Hacking the websites responsible for election information is so easy an 11 year-old did it

It’s time to talk about election security. Over the weekend at Def Con, the annual hacker convention in Las Vegas to discuss some of the latest and greatest (or scariest) trends in the wild world of hacking, a pair of election security hacking demonstrations set up for adults and kids alike offered up some frightening […]

It’s time to talk about election security.

Over the weekend at Def Con, the annual hacker convention in Las Vegas to discuss some of the latest and greatest (or scariest) trends in the wild world of hacking, a pair of election security hacking demonstrations set up for adults and kids alike offered up some frightening revelations about America’s voting infrastructure. (I’m not even going to begin to touch Voatz.)

For 11 year-old Emmett from Austin, hacking the website for the Florida Secretary of State was as easy as a simple SQL injection.

While it took Emmett only 10 minutes to break into the election reporting section of the Florida Secretary of State web page, it’s important to note that these pages were set up as replicas.

The idea, according to event organizers from Wickr (a secure communications platform), “was mainly focused on breaking into the portions of the websites that are critical to the election process, [so] the kids worked against the replicas of the webpages where election results are reported by secretaries of state.”

The replicas were built by the team at Wall of Sheep Village and they issued the following statement: “The main issues with the live sites we are creating the replicas of are related to poor coding practices. They have popped up across the industry and are not vendor specific.”

And while the National Association for the Secretaries of State had some choice words for the Voting Machine Hacking Village, they didn’t address the hacks the kids made on their actual web sites.

In all, some 47 kids participated in the election hacking contest and 89% of them managed to get in to the virtual web sites set up by Wickr and Wall of Sheep Village.

Emmett, whose dad works in cybersecurity and who has been attending Def Con now for four years, has some thoughts on how easy it was for him to get into the system and change the vote tallies for election results.

“It’s actually kind of scary,” the 11 year-old said. “People can easily hack in to websites like these and they can probably do way more harmful things to these types of websites.”

The point, according to Wickr’s (badass) founder Nico Sell, is to bring attention to just how flawed security operations remain at the state level in areas that are vital to the nation’s democracy.

“The really important reason why we’re doing this is because we’re not taking the problem serious enough how significantly someone can mess with our elections,” said Sell. “And by showing this with eight year old kids we can call attention to the problem in such a way that we can fix the system so our democracy isn’t ruined.”

Some executives at big corporations share the same concerns. For Hugh Thompson, the chief technology officer at Symantec, the risks are real — even if the problems won’t manifest in the most important elections.

As Thompson (who worked on election security in the early 2000s) told The Financial Times, “The risk that I think most of us worried about at that time is still the biggest one: someone goes into a state or a county that doesn’t really matter in the grand scheme of the election, is not going to change the balance on x, y or z, but then publishes details of the attack,” he said. “Undermining confidence in the vote is scary.”

Stakes are incredibly high, according to experts familiar with election security. Despite the indictments that Robert Mueller, the special counsel investigating Russian interference, issued against 12 Russian nationals for targeting the 2016 US election, Russian hacking remains a threat in the current election cycle.

Microsoft has already said that it has detected evidence of attempted Russian interference into three campaigns already in the 2018 election cycle.

As Fortune reported in July, Microsoft’s vice president for customer security, said that researchers at the company had discovered phishing campaigns that were linked to the GRU, the Russian military intelligence unit tied to the DNC election hacks from 2016.

For security officers working on the websites for the secretaries of state in the battleground states that the tween and teen hackers targeted during Def Con, young Emmett has some advice.

“Use more protection. Upgrade your security and obviously test your own websites against some of the common vulnerabilities,” the 11 year-old advised. 

Taking the pain out of accounting and payroll for small businesses, ScaleFactor raises $10 million

ScaleFactor, the Techstars alumnus that’s selling accounting and payroll management software as a service, has raised $10 million in a new round of funding as it looks to scale up its sales and marketing efforts. Founded by longtime accountant, Kurt Rathmann, the Austin-based company has created a software service that collects and analyzes data from […]

ScaleFactor, the Techstars alumnus that’s selling accounting and payroll management software as a service, has raised $10 million in a new round of funding as it looks to scale up its sales and marketing efforts.

Founded by longtime accountant, Kurt Rathmann, the Austin-based company has created a software service that collects and analyzes data from point of sale systems, bank accounts, credit cards and billing systems, to automate recordkeeping and payroll functions.

Rathmann, a former KPMG employee, started ScaleFactor after seeing the lack of innovation in the backoffice functions that are really the engine of any small business.

“Around the tech stack, accounting and financials were lacking the most,” Rathmann says. So he left his job at KPMG and started ScaleFactor Consulting out of his garage in Austin in 2014.

After a few years of basically going door-to-door (a throwback to Rathmann’s first company as an 18-year-old selling outdoor lighting in suburban Dallas) to find out what small businesses needed from an accounting software solution, ScaleFactor developed the API toolkit and management software that would become the services it’s pitching today.

After graduating from TechStars’ Austin accelerator, the company was able to nab $2.5 million in a seed financing round that included TechStars Ventures, NextCoast Ventures, and two Kansas City-based investment firms — Firebrand Ventures and Flyover Capital.

While the initial services business holds a lot of value and has managed to attract scores of small businesses, both Rathmann and his new investors led by Canaan Partners and including Citi Ventures and Broadhaven Capital see bigger opportunities down the road for ScaleFactor.

With the window that the company has into the operations of small businesses around the country, ScaleFactor can serve as an unimpeachable source of information for small business lenders.

With insight of (and control over) payroll management, billpay, cash approvals, cash accounting, and an ability to project forward cash flows (along with invoicing and tax management for part time employees), ScaleFactor will be able to offer lending services to smooth bumps in a company’s progress. 

“Bookkeeping and accounting is really the nucleus,” says Michael Gilroy, a principal with Canaan Partners. 

While Square has moved into lending services (and now is on the hunt for a banking license) through its window into a company’s revenues through point-of-sale devices, a company like ScaleFactor has a more holistic view of the health of a business, says Gilroy.

Equipped with that information ScaleFactor software can do things — like prompt business owners of the revenue targets they need to hit each month or suggest lending options to cover shortfalls — that better equip business owners to handle disruptions. 

“With our foundation established, a big part of our Series A is how do we power the business owner past bookkeeping & accounting? We see many opportunities to help further and our next steps will include things like lending, payments and many other activities that take a business owner/operators focus away from driving their business forward,” Rathmann wrote in an email.