An 11-Year-Old Hacked Into a U.S. Voting System Replica in 10 Minutes This Weekend

A particularly alarming hack was carried out at the DEFCON hackathon conference over the weekend by an 11-year-old boy.

He managed to hack into an imitation Florida state voting website and change the results of the “election” in fewer than 10 minutes.

DEFCON is the world’s larger hacker conference held annually in Las Vegas, where hackers and cyber security experts try to break into all kinds of computer security systems, highlighting how easy it can be to manipulate software and hardware. At this year’s conference, DefCon added children to its list of those invited, specifically to try to hack websites in the DEFCON Voting Machine Hacking Village, a part of the hackathon that includes “13 imitation websites linked to voting in presidential battleground states,” according to PBS.

More than one succeeded.

Emmett Brewer, the 11-year-old who successfully hacked the replicated Florida voting site, wasn’t the only child who got into the election systems at the conference. In total, about 50 kids ranging in age from 8 to 16 attended the conference, DEFCON said in a tweet, and around 30 of them were able to hack into the imitation election websites.

The National Association of Secretaries of State issued a statement in response to DEFCON hacking voting systems, expressing concern about the event encouraging the mock hacking of official election systems and saying it does not accurately reflect the reality of electronic voting in the U.S.

“While we applaud the goal of DEFCON attendees to find and report vulnerabilities in election systems it is important to point out states have been hard at work with their own information technology teams…” the statement reads. “Our main concern with the approach taken by DEFCON is that it utilizes a pseudo environment which in no way replicates state election systems, networks or physical security. Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use, does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day.”