 00:52:26,918 --> 00:52:28,584 That will go back 937 00:52:28,667 --> 00:52:31,918 and infect the... 938 00:52:32,000 --> 00:52:34,250 back end, vote tabulating, 939 00:52:34,334 --> 00:52:39,375 and next year's ballot design systems for years to come 940 00:52:39,459 --> 00:52:41,334 because the software doesn't get upgraded. 941 00:52:41,417 --> 00:52:43,459 Your malware could stay there forever 942 00:52:43,542 --> 00:52:44,942 and no one would know it was there. 943 00:52:48,042 --> 00:52:50,250 Hackers are a wonderful resource. 944 00:52:50,334 --> 00:52:52,584 We make significant discoveries. 945 00:52:52,667 --> 00:52:54,500 So, I could put a program on there 946 00:52:54,584 --> 00:52:56,709 - that just modifies the count. - Yes. 947 00:52:56,792 --> 00:52:58,792 We are here only three days a year. 948 00:52:58,876 --> 00:53:01,125 The real adversaries, they run it 949 00:53:01,209 --> 00:53:03,083 24/7 with massive funding. 950 00:53:03,167 --> 00:53:05,334 Use the display command, it will 951 00:53:05,417 --> 00:53:08,000 fill this screen with whatever you tell it to. 952 00:53:08,083 --> 00:53:09,834 If you don't believe 953 00:53:09,918 --> 00:53:11,709 that there is this kind of room 954 00:53:11,792 --> 00:53:14,876 in Russia, running 24/7, you are kidding yourself. 955 00:53:16,542 --> 00:53:18,702 We have access. We have access to the machine. 956 00:53:19,250 --> 00:53:21,918 Here is Microsoft Windows XP. 957 00:53:22,459 --> 00:53:24,667 And I'm demonstrating how you can, 958 00:53:24,751 --> 00:53:26,751 remotely from this laptop, 959 00:53:26,834 --> 00:53:29,292 gain complete control of the voting machine. 960 00:53:29,375 --> 00:53:31,250 I'm doing it right now. 961 00:53:31,334 --> 00:53:33,876 This is the prompt of the voting machine. 962 00:53:33,959 --> 00:53:35,626 We are in. We have made it! 963 00:53:35,709 --> 00:53:38,876 - Here is the directory, which is called "reports." - Yeah. 964 00:53:39,751 --> 00:53:42,834 Sarah Teale: 965 00:53:42,918 --> 00:53:45,542 - He wirelessly got into the machine. - Yes. 966 00:53:45,626 --> 00:53:47,459 So, I'm connected to the machine, 967 00:53:47,542 --> 00:53:49,626 but I think I can take control 968 00:53:49,709 --> 00:53:51,584 of the screen of the machine. 969 00:53:51,667 --> 00:53:54,918 And so, what you can see now, if it works, 970 00:53:55,000 --> 00:53:56,626 it actually kind of shows me... 971 00:53:56,709 --> 00:53:59,375 - this screen, Windows XP! - Oh my God. 972 00:54:00,417 --> 00:54:02,918 I can turn the machine off from here as well, if I want to. 973 00:54:03,000 --> 00:54:04,459 Okay. 974 00:54:04,542 --> 00:54:07,209 Now, I can exit the machine, and you know what's gonna happen? 975 00:54:07,292 --> 00:54:09,083 I am turning off the machine for them. 976 00:54:09,167 --> 00:54:10,584 They're gonna be very surprised. 977 00:54:10,667 --> 00:54:12,667 Do you want to exit the machine? 978 00:54:13,167 --> 00:54:15,334 Now it's disconnected, and now let's see... 979 00:54:15,417 --> 00:54:17,584 - what their faces look like. - Oh shit. 980 00:54:18,250 --> 00:54:21,125 - Oh! Oh! Okay! - I don't know what just happened. 981 00:54:23,042 --> 00:54:25,000 It switched to an administrator login screen, 982 00:54:25,083 --> 00:54:27,203 and then it went off, and we're like, "What happened?" 983 00:54:29,000 --> 00:54:30,583 Because we were trying all the different smart cards 984 00:54:30,584 --> 00:54:32,304 to see if one of them actually did anything. 985 00:54:34,584 --> 00:54:36,959 That's awesome. 986 00:54:39,250 --> 00:54:41,459 And you can do all this all automatically. 987 00:54:41,542 --> 00:54:42,750 You can actually have a machine, 988 00:54:42,751 --> 00:54:44,626 a car that drives by the voting places 989 00:54:44,709 --> 00:54:46,167 and updates all of the votes, 990 00:54:46,250 --> 00:54:48,292 and because there's no paper evidence, 991 00:54:48,375 --> 00:54:50,250 the machine will actually, um... 992 00:54:50,334 --> 00:54:53,334 You will never, ever notice that this actually happened. 993 00:54:53,417 --> 00:54:56,834 This vulnerability is so trivial, 994 00:54:56,918 --> 00:54:59,375 the tools are so widely known, 995 00:54:59,459 --> 00:55:01,125 it would be easy to imagine 996 00:55:01,209 --> 00:55:03,250 that somebody will hack the machine 997 00:55:03,334 --> 00:55:07,542 from the parking lot with never seeing the voting machine. 998 00:55:07,626 --> 00:55:10,542 What happens is attacks only get easier. 999 00:55:10,626 --> 00:55:13,459 So maybe, it was a super sophisticated attack 1000 00:55:13,542 --> 00:55:16,250 in 2016. 1001 00:55:16,334 --> 00:55:18,167 By 2020, or 2022, 1002 00:55:18,250 --> 00:55:20,334 it's only average, right? 1003 00:55:20,417 --> 00:55:21,833 We gotta stay one step ahead of this. 1004 00:55:21,834 --> 00:55:24,000 If it was the Russians yesterday, who is it tomorrow? 1005 00:55:24,083 --> 00:55:26,876 Is it an organized crime group? Is it a political action group? 1006 00:55:26,959 --> 00:55:29,626 Is it an environmental rights group? 1007 00:55:30,459 --> 00:55:32,459 "Oh yeah, you can't swing the presidential election 1008 00:55:32,500 --> 00:55:35,000 because you'd have to tamper with too many precincts." 1009 00:55:35,083 --> 00:55:37,249 Well, okay, what if I'm just tampering with my local precinct 1010 00:55:37,250 --> 00:55:39,626 'cause I just wanna get my guy in? 1011 00:55:39,709 --> 00:55:41,751 What if the skills 1012 00:55:41,834 --> 00:55:44,167 become so widespread that you can do this 1013 00:55:44,250 --> 00:55:46,334 on a county or state level? 1014 00:55:46,667 --> 00:55:48,499 Then what? Maybe getting your governor is almost 1015 00:55:48,500 --> 00:55:50,260 as important to you as getting the president, 1016 00:55:50,334 --> 00:55:52,834 depending upon what your issue is. So, 1017 00:55:52,918 --> 00:55:55,209 I don't wanna get so spun up that it's like 1018 00:55:55,292 --> 00:55:57,209 an all or nothing federal thing. 1019 00:55:57,292 --> 00:55:58,459 It's an everything thing! 1020 00:56:04,000 --> 00:56:07,709 I feel like we are in terrible danger 1021 00:56:08,417 --> 00:56:11,918 of losing what it means to be a democracy. 1022 00:56:12,667 --> 00:56:16,459 If elections can be altered subtly, 1023 00:56:16,542 --> 00:56:19,584 they can be altered in a way that is undetectable, 1024 00:56:19,667 --> 00:56:23,542 how does one trust the results of their election? 1025 00:56:23,626 --> 00:56:26,876 And a democracy functions on trust. 1026 00:56:26,959 --> 00:56:28,792 Without that trust, 1027 00:56:28,876 --> 00:56:32,083 things descend into chaos and anarchy. 1028 00:56:33,709 --> 00:56:36,334 Those of us who know how vulnerable, um, 1029 00:56:36,417 --> 00:56:38,542 the voting systems are in these elections 1030 00:56:38,626 --> 00:56:40,792 are terribly afraid right now. 1031 00:57:35,167 --> 00:57:38,667 Brian Kemp is running for governor 1032 00:57:38,751 --> 00:57:40,918 at a moment in time when he was 1033 00:57:41,000 --> 00:57:43,584 also overseeing the elections 1034 00:57:43,667 --> 00:57:47,167 in Georgia, i.e., he was overseeing his own election. 1035 00:57:47,250 --> 00:57:49,209 Secretary of State Brian Kemp... 1036 00:57:49,292 --> 00:57:51,416 The race between Brian Kemp and Stacey Abrams, 1037 00:57:51,417 --> 00:57:53,937 - which is too close to call... - An historic race... 1038 00:57:53,959 --> 00:57:56,459 Locked in a tight race. It couldn't be any tighter. 1039 00:57:56,542 --> 00:57:59,500 This is a battle for the soul of our state, y'all. 1040 00:57:59,584 --> 00:58:01,542 I got a big truck, 1041 00:58:01,626 --> 00:58:03,000 just in case I need to round up 1042 00:58:03,083 --> 00:58:05,334 criminal illegals and take 'em home myself. 1043 00:58:05,417 --> 00:58:07,667 Yep, I just said that. 1044 00:58:07,751 --> 00:58:11,334 I'm Stacey Abrams and I'm running for governor, 1045 00:58:11,417 --> 00:58:13,709 because where you come from shouldn't determine 1046 00:58:13,792 --> 00:58:15,292 how far you can go. 1047 00:58:16,751 --> 00:58:20,375 The canary in the coal mine is Georgia. 1048 00:58:20,459 --> 00:58:22,125 Georgia is 1049 00:58:22,209 --> 00:58:23,626 in this situation where 1050 00:58:23,709 --> 00:58:25,999 every single person in Georgia who votes, votes on the same 1051 00:58:26,000 --> 00:58:29,459 kind of machine, the AccuVote, 1052 00:58:29,542 --> 00:58:33,125 which is, as we know, an extremely insecure machine 1053 00:58:33,209 --> 00:58:35,667 that can be easily, easily hacked, 1054 00:58:35,751 --> 00:58:38,792 and yet, it's still being used. 1055 00:58:38,876 --> 00:58:40,751 With his family in tow, Brian Kemp 1056 00:58:40,834 --> 00:58:44,125 voted today at the historic Winterville Train Depot. 1057 00:58:44,209 --> 00:58:49,292 Like most Georgians, he was voting on a machine using 16-year-old technology. 1058 00:58:51,751 --> 00:58:53,876 After a first try in the voting booth, 1059 00:58:53,959 --> 00:58:56,500 he came back holding the yellow voting card 1060 00:58:56,584 --> 00:58:58,709 he'd been given and told the poll worker... 1061 00:58:58,792 --> 00:59:00,417 It said this is an invalid card. 1062 00:59:00,500 --> 00:59:03,375 Okay, you go back in there, I'll redo it for you. 1063 00:59:03,459 --> 00:59:05,499 Kemp fought against efforts earlier this year 1064 00:59:05,500 --> 00:59:08,500 to replace the machines, saying a last-minute change 1065 00:59:08,584 --> 00:59:11,125 to paper ballots would create chaos. 1066 00:59:11,209 --> 00:59:13,876 Chaos, which he now says, has been avoided. 1067 00:59:13,959 --> 00:59:16,459 Are you concerned about the reports of problems 1068 00:59:16,542 --> 00:59:18,125 - people are having? - No, not at all. 1069 00:59:18,209 --> 00:59:21,042 Today, been a great, really, a smooth election. 1070 00:59:22,667 --> 00:59:25,626 This is a look at lines inside Annistown Elementary 1071 00:59:25,709 --> 00:59:29,083 in Gwinnett County, where some machines were not even working. 1072 00:59:29,167 --> 00:59:32,459 There were some major problems here at this Gwinnett County polling place. 1073 00:59:32,542 --> 00:59:34,959 Those voting machines, that you see right over there, 1074 00:59:35,042 --> 00:59:37,083 stopped working earlier this morning. 1075 00:59:37,167 --> 00:59:40,500 Some were here for three hours, others here for much longer. 1076 00:59:40,584 --> 00:59:42,792 I wanted to come in, do my voting, 1077 00:59:42,876 --> 00:59:44,918 and get out, and that didn't happen today. 1078 00:59:45,000 --> 00:59:47,751 Some people were here for five hours. 1079 00:59:47,834 --> 00:59:50,834 By the way, this is the second largest county in the state. 1080 00:59:50,918 --> 00:59:53,542 It's also a Democratic stronghold. 1081 00:59:53,626 --> 00:59:55,709 What time do polls close tonight? 1082 00:59:55,792 --> 00:59:58,834 It's supposed to close at seven, 1083 00:59:58,918 --> 01:00:02,167 but we've received 25-minute extension, 1084 01:00:02,250 --> 01:00:03,918 - but that's not enough. - Yeah. 1085 01:00:04,000 --> 01:00:06,125 We're still fighting to get a full hour. 1086 01:00:06,209 --> 01:00:08,876 There's a saying in Georgia 1087 01:00:08,959 --> 01:00:12,000 that, "As goes Gwinnett County," which is this county... 1088 01:00:12,083 --> 01:00:14,584 - Yeah. - "...so goes the governorship." 1089 01:00:15,083 --> 01:00:18,250 The secretary of state, 1090 01:00:18,876 --> 01:00:21,375 - who's also a candidate... - Mm-hmm. 1091 01:00:21,918 --> 01:00:25,125 Is telling everybody that these machines are not hackable. 1092 01:00:25,209 --> 01:00:26,959 - Mm-hmm. - That they are safe. 1093 01:00:27,042 --> 01:00:30,292 I don't know if you knew, but I hacked that machine which is used here. 1094 01:00:30,375 --> 01:00:32,876 Okay, call the police. 1095 01:00:32,959 --> 01:00:34,226 No, that was long time ago. 1096 01:00:34,250 --> 01:00:37,167 2006, I showed how that machine can be hacked. 1097 01:00:37,792 --> 01:00:40,626 And then they are here today, telling us... 1098 01:00:40,709 --> 01:00:43,334 - Yeah, 12 years later. - It's not hackable. 1099 01:00:43,417 --> 01:00:45,250 Twelve years later, that same machine 1100 01:00:45,334 --> 01:00:47,500 still in use, and it's still hackable. 1101 01:00:47,792 --> 01:00:49,918 Poll worker: 1102 01:01:00,542 --> 01:01:03,876 - Have you all had an interesting day so far? - How's your day been? 1103 01:01:03,959 --> 01:01:06,167 - Busy. - Hi, Harri. Nice to see you. 1104 01:01:06,250 --> 01:01:08,000 - Likewise, likewise. - Hi, Harri. 1105 01:01:08,083 --> 01:01:10,667 So, the cards aren't working. 1106 01:01:10,751 --> 01:01:12,459 That's what they tell. 1107 01:01:12,542 --> 01:01:15,262 - Which shouldn't be possible, right? - I mean, that's weird. 1108 01:01:15,334 --> 01:01:16,751 Excuse me. 1109 01:01:18,792 --> 01:01:20,375 Let's see... 1110 01:01:21,000 --> 01:01:22,542 Yeah, so... 1111 01:01:24,334 --> 01:01:26,709 Generally, I'm looking for... 1112 01:01:27,751 --> 01:01:29,626 voters who insert their card 1113 01:01:29,709 --> 01:01:32,834 into the machine, and it fails to work. So like, right now, 1114 01:01:32,918 --> 01:01:34,667 that guy's having issues, 1115 01:01:34,751 --> 01:01:37,709 so we should head him off, talk to him a bit. 1116 01:01:40,292 --> 01:01:43,083 Excuse me, were you having issues just now? 1117 01:01:49,083 --> 01:01:50,250 Oh, I see. 1118 01:01:50,334 --> 01:01:52,214 Yeah, so you did change your driver's license... 1119 01:01:52,292 --> 01:01:54,918 Oh, for real? 1120 01:01:59,542 --> 01:02:00,626 Yeah. 1121 01:02:09,375 --> 01:02:11,695 Do you know what the error message was on that screen? 1122 01:02:11,751 --> 01:02:15,042 It was a warning. I don't remember exactly what it said. 1123 01:02:15,125 --> 01:02:17,876 - It was a warning, error warning. - Okay, but it was just having 1124 01:02:17,959 --> 01:02:20,666 - trouble writing to the card? - It wouldn't write to any of the cards. 1125 01:02:20,667 --> 01:02:24,209 We had 24 cards... I need your driver's license, too. 1126 01:02:24,292 --> 01:02:25,834 And none of them would work. 1127 01:02:25,918 --> 01:02:27,834 Okay. It just said it was something saying, 1128 01:02:27,918 --> 01:02:30,250 "card is inserted incorrectly" 1129 01:02:30,334 --> 01:02:32,667 or "unable to write to card." 1130 01:02:33,417 --> 01:02:35,834 - Was that on a TS? - Yes, they were all TS's. 1131 01:02:35,918 --> 01:02:37,834 I mean, this whole thing is bizarre. 1132 01:02:37,918 --> 01:02:39,751 I heard this same thing happen in 1133 01:02:39,834 --> 01:02:43,167 - a number of precincts, and not only here. - Yeah. Sounds like 1134 01:02:43,250 --> 01:02:45,292 there's another precinct, like, two miles 1135 01:02:45,375 --> 01:02:47,417 down the road that had the same issue. 1136 01:02:47,500 --> 01:02:50,375 Was there no control? Didn't they test this? 1137 01:02:51,209 --> 01:02:54,876 How it's possible that you ship up something which fails on arrival? 1138 01:02:55,375 --> 01:02:58,334 It would be acceptable if you had one or two cards fail. 1139 01:02:58,417 --> 01:03:01,337 - Sure. - So, you would have to cook the whole bag of cards 1140 01:03:01,375 --> 01:03:04,042 in order to get that kind of failure, right? 1141 01:03:04,125 --> 01:03:05,709 Well, I don't know 1142 01:03:05,792 --> 01:03:08,626 - what could have been going wrong. - We put them in microwaves, 1143 01:03:08,709 --> 01:03:11,000 and you could do that. 1144 01:03:11,083 --> 01:03:12,709 - Yeah. - Yeah, that's true. 1145 01:03:12,792 --> 01:03:14,959 But I think you're right. One at a time, 1146 01:03:15,042 --> 01:03:17,250 you get random failures on the cards. 1147 01:03:17,334 --> 01:03:19,876 - But where did it come from? - Through ElectionNet. 1148 01:03:19,959 --> 01:03:22,042 Secretary of State's office. Yeah. 1149 01:03:22,125 --> 01:03:24,250 Oh, okay. 1150 01:03:25,292 --> 01:03:27,500 That four-hour line here... 1151 01:03:29,167 --> 01:03:31,209 it shouldn't work that way. 1152 01:03:50,918 --> 01:03:54,417 Stacey Abrams lost. Brian Kemp won. 1153 01:03:54,959 --> 01:03:56,959 And Brian Kemp then took 1154 01:03:57,042 --> 01:04:00,334 the lobbyist for ES&S as his chief of staff. 1155 01:04:32,042 --> 01:04:35,042 So, there is a huge battle 1156 01:04:35,125 --> 01:04:37,334 that will probably be lost in Georgia 1157 01:04:37,417 --> 01:04:40,459 over using ballot marking devices 1158 01:04:40,542 --> 01:04:43,959 rather than voter-marked, hand-marked paper ballots. 1159 01:04:44,042 --> 01:04:47,834 This is really gonna be a catastrophe. 1160 01:04:50,209 --> 01:04:53,959 It's far more expensive than hand-marked paper ballots. 1161 01:04:54,042 --> 01:04:58,459 It is a vehicle for disenfranchisement 1162 01:04:58,542 --> 01:05:00,667 in a number of different ways. 1163 01:05:00,751 --> 01:05:03,250 Other than feeding corporate profits 1164 01:05:03,334 --> 01:05:06,250 and making it easier to manipulate election outcomes, 1165 01:05:06,334 --> 01:05:08,292 I don't really see the point. 1166 01:05:09,292 --> 01:05:11,500 That's what I was thinking immediately. 1167 01:05:13,125 --> 01:05:15,250 All right, let's go play. 1168 01:05:26,250 --> 01:05:28,875 - All right. - The Richmond-San Rafael Bridge and the Golden Gate Bridge, 1169 01:05:28,876 --> 01:05:32,834 and in a second, we'll see the San Francisco Bay Bridge. 1170 01:05:32,918 --> 01:05:37,042 The fundamental problem with electronic voting technology is 1171 01:05:37,125 --> 01:05:40,167 the evidence that it produces about who actually won. 1172 01:05:40,250 --> 01:05:44,125 Most of them don't produce really convincing evidence, 1173 01:05:44,209 --> 01:05:47,125 and the best technology for 1174 01:05:47,209 --> 01:05:50,209 voter verifiability is hand-marked paper ballots. 1175 01:05:50,292 --> 01:05:51,959 We need a trustworthy paper trail. 1176 01:05:52,042 --> 01:05:54,626 In about 2007, I came up 1177 01:05:54,709 --> 01:05:56,959 with the idea of risk-limiting audits, 1178 01:05:57,042 --> 01:05:58,626 which are a way of providing 1179 01:05:58,709 --> 01:06:01,626 statistical evidence that the outcome is correct, 1180 01:06:01,709 --> 01:06:03,667 or having a large chance of correcting 1181 01:06:03,751 --> 01:06:05,167 the outcome if it isn't correct. 1182 01:06:05,250 --> 01:06:07,876 So, risk-limiting audits, there's a lot of misconceptions. 1183 01:06:07,959 --> 01:06:10,459 Everybody agrees that's the way forward, 1184 01:06:10,542 --> 01:06:12,375 but there's so much misconceptions. 1185 01:06:12,459 --> 01:06:14,751 The risk-limiting audit relies on a paper trail. 1186 01:06:14,834 --> 01:06:17,500 You don't have paper, then you can't do one. 1187 01:06:17,584 --> 01:06:19,375 It's easy to do a risk-limiting audit. 1188 01:06:19,459 --> 01:06:21,667 You just do a hand count of everything. Done. 1189 01:06:21,751 --> 01:06:23,876 The subtlety is how to limit the risk 1190 01:06:23,959 --> 01:06:25,719 - and keep the workload down. - Right, right. 1191 01:06:25,751 --> 01:06:29,500 The procedure is you start looking at paper, 1192 01:06:29,584 --> 01:06:31,959 and you keep looking at paper until you have 1193 01:06:32,042 --> 01:06:34,709 convincing evidence that looking at all of it 1194 01:06:34,792 --> 01:06:36,083 wouldn't change the result. 1195 01:06:36,167 --> 01:06:38,667 So, you can think of it as, um, 1196 01:06:38,751 --> 01:06:41,709 an intelligent, incremental recount 1197 01:06:41,792 --> 01:06:44,500 that stops as soon as it's clear that it's pointless. 1198 01:06:44,584 --> 01:06:46,416 And if it never becomes clear that it's pointless, 1199 01:06:46,417 --> 01:06:48,583 it just keeps going until you've looked at all the paper. 1200 01:06:48,584 --> 01:06:50,834 The key is that sample 1201 01:06:50,918 --> 01:06:52,459 you choose is random. 1202 01:06:52,542 --> 01:06:55,125 So, that's what lets you, uh, 1203 01:06:55,209 --> 01:06:59,250 protect against any kind of error problem whatsoever, 1204 01:06:59,334 --> 01:07:00,834 whether it's a malicious opponent, 1205 01:07:00,918 --> 01:07:02,417 or a random machine failure, 1206 01:07:02,500 --> 01:07:04,417 or a bug, or whatever it is, 1207 01:07:04,500 --> 01:07:06,375 by looking at it randomly, you can guarantee 1208 01:07:06,459 --> 01:07:08,375 - a big chance of catching it. - Right. 1209 01:07:08,459 --> 01:07:10,125 It's a check on the tabulation in a way 1210 01:07:10,209 --> 01:07:12,000 that is economical and efficient 1211 01:07:12,083 --> 01:07:14,667 and accomplishes the minimum standard 1212 01:07:14,751 --> 01:07:17,209 of verifying that the votes were tabulated accurately enough 1213 01:07:17,292 --> 01:07:18,500 to tell who really won. 1214 01:07:25,167 --> 01:07:27,125 Good to be here, hello. 1215 01:07:35,584 --> 01:07:37,024 In Georgia, we ended up seeing 1216 01:07:37,042 --> 01:07:38,584 the strangest thing. 1217 01:07:38,667 --> 01:07:43,417 In a heavily Democratic precinct, there was one machine 1218 01:07:43,500 --> 01:07:46,334 out of a seven-machine precinct 1219 01:07:46,417 --> 01:07:49,959 - that showed heavy Republican wins... - Mm-hmm. 1220 01:07:50,042 --> 01:07:53,334 While the precinct itself, and all of the other machines, 1221 01:07:53,417 --> 01:07:54,876 were showing heavy Democratic wins. 1222 01:07:54,959 --> 01:07:58,417 - Mm-hmm. - And it made us go, 1223 01:07:58,500 --> 01:08:01,042 "Wait a minute. Something's weird about this. 1224 01:08:01,125 --> 01:08:02,459 How could this happen?" 1225 01:08:02,542 --> 01:08:04,792 Just on the one machine out of seven? 1226 01:08:04,876 --> 01:08:06,541 The other six showed a Democratic majority 1227 01:08:06,542 --> 01:08:08,459 - in every statewide contest? - Right, right. 1228 01:08:08,542 --> 01:08:11,209 And in Georgia, and in a lot of other states, 1229 01:08:11,292 --> 01:08:13,584 when the machines are printing tapes 1230 01:08:13,667 --> 01:08:15,959 at seven o'clock at night when the polls close, 1231 01:08:16,042 --> 01:08:19,834 it is a law that for purposes of transparency, 1232 01:08:19,918 --> 01:08:22,751 that those tapes, one from every machine, 1233 01:08:22,834 --> 01:08:27,417 be posted at the door, and so, like here, here's a photograph... 1234 01:08:27,500 --> 01:08:29,751 It was just an end of the day dump 1235 01:08:29,834 --> 01:08:31,626 of what was in the memory onto paper. 1236 01:08:31,709 --> 01:08:34,667 So, it's just the final tally according to 1237 01:08:34,751 --> 01:08:38,209 - its internal software, according to that machine. - Right. Right. 1238 01:08:38,292 --> 01:08:41,125 And this particular tape 1239 01:08:41,209 --> 01:08:43,334 is the one that got all of the Republican votes. 1240 01:08:46,959 --> 01:08:50,334 It got substantially more votes for Brian Kemp, 1241 01:08:50,417 --> 01:08:53,542 the Republican, than Stacey Abrams, the Democrat, 1242 01:08:53,626 --> 01:08:56,000 and this was true all the way down the ballot. 1243 01:08:56,083 --> 01:08:59,834 The Republican wins every single race 1244 01:08:59,918 --> 01:09:02,542 - on this one machine. - Mm-hmm. 1245 01:09:02,626 --> 01:09:06,042 Something had to happen to cause one machine 1246 01:09:06,125 --> 01:09:09,626 to have such different results than its neighbors. 1247 01:09:09,709 --> 01:09:11,042 I called Philip and said, 1248 01:09:11,125 --> 01:09:14,667 "Is this important? Is this as odd as it looks to me?" 1249 01:09:14,751 --> 01:09:17,000 So he went to work on it with his magic statistics. 1250 01:09:17,083 --> 01:09:21,083 And the magic grad student, yes. 1251 01:09:21,667 --> 01:09:23,500 So, what we did was 1252 01:09:23,584 --> 01:09:26,959 simulate this process, run it over and over again, 1253 01:09:27,042 --> 01:09:30,667 saying if we had this many Democratic voters 1254 01:09:30,751 --> 01:09:32,918 and this many Republican voters 1255 01:09:33,000 --> 01:09:34,626 in our precinct, 1256 01:09:34,709 --> 01:09:37,584 and we assigned them at random to machines, 1257 01:09:37,667 --> 01:09:40,334 how likely is it that we'd get 1258 01:09:40,417 --> 01:09:43,292 a Republican majority as great as what we saw 1259 01:09:43,375 --> 01:09:45,626 on machine three? 1260 01:09:45,709 --> 01:09:48,542 So we did this probably 10,000 times, 1261 01:09:48,626 --> 01:09:51,709 and it was an astronomically small chance. 1262 01:09:51,792 --> 01:09:53,709 Less than one in a million. 1263 01:10:01,751 --> 01:10:04,709 Georgia is buying new election machines for the whole state 1264 01:10:04,792 --> 01:10:06,876 to replace the AccuVote voting machines 1265 01:10:06,959 --> 01:10:09,292 that we know are insecure, 1266 01:10:09,375 --> 01:10:11,667 and they are replacing them with another set 1267 01:10:11,751 --> 01:10:14,167 of machines that are also insecure 1268 01:10:14,250 --> 01:10:17,292 because they use bar codes, and bar codes can be hacked. 1269 01:10:17,375 --> 01:10:20,083 The model that is their favorite choice right now 1270 01:10:20,876 --> 01:10:23,667 is the Dominion ImageCast. 1271 01:10:23,751 --> 01:10:25,918 The ImageCast X will not permit the voter 1272 01:10:26,000 --> 01:10:27,918 to over-vote a contest, to change... 1273 01:10:28,000 --> 01:10:31,292 What this does is it's a touchscreen machine. 1274 01:10:31,375 --> 01:10:33,584 The voter enters their vote, 1275 01:10:33,667 --> 01:10:36,959 and what is spit out is a paper ballot, 1276 01:10:37,042 --> 01:10:40,876 and their votes are encoded as bar codes. 1277 01:10:40,959 --> 01:10:44,083 The vote itself is in that bar code. 1278 01:10:47,042 --> 01:10:50,083 No humans I know can read bar code very well. 1279 01:10:50,167 --> 01:10:52,584 And it's that vote 1280 01:10:52,667 --> 01:10:55,709 that is then put into a scanner and counted. 1281 01:10:55,792 --> 01:10:58,876 It is, again, putting a computer 1282 01:10:58,959 --> 01:11:01,834 between the voter and his ballot. 1283 01:11:01,918 --> 01:11:04,751 Putting a computer between a voter and his ballot 1284 01:11:04,834 --> 01:11:08,000 is going to make sure that you don't have an auditable, 1285 01:11:08,083 --> 01:11:10,167 reliable election. 1286 01:11:11,584 --> 01:11:13,459 So, even though 1287 01:11:13,542 --> 01:11:16,209 the election officials in Georgia are paying lip service 1288 01:11:16,292 --> 01:11:18,959 to the fact they now have a paper trail, 1289 01:11:19,042 --> 01:11:21,292 they are creating a paper trail that, in fact, 1290 01:11:21,375 --> 01:11:23,751 can't actually be audited. 1291 01:11:32,209 --> 01:11:35,500 Paper ballots and risk-limiting audits 1292 01:11:35,584 --> 01:11:38,167 are the unanimous... I can't find 1293 01:11:38,250 --> 01:11:40,375 a single expert in the field, 1294 01:11:40,459 --> 01:11:44,042 who believes that you can get this fixed 1295 01:11:44,125 --> 01:11:47,042 without those two basic requirements. 1296 01:11:47,125 --> 01:11:49,500 And the only way you get anything done 1297 01:11:49,584 --> 01:11:52,584 in the Senate right now is if it's bipartisan. 1298 01:11:52,667 --> 01:11:54,626 The way the filibuster rules work, 1299 01:11:54,709 --> 01:11:56,209 you have to work across the aisle. 1300 01:11:56,292 --> 01:11:58,834 The Secure Elections Act is a bipartisan effort to be able 1301 01:11:58,918 --> 01:12:02,167 to try to address what were the problems that we already see. 1302 01:12:02,250 --> 01:12:03,959 There are vulnerabilities in our system 1303 01:12:04,042 --> 01:12:05,584 that we should pay attention to. 1304 01:12:05,667 --> 01:12:08,834 Some are dramatic, like actually changing votes. 1305 01:12:08,918 --> 01:12:10,334 Some are subtle, 1306 01:12:10,417 --> 01:12:13,042 like just trying to alter a formula in a website 1307 01:12:13,125 --> 01:12:14,918 and making that vulnerable so that people 1308 01:12:15,000 --> 01:12:16,959 can't trust the results that they got. 1309 01:12:17,042 --> 01:12:20,584 The Russians did this last time in 2016. 1310 01:12:20,667 --> 01:12:22,375 It could be the North Koreans next time. 1311 01:12:22,459 --> 01:12:24,083 It could be a domestic hacktivist group 1312 01:12:24,167 --> 01:12:25,417 that just decides they're mad 1313 01:12:25,500 --> 01:12:27,166 and they wanna be able to create some chaos. 1314 01:12:27,167 --> 01:12:28,583 It doesn't have to be a foreign actor. 1315 01:12:28,584 --> 01:12:31,542 Voting machines that do not produce a paper trail. 1316 01:12:31,626 --> 01:12:34,834 The only record of the votes cast is a digital record, 1317 01:12:34,918 --> 01:12:37,209 which could be hacked and which is impossible 1318 01:12:37,292 --> 01:12:38,959 to audit reliably. 1319 01:12:39,042 --> 01:12:41,709 That strikes me as a prescription 1320 01:12:41,792 --> 01:12:44,000 for disaster. 1321 01:12:44,083 --> 01:12:47,334 The most important things are to make sure we have 1322 01:12:47,417 --> 01:12:49,459 votes recorded on paper... 1323 01:12:49,542 --> 01:12:51,959 paper ballots, which just... 1324 01:12:52,042 --> 01:12:54,500 cannot be changed in a cyber attack. 1325 01:12:54,584 --> 01:12:57,959 How would you do a non-paper audit? 1326 01:12:58,042 --> 01:12:59,562 Senator, I think it would be 1327 01:12:59,626 --> 01:13:01,626 basically impossible. 1328 01:13:01,709 --> 01:13:03,667 When you and your colleagues 1329 01:13:03,751 --> 01:13:06,500 hacked election systems, did you get caught? 1330 01:13:06,584 --> 01:13:10,751 - Um... - Did they see your intrusion into their systems? 1331 01:13:10,834 --> 01:13:12,876 The one instance when 1332 01:13:12,959 --> 01:13:15,626 I was invited to hack a real voting system 1333 01:13:15,709 --> 01:13:17,125 while people were watching 1334 01:13:17,209 --> 01:13:19,959 was in Washington, DC, in 2010, 1335 01:13:20,042 --> 01:13:23,000 and in that instance, it took less than 48 hours 1336 01:13:23,083 --> 01:13:26,626 for us to change all the votes, and we were not caught. 1337 01:13:26,709 --> 01:13:29,959 There's a number of bills that are pending before Congress, 1338 01:13:30,042 --> 01:13:32,834 and I think some of them before this committee, 1339 01:13:32,918 --> 01:13:35,292 on the subject of election integrity. 1340 01:13:35,375 --> 01:13:38,667 Mr. Chairman, are we going to be marking up any of those bills 1341 01:13:38,751 --> 01:13:41,000 on election security? 1342 01:13:41,083 --> 01:13:43,667 At this point, I don't see any likelihood 1343 01:13:43,751 --> 01:13:47,292 that those bills would get to the floor if we mark them up. 1344 01:13:47,375 --> 01:13:48,834 Why? 1345 01:13:48,918 --> 01:13:51,876 Same reason we couldn't get our bill to the floor last year. 1346 01:13:51,959 --> 01:13:53,876 Which is? 1347 01:13:53,959 --> 01:13:55,918 I think the majority leader 1348 01:13:56,000 --> 01:13:58,375 just is of the view that 1349 01:13:58,459 --> 01:14:01,167 this debate reaches no conclusion. 1350 01:14:02,250 --> 01:14:05,000 It's very important that we maintain the integrity 1351 01:14:05,083 --> 01:14:09,042 and the security of our elections in our country. 1352 01:14:09,459 --> 01:14:11,459 Any Washington involvement in that task 1353 01:14:11,542 --> 01:14:14,500 needs to be undertaken with extreme care... 1354 01:14:14,834 --> 01:14:17,500 extreme care, and on a thoroughly 1355 01:14:17,584 --> 01:14:19,250 bipartisan basis. 1356 01:14:22,334 --> 01:14:25,918 Leader McConnell has not brought a single piece of 1357 01:14:26,000 --> 01:14:28,375 election security legislation to the floor, 1358 01:14:28,459 --> 01:14:32,125 even though the president's own security team 1359 01:14:32,209 --> 01:14:33,709 has said that we're in jeopardy. 1360 01:14:33,792 --> 01:14:36,250 We were not able to get the bill out of committee. 1361 01:14:36,334 --> 01:14:38,876 We were not able to actually have a vote on it. 1362 01:14:38,959 --> 01:14:41,584 Because, I assure you, if we had a vote on this legislation, 1363 01:14:41,667 --> 01:14:44,876 whether it's at committee or on the floor of the Senate, 1364 01:14:44,959 --> 01:14:46,417 it would pass overwhelmingly. 1365 01:14:46,500 --> 01:14:48,334 I don't see how they explain 1366 01:14:48,417 --> 01:14:51,626 not passing a bill to protect our election equipment. 1367 01:14:51,709 --> 01:14:53,834 The White House, just as we were on the verge 1368 01:14:53,918 --> 01:14:55,959 of getting a mark up in the rules committee, 1369 01:14:56,042 --> 01:14:57,499 getting it to the floor, where I think 1370 01:14:57,500 --> 01:14:59,459 we would get the vast majority of senators, 1371 01:14:59,542 --> 01:15:01,542 the White House made calls to stop this. 1372 01:15:01,626 --> 01:15:03,000 Were you aware of that? 1373 01:15:03,083 --> 01:15:05,000 - No. - Okay, well that happened. 1374 01:15:05,083 --> 01:15:08,375 There are plenty of Republicans in the House and the Senate 1375 01:15:08,459 --> 01:15:10,250 who are deeply concerned about this, 1376 01:15:10,334 --> 01:15:13,250 deeply, deeply concerned about it, as they should be, 1377 01:15:13,334 --> 01:15:14,751 as we all should be. 1378 01:15:14,834 --> 01:15:16,751 This is not a partisan issue. 1379 01:15:16,834 --> 01:15:19,042 Everyone should care about this, 1380 01:15:19,542 --> 01:15:21,709 whoever they vote for, everybody. 1381 01:15:21,792 --> 01:15:24,125 And you've gotta believe at some point, 1382 01:15:24,209 --> 01:15:27,667 it's something bad is going on, that people don't wanna pass it. 1383 01:15:49,542 --> 01:15:52,374 I don't remember the specific person that referred me to you, 1384 01:15:52,375 --> 01:15:53,792 but I do remember that 1385 01:15:53,876 --> 01:15:55,918 you were named 1386 01:15:56,000 --> 01:15:59,334 by one of my sources as a very credible 1387 01:15:59,417 --> 01:16:04,000 cybersecurity expert, um, and I'm trying to remember... 1388 01:16:04,083 --> 01:16:05,959 I think it was like I emailed someone else, 1389 01:16:06,042 --> 01:16:09,417 and they were like, "You should talk to Harri Hursti, not me. 1390 01:16:09,500 --> 01:16:11,709 I'm busy." 1391 01:16:11,792 --> 01:16:16,334 So, this all started around the 2016 election. 1392 01:16:16,417 --> 01:16:20,417 This is a pretty interesting and important-seeming thing. 1393 01:16:20,500 --> 01:16:25,834 We kept reading a series of national reports about various 1394 01:16:25,918 --> 01:16:29,334 named and unnamed state election systems 1395 01:16:29,417 --> 01:16:32,667 or websites that were compromised or hacked, 1396 01:16:32,751 --> 01:16:34,584 and my immediate question was: 1397 01:16:34,667 --> 01:16:37,834 Is there any affiliation here with the Russians 1398 01:16:37,918 --> 01:16:40,751 and the Russian actors that have been identified 1399 01:16:40,834 --> 01:16:43,417 as being involved in the other hacks? 1400 01:16:45,167 --> 01:16:48,334 So, I'll play this tape of the... 1401 01:16:48,417 --> 01:16:51,876 state elections director. 1402 01:16:51,959 --> 01:16:54,125 Josie Bahnke: 1403 01:16:58,375 --> 01:17:00,751 Last week, I had a secure briefing 1404 01:17:00,834 --> 01:17:03,167 with the FBI and DHS. 1405 01:17:03,250 --> 01:17:05,459 We know that they were 1406 01:17:05,542 --> 01:17:08,375 able to look at our website, 1407 01:17:08,459 --> 01:17:11,125 but there was no breach, I guess, essentially. 1408 01:17:11,209 --> 01:17:13,459 Is there any sense that they 1409 01:17:13,542 --> 01:17:15,667 tried to actually, like, access anything? 1410 01:17:15,751 --> 01:17:20,209 No. They wiggled on the door and moved on. 1411 01:17:20,292 --> 01:17:21,751 Wiggled on the door, 1412 01:17:21,834 --> 01:17:23,458 meaning they literally looked at the website, 1413 01:17:23,459 --> 01:17:25,542 it's not like they tried to input credentials or... 1414 01:17:25,626 --> 01:17:27,834 Yes, and there was an IP address. 1415 01:17:27,918 --> 01:17:31,125 I think that's the... that's the gist of it. 1416 01:17:31,209 --> 01:17:35,626 We got some information that seemed to indicate, pretty clearly, 1417 01:17:35,709 --> 01:17:38,042 that there was more to the story here, 1418 01:17:38,125 --> 01:17:40,334 and based on that, 1419 01:17:40,417 --> 01:17:44,626 we formulated a Freedom of Information Act request, 1420 01:17:44,709 --> 01:17:46,334 just sort of sent it off, and... 1421 01:17:46,417 --> 01:17:49,626 How long after election you FOIA'd these documents? 1422 01:17:49,709 --> 01:17:50,959 More than a year. 1423 01:17:51,042 --> 01:17:54,209 And then we got this whole package of documents. 1424 01:17:54,959 --> 01:17:59,292 Really interesting here when you start looking what they explain. 1425 01:18:04,792 --> 01:18:06,500 The Alaska system was compromised, 1426 01:18:06,584 --> 01:18:10,042 but it was compromised by a completely different actor, 1427 01:18:10,125 --> 01:18:11,959 the bad actor is named CyberZeist. 1428 01:18:12,042 --> 01:18:14,959 And, you know, sort of linked to a Twitter account 1429 01:18:15,042 --> 01:18:19,751 that has a sort of past history of hacking other figures. 1430 01:18:19,834 --> 01:18:24,125 Uh, they talked about how the attacker had originated 1431 01:18:24,209 --> 01:18:29,709 from what appeared to be the IP address of a power plant in India. 1432 01:18:29,792 --> 01:18:33,876 State officials had had to report to the FBI, 1433 01:18:34,000 --> 01:18:37,584 and there was more than officials here 1434 01:18:37,667 --> 01:18:40,125 had originally led Alaskans to believe. 1435 01:18:40,209 --> 01:18:43,918 To me, if this is the whole documentation, 1436 01:18:44,000 --> 01:18:48,709 then there was never a proper, uh, investigation. 1437 01:18:50,000 --> 01:18:53,209 Uh, they didn't take this seriously. 1438 01:18:53,292 --> 01:18:55,083 This was quickly brushed over, 1439 01:18:55,167 --> 01:18:57,250 saying, okay, it's contained, 1440 01:18:57,334 --> 01:18:59,626 so, this is the whole problem, 1441 01:18:59,709 --> 01:19:02,918 and we cleaned the whole problem, it's all fine. 1442 01:19:03,000 --> 01:19:06,250 And nothing to see here, we were not hacked. 1443 01:21:04,667 --> 01:21:07,918 They are making a claim here 1444 01:21:08,000 --> 01:21:12,042 that the attacker got access to the file system, 1445 01:21:12,125 --> 01:21:14,792 and they sort of, kind of leave it there. 1446 01:21:16,834 --> 01:21:18,625 If you have that kind of access to file system, 1447 01:21:18,626 --> 01:21:20,417 you can simply replace files 1448 01:21:20,500 --> 01:21:22,042 and gain control of the system. 1449 01:21:22,125 --> 01:21:25,876 Security researchers like myself, this tells that... 1450 01:21:25,959 --> 01:21:28,792 Whether they believe what they say themselves doesn't matter. 1451 01:21:28,876 --> 01:21:31,709 This tells that the truth is likely to be 1452 01:21:31,792 --> 01:21:34,292 way worse than what they're saying, 1453 01:21:34,375 --> 01:21:36,959 clearly worse than this explanation. 1454 01:21:37,042 --> 01:21:39,500 There was no containment in effect. 1455 01:21:43,834 --> 01:21:46,918 CyberZeist: 1456 01:23:21,959 --> 01:23:24,626 What I take of this... 1457 01:23:26,459 --> 01:23:31,375 is that... he got into that one place, 1458 01:23:32,417 --> 01:23:35,250 and then, he deployed a tool, 1459 01:23:35,334 --> 01:23:36,876 which he doesn't want to disc... 1460 01:23:36,959 --> 01:23:40,042 He doesn't want to disclose that tool. 1461 01:23:40,125 --> 01:23:41,918 That tool took him, all of a sudden, 1462 01:23:42,000 --> 01:23:44,042 to a completely different place. 1463 01:23:44,125 --> 01:23:47,751 And because he wants to use that tool later, 1464 01:23:48,459 --> 01:23:54,876 he doesn't want to give any hint, um... how that jump happened. 1465 01:23:54,959 --> 01:23:59,042 But omission of that information 1466 01:23:59,125 --> 01:24:02,375 is not making him less credible, 1467 01:24:02,459 --> 01:24:06,459 because he could have made a bullshit story and he didn't. 1468 01:24:09,709 --> 01:24:11,792 CyberZeist: 1469 01:24:58,751 --> 01:25:00,792 If you use a standardized... 1470 01:25:00,876 --> 01:25:03,375 "standardized" criminal tools, 1471 01:25:03,459 --> 01:25:06,918 all of this can be carried out almost effortlessly. 1472 01:25:07,000 --> 01:25:10,209 So, this also brings back 1473 01:25:10,292 --> 01:25:12,542 the question, why Alaska? 1474 01:25:12,626 --> 01:25:14,542 Is Alaska the ultimate target, 1475 01:25:14,626 --> 01:25:17,626 or is Alaska just an intermediate step 1476 01:25:17,709 --> 01:25:20,834 towards something else? 1477 01:25:28,626 --> 01:25:33,792 You have to think about what are the threat actors' real motivations. 1478 01:25:34,792 --> 01:25:41,334 Everything else is tools, tactics, technology... irrelevant. 1479 01:25:41,417 --> 01:25:44,834 What you are really going after is the mind of your adversary. 1480 01:25:46,042 --> 01:25:49,125 And the mind, in some cases a visual mind, 1481 01:25:49,209 --> 01:25:53,042 sometimes a collective mind of the society. 1482 01:25:53,751 --> 01:25:56,000 When a sufficiently large group 1483 01:25:56,083 --> 01:25:59,667 of members of society don't anymore believe in the society, 1484 01:25:59,751 --> 01:26:02,292 and that's where the collapse starts. 1485 01:26:03,292 --> 01:26:05,751 It's called kill chain. 1486 01:26:05,834 --> 01:26:08,334 Kill chain is a 2,000-year-old concept, 1487 01:26:08,417 --> 01:26:11,542 which can be used in any kind of operation, 1488 01:26:11,626 --> 01:26:15,000 whether it is military or organized crime 1489 01:26:15,083 --> 01:26:16,751 or some other activity. 1490 01:26:16,834 --> 01:26:19,876 And in kill chain, you move, 1491 01:26:19,959 --> 01:26:23,167 step-by-step, towards your ultimate target. 1492 01:26:25,918 --> 01:26:30,000 First, you gather intelligence. What is the landscape? 1493 01:26:31,667 --> 01:26:33,626 After that, you analyze the intelligence, 1494 01:26:33,709 --> 01:26:35,876 and now, you're asking yourself the question, 1495 01:26:35,959 --> 01:26:38,083 "Who are the possible targets?" 1496 01:26:40,083 --> 01:26:42,042 After that, it's weaponization. 1497 01:26:42,125 --> 01:26:45,876 So, now you know against whom you are going, 1498 01:26:45,959 --> 01:26:48,751 what tools you are using. 1499 01:26:48,834 --> 01:26:52,042 I think the most important part of the kill chain 1500 01:26:52,125 --> 01:26:56,292 is the paralyzation of your adversaries. 1501 01:26:56,375 --> 01:26:59,083 And when the governments cannot 1502 01:26:59,167 --> 01:27:02,292 assess the situation, 1503 01:27:02,375 --> 01:27:05,250 take an action and correct it, 1504 01:27:05,334 --> 01:27:07,792 that's when a paralyzation happens. 1505 01:27:07,876 --> 01:27:10,375 That's really when you finish the target. 1506 01:27:13,042 --> 01:27:16,125 The chain will go on until you break a link. 1507 01:27:20,417 --> 01:27:25,667 Stopping them while maintaining and remain true to your values, 1508 01:27:25,751 --> 01:27:28,500 that is the tricky part. 1509 01:27:30,167 --> 01:27:33,125 I've told voters before to be careful what you vote on. 1510 01:27:33,209 --> 01:27:36,959 Um, if you cannot validate it, if you cannot verify it 1511 01:27:37,042 --> 01:27:39,834 right in front of you, then you shouldn't be voting on it, 1512 01:27:39,918 --> 01:27:41,638 and you should be asking for a paper ballot. 1513 01:27:41,667 --> 01:27:43,500 Use paper ballots. 1514 01:27:43,584 --> 01:27:46,834 We can use an optical scanner to scan the paper ballots. 1515 01:27:46,918 --> 01:27:48,792 If it turns out that 1516 01:27:48,876 --> 01:27:51,167 an optical scanner, which is also a computer, 1517 01:27:51,250 --> 01:27:53,584 has been corrupted in some way 1518 01:27:53,667 --> 01:27:56,334 or hacked in some way, 1519 01:27:56,417 --> 01:27:58,792 then we've got these paper ballots we can go back to 1520 01:27:58,876 --> 01:28:00,542 and count them by hand. 1521 01:28:00,626 --> 01:28:03,125 Whether it's Vladimir Putin or Harri Hursti 1522 01:28:03,209 --> 01:28:04,959 who's attacking the machines, 1523 01:28:05,042 --> 01:28:07,292 the only surefire way to know 1524 01:28:07,375 --> 01:28:09,125 whether the machines are telling the truth 1525 01:28:09,209 --> 01:28:10,709 about the election results 1526 01:28:10,792 --> 01:28:13,083 is to do an audit, to look at the paper, 1527 01:28:13,167 --> 01:28:15,792 and to make sure that what's on that paper 1528 01:28:15,876 --> 01:28:18,375 matches the results that the computers are saying. 124622