An 11-year-old boy hacked into a model of Florida’s state election website and changed the voting results in just minutes over the weekend.
The successful hack happened during a hacking competition held at DEFCON over the weekend, according to the event’s organizers.
The annual hacking event hosted a competition where 39 kids between the ages 6 and 17 raced to hack replicas of the Secretary of State websites in six swing states.
“The quickest exploit was done by an 11 year old in 10 minutes,” the organizers announced in a tweet.
The boy, who has been identified as Emmett Brewer, successfully hacked the replicated Florida voting site.
{mosads}He wasn’t the only one.
Most of the children — 35 out of 39 — completed an exploit.
“Kids tampered with vote tallies, party names, candidate names, etc; total vote counts were changed to numbers like 12 billion and candidate names were changed to things like ‘Bob Da Builder’ or ‘Richard Nixon’s Head,'” the organizers noted in tweets, announcing the results.
The competition began after the kids received a walkthrough of how to perform an SQL injection, a code injection technique that is used to attack data-based applications.
The stunning feat happens amid heightened concerns about the security of election systems.
The convention, which draws hackers from all around, has previously featured an event called the Voting Village where adult hackers similarly competed to exploit voting systems.
This year, they decided to extend the competition to younger hackers, which was organized in part by r00tz Asylum, a non-profit that teaches kids how to hack.
Nico Sell, co-founder r00tz Asylum, told PBS on Sunday that an 11-year-old girl also managed to complete an exploit on the same mock Florida website in approximately 15 minutes, and then tripled the number of votes there.
“These are very accurate replicas of all of the sites,” Sell told the news outlet.
“These things should not be easy enough for an 8-year-old kid to hack within 30 minutes, it’s negligent for us as a society.”
Some election groups, however, sought to downplay the hacks. They argued these hacking competitions are not realistic replicas.
“Our main concern with the approach taken by DEFCON is that it utilizes a pseudo environment which in no way replicates state election systems, networks or physical security,” the National Association of Secretaries of State (NASS) said in a statement, pointing to the Voting Machine Hacking Village events.
“Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use, does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day,” the press releases adds.
This sort of mock election is “unrealistic,” NASS argued.
“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols.”