r00tz Asylum, a nonprofit dedicated to teaching kids ages 8-16 about white-hat hacking, announced July 24 that it would be allowing students to attempt to hack into simulated campaign finance portals at this year’s DEF CON, set for August 8-11
“We are trying to teach kids about the vulnerabilities that still exist in our election ecosystem,” Morgan Ryan, an organizer of r00tz Asylum and adviser with the University of Chicago’s Cyber Policy Initiative, told DarkReading. “The more they know, the more exposure they gain, the more they can contribute and be civically engaged. This is about education and finding solutions.”
Students will be encouraged to use Structured Query Language injections and other hacking tactics to gain access to the portals. r00tz Asylum said that while some have questioned whether simulated websites were a “valid representation of actual state websites,” the recent report from Special Counsel Robert Mueller “detailed that in 2016 Russian hackers actually used SQL injections to successfully attack real election websites.”
If successful in their attempts, the students would then work with the DEF CON Artificial intelligence (AI) Village to use their hacked info to run disinformation campaigns. Specifically, the kids would attempt to spread fake financial disclosure reports that were being generated from breaches in the simulated websites’ defenses.
Organizers for r00tz Asylum explained that “this year’s focus on campaign financial disclosure websites and social media disinformation campaigns meant kids could play a real role in elevating some of the most vulnerable components of democratic infrastructure.”
This isn’t r00tz Asylum’s first foray into election security. Last year the group had hackers use “SQL injection attacks to access and manipulate simulated state election results websites, altering the candidates and displayed vote counts.” During last year’s DEF CON, an 11-year-old girl was able to access and change voting results in less than 15 minutes.