PBD Podcast - “Never Trust, Always Verify” - Harri Hursti Hacks a Voting Machine LIVE on PBD Podcast! | PBD Podcast | Ep. 478
Episode Date: September 25, 2024Patrick Bet-David interviews cybersecurity expert Harri Hursti, who is known for exposing vulnerabilities in voting machines. Hursti discusses his experience hacking voting systems and raises concerns... about the security of U.S. elections. Watch as Hursti demonstrates a live voting machine hack and explores election integrity. ------ Ⓜ️ CONNECT WITH HARRI HURSTI ON MINNECT: https://bit.ly/4ehcsoU 🧢 NEW FLB HAT - WHITE W/ RED LETTERING: https://bit.ly/3BgUAvR 🧢 NEW FLB HAT - RED W/ WHITE LETTERING: https://bit.ly/3MY7MIQ 🇺🇸VT USA COLLECTION: https://bit.ly/47zLCWO 📰 VTNEWS.AI: https://bit.ly/3Zn2Moj 🇺🇸VT USA COLLECTION: https://bit.ly/47zLCWO 📰 VTNEWS.AI: https://bit.ly/3Zn2Moj 🏦 "THE VAULT 2024" RECORDING: https://bit.ly/4ejazrr 👕 VT "2024 ELECTION COLLECTION": https://bit.ly/3XD7Bsm 📕 PBD'S BOOK "THE ACADEMY": https://bit.ly/3XC5ftN 🎙️ FOLLOW THE PODCAST ON SPOTIFY: https://bit.ly/3ze3RUM 🎙️ FOLLOW THE PODCAST ON ITUNES: https://bit.ly/47iOGGx 🎙️ FOLLOW THE PODCAST ON ALL PLATFORMS: https://bit.ly/4e0FgCe 📱 CONNECT ON MINNECT: https://bit.ly/3MGK5EE 📕 CHOOSE YOUR ENEMIES WISELY: https://bit.ly/3XnEpo0 👔 BET-DAVID CONSULTING: https://bit.ly/4d5nYlU 🎓 VALUETAINMENT UNIVERSITY: https://bit.ly/3XC8L7k 📺 JOIN THE CHANNEL: https://bit.ly/3XjSSRK 💬 TEXT US: Text “PODCAST” to 310-340-1132 to get the latest updates in real-time! ABOUT US: Patrick Bet-David is the founder and CEO of Valuetainment Media. He is the author of the #1 Wall Street Journal Bestseller “Your Next Five Moves” (Simon & Schuster) and a father of 2 boys and 2 girls. He currently resides in Ft. Lauderdale, Florida. --- Support this podcast: https://podcasters.spotify.com/pod/show/pbdpodcast/support
Transcript
Discussion (0)
What's 2FA security on Kraken?
Let's say I'm captaining my soccer team, and we're up by a goal against, I don't
know, the Burlington Bulldogs.
Do we relax?
No way.
Time to create an extra line of defense and protect that lead.
That's like 2FA on Kraken.
A surefire way to keep what you already have safe and sound.
Go to kraken.com and see what crypto can be.
Not investment advice.
Crypto trading involves risk of loss. See kraken.com slash legal slash ca dash pru dash disclaimer for
info on Kraken's undertaking to register in Canada.
It's a new day. How can you make the most of it with your membership rewards points?
Earn points on everyday purchases. Use them for that long awaited vacation. Points never
expire, so use them how you want. That's the powerful backing of American Express.
On eligible cards, terms apply.
Learn more at mx.ca.
There's a lot of people that are worried
what the hell is going on here
because it just doesn't make sense.
Is my vote gonna count?
Can you come back and manipulate it?
People don't have a lot of trust in the system today.
What is your level of faith in the accuracy
of the machines that we currently use?
Every single independent study where we have had access to voting machines, 100% of the
voting machines have been hacked. Unhackable doesn't exist. Instead of saying trust but
verify, you should have a zero trust approach. Never trust and always verify.
Hackers can manipulate the system this dramatically?
Once you gain access to the system, you can change anything as you want.
They can fix it if they really want to, but you're saying every machine has the same vulnerabilities of how to get into it.
You think that's accidental?
There has to be a political will to create those standards to be mandatory and enforced.
This is not a technological problem.
This is a regulation and legal problem.
What we need is transparency.
We don't have it though.
Well, we do actually.
How do we have that?
You just said at the beginning of the podcast
that, hey, never trust, always verify.
And now you're saying we have to trust
because it's bad for democracy.
You just validated millions of people's concerns.
I'm walking away with enough stories to tell for the next month. 30 seconds. All right, so listen, since we're around 40 days away from the elections, I thought it
was appropriate to bring somebody who has bought hundreds of voting machines himself
and who has hacked into many voting machines himself to see if there's the ability to hack into them to the point where March of 2020, eight months before the elections of 2020,
which was a controversial one, he was on an HBO documentary showing that many machines out there
are able to be hacked into. And eventually he was so successful that they called something the Herstie Hack, Herstie is his last name, was a successful attempt to alter the votes recorded on a die-bolt
optical scan voting machine.
The hack is named after Harry Herstie who is here with us and I'll show you the results.
And he decided to take it to a whole different level.
Not only is he here in the flesh for us to talk about, you know, what's out there, what's possible out there, he brought a voting machine here with him
to show us and he's going to actually hack into it live. You're going to see it here with our
friend who's a guest today, Harry. It's great to have you on the podcast. Thank you for having me.
Yeah, so as a hacker security researcher, I want to start it off with this first, okay?
I think it's the first story, Rob, if I'm not mistaken.
Which let me go to the story, and I want to get right into this here.
Story comes out August 12th of this year, Politico, okay, you're quoted in it.
The nation's best hackers found vulnerabilities in voting machines, but no time to fix them.
Top hackers at DEFCON, DEFCON is where a lot of these hackers, you guys go to, expose vulnerabilities
in U.S. voting machines, but fixes are unlikely, Rob, if you want to pull up this article,
if this is it.
Before November 2024 election, due to the long and complex process of updates, organizers
are frustrated.
There is so much basic stuff that should be happening and is not happening," said co-founder
Harry Herstey.
It's not a 90-day fix, and it continues.
Security concerns are heightened by past foreign interference like the 2016 Russian hacks and
recent threats.
Herstey warned, if you don't think this kind of place, this kind of place
is running 24-7 in China, Russia, you're kidding yourself. Adversaries have access to everything.
While DEF CON hackers highlight these issues annually, the slow response from manufacturers
and election officials raises fears that unpatched vulnerabilities could fuel future allegations of election fraud. So
after your experience with all these different machines, what is your level of faith in the
accuracy of the machines that we currently use? So first of all, the quote you said about the room
running 24 seven in adversary country, that actually was a quote made by one of the top
spy agencies of US director in DEFCON. So it's's put to me, it's just repeating what he said.
Who was the person that said that?
That was Rob Joyce of NSA.
Got it. If you want to pull up his name so we can give him credit, please keep going.
So my confidence actually in US elections is high. Right now, we have to improve the systems,
but we already know how to get elections done right
on this hand-marked paper ballots.
And since I started and my colleagues started to expose the problems, more and more of the
United States have transitioned to have a hand-marked paper ballots.
And in the US, you have to understand the US elections are almost uniquely complex.
There are countries which have more complex elections than the US, but not very many. In the US, there is no alternative
in most of the US to use voting machines. You have to use them because voting machines actually are
more accurate than humans. The error rate of humans, especially if you think about the stress
environment on election night, is higher than margin victory in
a lot of places. So you have to use voting machines to count paper ballots. Now you have paper ballot,
which means that you can always verify the results. And there's a methodology called risk limiting
audit, which is amazing and developed by Professor Philip Stark, one of the main authors of that.
It's very cost effective in the labor hours and you can verify that the election have the right outcome. So we already know how to fix it.
At the same time, when we look at voting machines, yes, we have vulnerabilities in machines, and
we will have vulnerabilities always. Unhackable doesn't exist. So instead of saying trust
but verify, you should have a zero trust approach. Never trust and always
verify. So we always have to verify the results. Never trust and always verify is what you say.
Correct. Okay. All right. But you went back and you said your confidence in the election and
everything's very high, it's going to be good because it's a lot easier to use the machines
versus if you're going to do paper ballots and the stuff. you're right, but the question isn't if it's left alone
to do its job.
The problem that people have, which is why you did the documentary deal with HBO, it's
so interesting when you guys did it.
You did it in March 2020, which was eight months before the elections, and there was
not much done on that afterwards from HBO.
It was an interest of what happened before that.
So I guess my question for you would be the following.
In the area of tampering when it comes down to things like this, tampering with these
machines by hackers, okay, we have a machine here.
In a few minutes you'll hack it and show everybody that you can hack into this machine here and
you'll give the model and all that stuff that we'll talk about if we line up 50 of
your colleagues who are also hackers like yourself and we gave a million
dollar prize to hack into the most recent machines that we have all of them
out of 50 people how many would be able to hack into the machines to manipulate
the votes I would guess everyone.
You would guess everyone?
Because these machines are, when we looked at the systems, and we had Defcon this summer,
brand new system, which is used in a very limited sense, I think the number was 42 vulnerabilities
found in two and a half days.
So these systems have a lot of vulnerabilities.
Now the question is how you mitigate.
That's why we have to expose the problems
so that we can develop a mitigation strategy.
Like the hack that I'm going to show here,
the mitigation strategy is limiting physical access.
At the same time, it's a very bad idea
to think that somebody would wake up
in an election day morning and say, oh, today I have nothing to do.
I will hack election.
Obviously, you would have years of planning or months of planning ahead of that.
I also want to say one thing about this movie, where the kill chain, the cyber war in American
election, that was the second movie.
Our first HBO documentary came out in 2006.
So this is already a follow-up.
And we were filming it give or take five years.
The reason that it came out in 2020 March was just how long the production took.
But that was years and years of filming, gathering material, doing the research, doing the investigations.
So I want to do this for the audience to also know who you are and who you're not.
More or so for the audience to know who you're not.
Rob, where's the story of, let me find this, I think it's important because this will give
a lot of context.
You went to the event, if I'm not mistaken, where Mike Lindell, there you go, Mike Lindell
was holding a three-day cyber symposium
in August of 2021, right?
And he had the promise that he would present irrefutable evidence of election fraud in
2020 elections, okay?
And you attended the event with a journalist, Donnie O'Sullivan, if I'm not mistaken.
Correct me on any of this if I'm saying that.
And then at the end of it, you said there was a pile of nothing and found no proof of
election fraud.
Do you still stand by that?
Absolutely.
And actually, even before that, Mike Lindes claimed what he has were fundamentally impossible.
That kind of data he claimed to have doesn't exist and no government even has the capability
of gathering that information.
So even before coming there, I knew there will be nothing.
Actually my suspicion was that there would be a synthetic data which would be hard to
prove right or wrong.
And my shock was there was nothing, absolutely not even this kind of smoke and mirror data.
So that was a absolute nothing.
Did he bring a hacker up on stage and say,
here's how easy it is to hack into the systems?
I don't know what happened on the stage because we experts were locked in the back rooms.
So we didn't see what is happening on the stage.
Was it a public event or was it a private event?
I think it was a private event because it was an invitation only.
And he didn't even want to have hackers.
He was putting different rules who are qualified.
But then he told publicly that media and elected officials can bring their own experts.
So I was never invited there by Mike Lindell.
I was actually brought in by CNN because they were a media who got me in.
Got it. So CNN was able to get you in,
but you were not fully in there to see what was going on.
So on one end-
No, none of the experts.
Right, so on one end, you believe the top 50 hackers
at DEFCON could hack into any one of the machines
that they have, including the latest one,
yet at the same time, you don't believe
the Mike Lindell's theories
were anything that there was any credibility behind it.
So both positions is what you're taking.
Okay, correct.
Great.
And I want to say that's one thing
what was so hilariously funny about Mike Lindell's statement
because he was showing that he had claimed the data.
He has a data how every single place was hacked.
And one of the list was all 320 jurisdictions of New Hampshire. had claimed the data, he has a data how every single place was hacked.
And one of the lists was all 320 jurisdictions of New Hampshire.
Well the problem is out of the 320 jurisdictions, 123 uses no computers whatsoever.
It's a pure hand count, no computers.
Yet he claimed that he has an evidence how these places were hacked by Chinese, they don't have computers. There's
nothing to be hacked. Right. But the part again, two things can be right and wrong at the same time.
Correct. You're not saying the machines are not, are impossible to hack. You're saying we can hack
every one of them. But at the same time, you're saying what he's saying was not accurate. There
was not a lot of proof there. Okay. So let's put those out there for the audience
to know where we're at with that. Right? Correct. And I have to say one thing. Every single
independent study where we have had access to voting machines, 100% of the voting machines
have been hacked. So that's going to be the every computer in the world can be hacked
if you have access and no mitigation.
Now, when we hack the machines, that is for the purpose that we can improve.
And if you cannot improve the system, then you have to improve everything around the system,
have a mitigation strategy, how you defend the system,
either by having temporary evidence or preventing the access what hackers need.
But there's always a way to try to mitigate.
But we really, really have to get this more secure
so that the machines, there's less requirement
for mitigation.
You think there's certain people
that almost don't want it to be fixed?
I have to say that I'm very worried for initiatives now
when jurisdiction in the US are actually disabling and dismantling their
own security for a reason that whatever is their reason.
So there are these small rogue places where people are actually destroying their own security
on purpose.
Destroyed their own security on purpose.
Yes, what I said.
And that's what happens here in the States.
There are states, there are counties where that's actually happening right now.
And all it takes is a couple good counties to be able to flip the vote, right?
Well it's even if those cannot flip the vote, the reason here is to deny the result or make
a false allocation, disinformation, disinformation, malinformation.
So a lot of this is very dangerous because it is feeding
to the distrust of the public. And in democracy, any distrust is damaging the participation.
And democracy is all about participation. So if the public...
Any distrust?
Distrust is causing apathy. Apathy is something which is detrimental for functioning democracy.
Hari, do you know how you started a podcast? Do you know what you said?
Yes. What did you say?
I said that I have a trust on the voting and elections.
No, no, you said, always verify, never trust.
Yes. So, but hear me out because you just said
the beginning of the podcast that, hey,
never trust, always verify.
And now you're saying we have to trust
because it's bad for democracy.
No, we have to verify.
Yeah, but you said never trust.
You said we should trust a little bit
because democracy needs for us to trust the system.
Well, system, so you have to be able to trust that if the system fails, if the voting machine
fails, you will be always still be able to verify the result and the outcome.
And that's why hand-marked paper ballots allows you to do that.
No matter what the voting machines are doing, you can always put humans to look every ballot
and make sure that the outcome is right.
It's kind of a, I mean, it's.
And by the way, we have had thousands of years of fraud on paper.
That's why we are so good in mitigating against fraud on paper.
So you just have to make sure then that those huge piles of paper is protected physically.
And at the same time, you hear Elon Musk saying the fact that he's not a fan of electronic
voting machines as he wades into sensitive Indian debate.
Anything can be hacked.
This was just a few months ago.
I'm sure you saw that.
And he's calling for eliminating electric voting machines ahead of US elections, risk
of hacking.
This is a story again for India.
And he's concerned about it.
A lot of people are concerned about that as well, which I'm sure you can understand why.
And then at the same time, while we're going through this, we saw what happened with Dominion,
when Dominion sued Fox and they had to pay whatever,
$780 million.
Yet, did you hear about Smartmatic?
I know that that company, yes.
You know when Smartmatic, you know how much money
they wanted from Fox News?
Do you remember the article?
So Smartmatic, they wanted, can you go a little lower
so we can show what Smartmatic was asking for, Rob,
if you have that number?
So Smartmatic, zoom in a little bit, which is, this ismatic was asking for, Rob, if you have that number? So, Smartmatic, zoom in a little bit.
By the way, Harry, I appreciate you doing this.
Trust me, a lot of people are interested.
But there's a lot of people that are worried, what the hell is going on here?
Because it just doesn't make sense.
If you can pull up what Smartmatic wanted to ask from, if you type in 2.7, Rob, type
in 2.7, okay, for Deny's Wrongdoing of Finding New York State, Smartmatic wants $ 2.7 Rob, type in 2.7, okay, for denies wrongdoing and fighting in New
York State, Smartmatic wants 2.7 billion dollars from Fox and other Trump allies that it named
in the lawsuit, right?
So that's this.
Now Rob, if you can go to the story about Smartmatic's founder, did you see the story
about Smartmatic's president?
Smartmatic president, two other execs charged with bribing Philippines
elections official DOJ. The voting machine company executives allegedly
paid one million dollars in bribes. This is a month ago, two months ago. So this is
the part where the American voters sitting there saying, wait a minute, you
just asked for 2.7 billion dollars accusing everybody of crime. You're the real criminal doing something like this.
And ABC, CBS, NBC, CNN, everybody's writing about it.
So that's where people are conflicted.
Is my vote going to count?
Can you come back and manipulate it?
People don't have a lot of trust in the system today.
That's very good.
Smartmatic is not used in the US.
Basically, only LA County is using anything to do with Smartmatic.
The reason why I'm showing you this is because these guys, they jumped on the bandwagon of
Dominion.
So I'm making the comparison on the fact that all of these guys want to come out there,
act like they're flawless and they're doing everything the right way and not saying the
fact that there's a possibility of somebody tampering with our technology that we have. Okay, so of everything that you've done with your investigation into these systems, if
you don't mind kind of sharing the story of what happened with Leon High School, the pre-hack
and the post-hack.
I don't know if you know the story about the whole series of four tests conducted, February,
May, and December of 2005.
Sancho invited
Black Box Voting to Tallahassee after an invitation to check the die-balled machines.
The Black Box Voting engaged the services of Dr. Herbert Hugh Thompson and Harry Herstey.
It's a Liam County.
Right.
I totally get that.
No, what I'm trying to say is the fact that a small camp, a small, what do you call it,
test to see how much effect it had, right?
So then the first two projects targeted a computer program that adds up all the voting machine
results and produces the final report, right? On February 14 and again on May 2, Thompson
successfully hacked the Diebald GEMS central tabulator and bypassed all passwords by using
a visual basic script, right?
This however will be detected in a vigilant environment if the supervisor of elections
checks the poll tapes, voting machine results, against the central tabulator report for purpose
of demonstration.
An election was ran using this just to kind of test the model out.
And the results of the first hack are shown as right here. So this is pre-hack.
Bud Baker was winning 54.79%, and then Thomas was at 16.89%, and Nadia was at 28%.
Post-hack, Bud was at 10.71%, and Thomas was at 3.3%, and Nadia was at 85.98%.
That means hackers can manipulate the system
this dramatically?
Absolutely.
I mean, once you gain access to the system,
you can change anything as you want.
Change might be unbelievable
and that trigger immediately this trust.
But yes, once you are in the system,
there's no limits what you can do with it.
Such as? Can you unpack that for us? Like when you say no limits, you're and by the way, can you
vote in America? Are you? I'm a citizen. You're a citizen. So you can vote. Okay. But you're
Finnish, right? If I'm not mistaken. I'm a dual citizen. Right. You're a dual citizen. So when you
say unlimited what you can do with it, how much can you flip it? So at DEFCON, we run a test election, mock election, which was a close race between George
Washington and Benedict Arnold.
And when after everybody had voted, we printed the results, Tark Tangent, the founder of
DEFCON won and he wasn't even on a ballot. Okay. And the people that come to Defcon, are they all from America or all over the world?
All over the world.
What country represents the most to Defcon?
US of course.
And who's number two?
I don't know.
Okay.
How many people show up normally?
About 30,000.
30,000 show up.
And okay, so when you guys in your community talk about what country produces the best
hackers, who has the reputation?
Like you know, in America, like yesterday I'm having lunch at this restaurant in Naples,
Florida, because I'm coming back from a soccer tournament in Sarasota, Florida.
So we go to this restaurant, nice place, we're eating, guy comes up, hey, I love the content,
I love the podcast, can I take a picture?
Yes, where are you from? I'm from Dominican content. I love the podcast. Can I take a picture? Yes.
Where are you from?
I'm from Dominican Republic.
Who's the best player from Dominican Republic because they produce very good baseball players?
Juan Soto.
Great.
When it comes on to hackers, who produces the best hackers generally?
Hackers come from all sides and stages, everywhere in the world.
So there's no place for using best hackers.
Hackers come everywhere from the world, and every background.
And a lot of the hackers used to be in the US,
but right now, they are everywhere.
And who typically are there hackers
that are edgy, that they'll flirt in the gray area, maybe even they'll
go to flirting with crime and doing things as long as you pay them well, they would do
certain things that could break the law?
I think that could be fair to say that, right?
It's fair to say.
And at the same time, we are right now in the first phase of statecraft.
So it's increasing amount of hackers who are not in the crime organizations, but are in
state-sponsored crime, whether it's a financial crime in neighboring countries, whether it's
disrupting their critical infrastructure.
So there are many motivations why people go to the dark side.
And the reason why I'm asking this is because there are a lot of people that would be willing to pay unlimited amounts of money to be able to control the
elections in the U S right. Absolutely. Such as countries like China,
countries like Russia, countries like Iran, a lot of places would write.
Absolutely. So do hackers every once in a while get offered certain amount of money
That's tempting to say no. I
Mean there are a number of marketplaces where hackers are being recruited and there are a number of ways to recruit
so absolutely there's always a different actors and
organizations were trying to hire hackers for a
Things which are crime somewhere else in the world or crime
even in the countries where they're living in.
So absolutely there is a market and there is a recruitment by bad actors and adversaries.
Yeah, I think this is a very, very unique set of skill sets that can determine the leader
of the free world.
That's not a regular skill set.
You can have a sniper.
Okay, good for you for a regular skill set. You can have a sniper. Okay. Good
for you for having that skill set, right? You can have the skill set of doing a lot
of different things. When you're a hacker, hackers typically think very highly of themselves.
And I don't blame them. And I'll say why. Because in hackers' mind, if they wanted to
destroy someone's life, they generally could. Not physically, but they could do it credit-wise,
financially, password, business, many different ways. Would you agree? Absolutely. Okay, so let's
get to this. So for you, I read an article where you once bought a voting machine on eBay and they
were freaking out, right? Is there a story of that? When you bought one? I don't know what I saw the story. It says voting machine ends up on eBay, an official launch urgent probe.
This was a couple of years ago.
And let me read this because this is very interesting on what happens with this one
here.
Let me tell you one thing, Jan, between.
So very notable computer scientists, and especially
Ron Rivest, who is the R in RSA, coined a term called software
independence.
It's a principle how elections should be run,
which means that no software error, malicious act
on software or an honest error, should be undetected
and allow you to change the outcome of the election.
So we already know that we have to make the computers to be never trusted so that we can
always come up with the right result and we can have confidence that the outcome of the
election is right.
Because the hackers will always be able to hack the elections and machines.
The question is, you have to make sure that it doesn't happen without being able to
remediate, detect and remediate the problem. But what is the, okay, but let me go back to what
I was saying here is here's the one where you Michigan officials are not investigating. A hacker
bought a voting machine on eBay, okay? Harry Hersey, cybersecurity expert, bought a Dominion
imagecast ex voting machine for $1,200 on eBay. Michigan officials, unaware
it was missing, are now investigating. Hersey said they really had no idea and this is one of
the biggest dangers to election security. This is you saying that. The eBay seller,
Ian Hutchinson, found the machine on a Michigan Goodwill website for $7.99, eight bucks,
and listed it on eBay, claiming it had been used in the most recent Michigan
elections.
And Michigan is investigating whether the machine was stolen.
Hersey featured in documentaries like Hacking Democracy emphasized that the biggest threat
to election devices is often human incompetence.
He regularly buys machines to test for vulnerabilities, explaining the reason you pop open the machine
is to learn the vulnerabilities to safeguard democracy.
So first of all, when I bought the machine, I didn't know whether it came from Michigan or some other state. How would you know? Well, there was a conflicting data in the advertising. So I
actually personally contacted Michigan and a couple of other states saying, I bought it,
it's right in a FedEx, it's not yet in
my possession, go figure it out what happens.
So I self-reported it because I have bought over the years hundreds of voting machines
and I have made certain that none of those machines are obtained illegally.
So I always had to receipt, I always make sure that I know exactly where the machine
came from and what is the chain of custody of that particular machine?
By the way, some of these machines have been directly coming from the counties which has stopped using them
Even when some other counties are using they are stopping
So some of these are directly from the government local governments
Some of these are from eBay some of those are actually of all the places from Alibaba. So
Out of all the machines you've bought, you bought hundreds,
you said, right? What's the least you've paid for one? What's the most you paid for one?
So the least is zero dollars because government and sometimes these voting machines are so
bulky, especially the high speed scanners. So they just want to get rid of them. So actually
I have once I have once needed to pay because I want to have the receipt. So they couldn't write the
receipt for the machine they're giving for free. So I had to pay them to write the receipt so that
I have evidence that I have legally obtained this. So the lowest number is zero and actually that
$1,200 is the highest. Oh really? Yeah. Okay. Because I really wanted to have it. And as I said,
I immediately reported it. I had a conversation with the law enforcement authorities
until it was clear that everything is fine.
Hari, some kids are interested in baseball cards.
Some kids are interested in video games.
Some want to grow up and become singers, actors,
celebrities, movie stars.
Why the interest with voting machines?
Actually, I had none.
So why did you buy a few hundred of them?
So let me tell the story of why I got into this.
So I had sold again my businesses.
I had retired again, second time.
And I was backpacking around the world.
And I stopped in California.
And a couple of my friends wanted to have a conversation
and talk about the problems in voting machines.
And I told them that what they tell me doesn't make any sense at all.
It cannot be that bad and they must have been misinformed or they have misunderstood.
And they were asking, would I be interested?
I say, absolutely not.
Off to Tahiti.
I'm gone.
Then they tried to condom me for best part of a year.
And I said, no, no, no.
Until then, they relayed my information to Britain.
And then I started getting call from UK.
And I went to UK a couple of times.
They were trying to get me interested.
And I really was like, I don't really, I'm retired.
I don't want to do this.
Eventually, Aion Sancho was the person from Leon County.
He was the guy who convinced me
because after I was there with Hugh Thompson,
and I looked into the possible ways,
then he was the one who told me
that he thinks he has a fixtuary duty to investigate.
And either if I investigate or find him someone for him to
investigate how, what is truth in this vulnerabilities,
because he was responsible for Bush versus core recount on 2000.
So he, so he was telling me, and that's how he convinced
his, when Supreme Court stopped my
recount, I didn't get my answers. I want to know the truth. And that's why he convinced me to start
investigating. And rest is history. I really didn't have any desire. Actually, I was actively
saying no for, I think, a year and a half. Got it. And then when was the tipping point for you
where you were obsessed? I don't think I'm still obsessed you have a few hundred voting
machines you don't think that's obsessed no no where do you put these voting
machines in they are in multiple storage is around the US some are in
Washington DC some are in Nevada near Las Vegas I mean the reason is that we
also do demonstrations so I'm with the
election integrity foundation, which is nonprofit. It's a nonprofit, which is grassroot. All the money
comes from donations from common normal people. And it's all funded up. One thing what we do is
we go very often to Capitol Hill to show that the legislators, what are the vulnerabilities and try to raise the awareness
what is true and what is not. So how we make this more secure. So that's why there's not a single
place where the voting machines live. They live in multiple locations. Got it. Okay. So while you're
going through these voting machines that you own and you're personally hacking, do you in your mind,
do you measure it in a way of
let me see how long it'll take me to hack into this one. This one took me 38
seconds. Let me see how long it took me to hack in this one. Wow, this one took me
two and a half hours. Is that how you measure? Okay, how do you measure it?
I don't, I actually after the fact I looked at vulnerability and I'm thinking
how hard it is to mitigate, how hard it is to stop this to happen,
and how easy it is to stop this
ever happening in real life.
That's how I measure it.
It's not like how quickly you find the first vulnerability,
because also very often when you find the first vulnerability,
it's not the bad vulnerability.
It takes time to figure out what really is the big flaw,
if you may.
So that's why it's never a process of,
Hersey Hack 2, I have to tell the story behind it.
That was the hack and the study was done in the courthouse.
Was that Hack 2?
The Hersey Hack number two.
Oh, okay.
Yeah, yeah.
So that was done in a courtroom
and there was a courtroom with the sealed off.
I was looking at the voting machines
and I had been promised access,
I think it was three days,
but they didn't say three consecutive days.
So I already found a lot of stuff in the first two days
and then I decided I need to take a break.
So I left, that was done in Utah.
So I flew from there to Oregon, had beers,
and all of a sudden I was like, wait a minute,
it was slower.
And I did the crazy stuff like sniffing,
like smelling the voting machine, all of that.
And all of a sudden I realized it was slower
and it smelled, so it heated up.
And that's when I came to discover,
which then later became the Hearst hack 2.
It was not any of the first ones.
It was the last one, which was the really bad vulnerability.
So do you think the Al Gore President Bush election was accurately counted at the time?
So first of all, we have been investigating so many of allegations and not a single time we have been seeing outcome
determining flaw or miscalculation or anything. So I cannot make a determination one way or another
about Bush versus Gore because I was not investigating that. A lot of good people
were investigating that and they make their determinations. What does Ian think? Ian Sancho?
Ian Sancho was doing the recount but I was not involved in Bush versus Gore election. He was
doing the recount. Got it. And where is he at? Does he think that it was Gore who won? I don't have
ever asked that and I don't, I really don't want to go into place saying, speculating, I looked at
evidence and data and every single time, that's what I'm also saying for 2016 and 2020,
every single time there's a credible allocation
and there's access.
There's me and a lot of other experts
who are dying to go there and figure it out what happened.
And when I was doing, so New Hampshire didn't have a law
allowing forensic audit, so New Hampshire didn't have a law allowing forensic audit.
So I helped in that.
We did a forensic audit in Rockham.
So it's a Windham County, Rockham District 7.
That was summer 2021.
And it was misreported in the news.
So let me tell what it was.
There was a down in a ballot race, eight candidates vote for four.
The four Republicans won, and the one of the Democrats was so close that she asked for
recount.
In New Hampshire, when recount is requested, it's always granted, and they do it amazingly.
It's a public event.
Everybody can see the recount.
Everybody from the audience can ask if there's something
they can stop, they can, they do the best, it's one of the best things in the whole US.
So when they did the recount, and in New Hampshire when you do recount, everybody gets more votes
because voters are not following the instructions, so there's always assumption everybody gets
more votes.
So in the recount, the four Republicans got
about 300 votes more. Three of the Democrats got about 30, 40 votes more. And the woman
who asked for recount lost 99 votes. So first of all, having 300 votes more is the biggest
numerical difference there has been. Losing votes is basically impossible in the sense of 99 votes. So it
was obvious something is wrong. New Hampshire did the right thing. They wanted to find out
what it is. So the special law was passed where they were saying there will be an audit,
it will not change the outcome, but let's try to figure out what went wrong. When I
was appointed by a Democratic Secretary of State and jointly with the Republican Attorney
General as one of the three investigators, my first saying was, we might never know,
but we have to take a look and try to figure it out.
So eventually, out of this whole thing, we found out what happened, and it was a paper
folding machine.
So the paper had a crease so that when a human is bending it,
it always bends in safe zone.
Also, the secretaries had did the right thing.
They had tested if folding it through a vote target
would cause a phantom vote,
and they determined no, it won't do it.
So what happened was the election office was
behind in sending the mail-in ballots. Somebody had remembered, oh, in DMV there's a paper
folding machine. So they brought the paper folding machine. They didn't adjust it, so
it folded the paper in the wrong spot. It also was slightly broken so that it didn't
fold the paper completely horizontally. It was slightly diagonal. So as a
consequence, they folded it through the Democrat candidates vote target. Now, the Secretary of
State has tested foldings, but they didn't realize one part, which is whether you fold it up or down
makes the difference. So they didn't have a documentation, but the assumptions right now,
they only folded it the way which doesn't affect and the other way does. So they didn't have a documentation, but the assumptions right now, they only folded it
the way which doesn't affect and the other way does. So this way, and because the voting,
the folding machine was broken, it folded through the target without damaging the timing marks,
because otherwise the voting machine would have been rejecting it. So eventually we figured out,
this is the reason. It's a 14% of the ballots which were used by the folding machine caused this fandom
vote.
And when the fandom vote was somebody voted straight party line Republican and the folding
created the fandom vote, it created overvotes.
So it tossed the votes for the Republicans.
If again you didn't vote for her and you didn't have already four votes, it created overvotes, so it tossed the votes for the Republicans. If, again, you didn't vote for her and you didn't have already four votes,
it created a phantom vote. So the same folding created both anomalies.
And then there was an additional part, which was that one of the voting machines,
which was not used normally, hadn't been cleaned probably forever.
And in the printing process, there is a dust, which is used for making the ink dry, so they
don't stick.
There was a buildup of that dust inside the voting machine.
But that didn't create the problem.
It just amplified the problem.
So anyway, we eventually found out what happened.
And for the good measure, we also audited by the law, the governor's race and the senator
race.
And we also recounted all of that.
So we found out that actually only that one target, which was that Democrat
candidate's target, that was the only one where there was a significant anomaly.
So even in that case, it didn't change the outcome. No matter what happened, all
those four same Republicans were going to get elected. But we investigate and
found out now why the machine was miscounting those votes.
And it was not malicious.
It was just a conspiracy of coincidences.
So many things needed to go wrong to create that anomaly.
Got it.
Okay.
So let's go back to the machines.
Was there any one of the machines that you bought that was the toughest one to break
into?
They are all unfortunately simple.
And it's a question of just finding what is the vulnerability.
We in a voting village, we have been inviting every year the voting system vendors to bring
the newest voting machines because always the claim is, oh, you didn't have it in the newest one.
So we have been inviting them to come with the newest machines
and let's put them to.
So voting village is not a formal test.
You want to just show it to us to see how this works?
This one, we can do it in a moment.
Let me answer this question.
So we have been inviting the newest machines.
And they haven't brought it.
At the same time, a lot of the newest machines, when you look at the
certificates and documents, have the same features as the previous generations,
the previous generation of software hardware.
So while we have the older machine, we already know that the same vulnerability,
if it's a certain vulnerability, is in the newest machines.
Doesn't that make you question why they don't listen to you guys to improve,
if you guys have easily hacked into all of them.
Why wouldn't they, while they're designing it, bring it to hackers and say, here, try
to break into it?
Why don't they do that?
So some of the companies claim that they do it in private.
The number one principle is independent research, which means that it's done by researchers
who are not paid by the vendor themselves,
who are independently doing the study. We have had independent research. Basically, the Everest
study for the Secretary of State of Ohio was one where she commissioned a university and I was part
of the university's team to hack independent research in number one. And it also creates a little bit of public pressure to get things fixed.
When you read my comment, one part of the comment is that, for example, one system,
still today, the newest version, uses a bootloader from 2004, kernel from 2007.
So even when the software version is brand new, it uses components which are old and
tired and should have been changed a long time ago. And personally, self-regulation, I don't think
works. We need a regulation. We need a standards which are requiring the voting system vendors to
improve. And that's, I don't have a silver bullet. I don't know how to get this done.
Only thing what we can do is try to raise awareness what is the problem and that problem needs to be fixed.
I have so many questions though. I mean, the average, it doesn't take a genius on the other side to say,
if they really want to fix this, fix it. They can fix it if they really want to.
But you're saying every machine has the same vulnerabilities of how to get into it. They can fix it if they really want to, but you're saying every machine has the same
vulnerabilities of how to get into it. So it doesn't look like they're making any kind of progress.
So back in 2005 when I published Herstihack, what happened in Sequential was the voting system
vendor, which is no longer in business with that name, Diebold, they basically told that this was a magic show and it's not true.
Secretary of State of California, Debra Bowen at the time, no it was not Debra Bowen,
it was before Debra Bowen, ordered a study where a University of California, Berkeley,
conducted a study to verify if my findings were right or wrong.
Not only they verified my findings right, but they found, I think it was over a dozen new vulnerabilities, additional vulnerabilities.
At that time, me and everybody else thought, okay, job is done, it will get fixed. We thought
we have now done our job, we have shown there's vulnerability, it will get fixed. That same
software version is still in use today. The same thing what I showed
Vulnable, it's thank God it's getting phased out, but it's still, it never actually was...
That's what makes you realize they don't want to fix it. Well, I don't know why don't you as a very
smart guy, much smarter than me, you're a technical guy, you have to sit there a part of you realize
they just don't want to fix
it.
If they did want to fix it, think about it this way.
How much has the phone advanced from this to Nokia 5960, 5690 from 20 years ago?
A lot.
There's a smartphone now, right?
If you go to how much safer is, you know, when you're going in and the camera on TSA,
what they're doing versus 30 years ago, a lot safer.
How much, there's so many things that we've made so much progress, yet the one that chooses
our policies, how much we pay in taxes, our protection, the president, they're moving
slow on it?
You think that's accidental?
Well, I mean, there's another aspect on this.
When 2000 happened, and it was very embarrassing.
America did what America does, which is to throw $3 billion into the problem.
So that created a Help America Vote Act, HAVA Act of 2002.
So it created a lot of money to buy a modernized US election infrastructure.
Now that money was handed out without establishing security standards. That means that the counties went to buy whatever is available and there was no security standards
attached.
And again, they bought technology which was old 2002.
So it created the problem we are dealing with right now.
Now there has been no subsequent poll of money of that size,
enabling another leapfrog to the next step. And also, there is still today no mandatory
security standards. The certification voting machine is called Volunteer Voting System
Guidelines. The number one name is, word is, volunteer. So today, we have a VVSG 1.0, 1.1, 2.0, 3.0, but basically all voting
machines are still certified against the 2005 1.0 because there is no mandatory requirement to use
the new US guidelines on US standards.
So what we really need is the standards to be set out.
We have NIST, National Institute of Standards and Technology.
They are amazing writing standards.
So US government has the people who can write the standard, but there has to be a
political will to create those standards to be mandatory and enforced.
And today, even today's best standards are not, in my opinion, good enough.
But the whole thing starts from regulation and laws.
So this is not a technological problem.
This is a regulation and legal problem.
This is not a technological problem. This is a regulation and a legal problem. This is not a technological problem.
This is a regulation and a legal problem.
Well, let me ask you this question.
This is the part where there may be another disconnect.
Have you ever voted in America?
Of course.
Okay, so that means you have a political leaning, right?
So we all do, okay?
The moment it gets to the political leaning, the only way this could work is if
it's people who are involved in this that are representatives to audit it, 10 people
who are Democrats, 10 who are Republicans, and put, you know, five that are independents and libertarians
to audit the whole, there needs to be auditors of the auditors of the auditors or else I
don't trust you.
You're a hacker because even, and what I mean, I don't mean that I don't trust you as a hacker,
right?
You know, you vote a certain way you do, you may, you know, Ian Sanchi, he's not a Bush guy, he's a Gore guy,
so he's a Democrat, right? Now, he may not be happy about the fact that some Trumps in 2020 said
there was election interference and election fraud. He may say, no, no, no, 2020 was a clean election,
right? And 2000 and Bush aside, maybe Bush people will say, no, no, no, it was clean.
Bush won Florida.
We understand.
It was so close, right?
That's the area where people on both sides don't trust.
But if there's one area that I'm convinced, when somebody doesn't want to address fixing
something too quickly, it's because it's working for them.
You made an amazingly good point without knowing. Let me tell you. want to address fixing something too quickly is because it's working for them.
You make an amazingly good point without knowing.
Let me tell you, we are filming this in Florida.
So in Florida, I and Shantso was in an office which was a non-partisan office.
And in Florida, the counties, some of the counties had a partisan office as election
supervisor and some of the counties had that as a non-partisan office.
Recently Florida changed that all election supervisors are partisan offices.
Does it make sense to you?
This is a recent change.
So actually, I understand...
What do you mean?
Recently Florida just changed everything for it to be partisan offices.
Election supervisors.
Election supervisor for Republicans,
election supervisor for Democrats.
So previously it was nonpartisan office.
So there was no, so the counties could choose
whether it's a partisan office or nonpartisan.
Well, what is a nonpartisan office?
It means that you don't have a primary
of Republican, Democrat running and it's not a-
I don't trust that.
Well, the point here is that even then, if you have an independent office, if the office
is independent from partisan, so it's a non-partisan office, it's, in my opinion, better than having
that as a partisan office.
No, I don't trust that.
Here's what I trust.
Let me tell you what I trust.
You know who's winning right now with you and I going back and forth?
Guess who's winning right now.
I would say that if this is, hopefully this is not discouraging people from voting because
I think that's very important, but every single thing what is distrust and creates confusion,
it's all the adversaries of the United States.
You know who's winning right now? The audience that gets to watch
and say, I'm with him or I'm with him, but you know what the chances are the audience is watching
and what are they saying a
Part are gonna agree with you
Disagree with me a part are gonna agree with me disagree with you
Mm-hmm, and that's how it needs to be to me
It doesn't need to be partisan or nonpartisan to me
It needs to be five representative that are Democrats five representative that are Republicans in a state,
and put three in the middle.
That's how it needs to be to hold each other accountable.
It's like Billy Graham once said, back in the days pastors used to go on trips and these
preachers would go up there and they would preach.
Well, women love pastors from stage that are great speakers.
When pastors would go by themselves, a lot of ladies would come back to the hotel room
and they would get caught.
Then some pastor said, well, let's share rooms with one other person.
Well, when you share rooms with one other person, one pastor could convince the other
pastor to do something stupid.
Billy Graham realized one thing.
Whenever he would travel to go give speeches, guess what he would do?
He would share rooms with three people.
Because when it comes down to three, one person's going to say, no, no, we're not doing that.
No, no, we're not doing that. No, no, we're not doing that.
I am not comfortable just putting one Democrat in a room and one Republican in the room and
let's trust they're going to do the right thing.
Absolutely not.
Five, five, three for each state, depending on what the size of the state's influence
is.
To do some bigger needs to be more, some less.
There needs to be the fight and everyone needs to watch.
It can't be like, no, no, you can't see what I'm doing.
No, no, you can't see this.
No, there needs to be that protection from both sides if somebody's playing games.
That's why we don't trust in America right, not the elections.
And by the way, for full count, and maybe I'm wrong with this one and the audience is
going to say, no, Pat, you're wrong about this.
You didn't help me trust voting even more. You're not
helping me trust it more. You just validated millions of people's concerns.
Well actually what I'm saying here is what we need is transparency. We don't
have it though. Well we do actually. How do we have that? So I spent over six
months in Georgia in 2020 election starting from the all of the special
elections primaries and after, all of the special elections, primaries, and
after the presidential election, the special election of the Senate seats, there is amazing
amount of transparency if you are willing to do it, if you're willing to be an observer,
if you're willing to go and watch and you can see how it's done and you can see if there's
something going wrong.
What I really hated in Georgia was, for example, claims after the election saying,
oh, this one happened after everybody was thrown out.
I actually took pictures also from the other, about the other observers.
And I can show you the pictures saying, oh, the observers were still in the room.
Nobody was leaving. This claim that there's no transparency is partly misinformation.
So again, I strongly encourage people to be watching over this and participate in the process,
either as a poll worker, but also as an observer, independent observer, or your political party's observer. And what we really need is more transparency.
Because again, never trust, always verify.
And it's not only that you verify, but you also watch how the process is done.
Never trust, always verify.
Trust me.
Most people are where you are and what you said at the beginning.
And then you said later on, because you know how powerful that is, a democracy we have to trust, no one trusts right now. It's
the lowest trust in the history of America and the US government and the mainstream media,
because we don't trust these machines. Okay, if you don't mind, would you mind taking a moment
here and sharing with us, maybe tell us a little bit about the machine. And then from there,
if you can show us how you hack into this thing would be great. Absolutely. So this machine is WinVote and the reason I'm using this particular
machine it's no longer in use in the United States. So this way no claim can be made that what we are
doing here is helping somebody to realize how voting machines can be hacked. Let's wait for it.
So what year is this?
Does this have like a model to it or no?
Is this like a 1986 CRX?
Like is there names to it or no?
This is a win-vote machine.
And for the reasons that we don't want to put a logo, this voting system technology company
name is just a fake name because I have been using this particular machine in filming a number
of training videos, some of those for the government, just to show vulnerabilities like
USB vulnerability, which we are going to be using.
This machine actually have many vulnerabilities and at time when this was still in use, this
was called the worst voting machine used in the United States.
The worst voting machine used in the United States. The worst voting machine used in the United States.
And where was this used, Harry?
That was used in Maryland.
It was in Virginia.
I don't have the complete list what all places it was used,
but it was fairly widely used.
When this is used, this box here is closed and locked.
And that's why we are not going to be needing this
to be open or closed.
It's just open because we have a power button.
So what we are going to be exploiting here is a USB vulnerability.
The USB vulnerability is amazingly good to identify because it's easy to mitigate.
You just stopped access to the USB port.
I have blocked here a extension cable,
such that we can see that the actual USB port is behind there,
and it's accessible by the voter.
I'm using here a commercially available
USB computer called Bash Bunny.
It can be many other devices. This is such an example. This particular device is $120.
You can buy it from online.
And I have pre-programmed and if this would be a real attack, the attack will take six, seven seconds.
I have slowed it down and made it visible so that the audience can see what is happening.
So when I'm plugging it in, this is the Schrodinger's USB stick is always the wrong way.
So the computer starts, and once it's started, it's doing its magic.
The moment you see that the
screen is changing that is when the hack would have been already done and I would
be unplugging it. But I'm just showing this number of things so now it would
have been done. It's showing you the program manager, it's showing you now the
comment prompt and this is where all the votes live. So I'm just showing that the
directory where all the votes would be.
At this point of time, this stick has already complete control over the system.
So at this time, anything can be done, anything can be changed.
And that's the last thing I'm just showing the fake results, just to show that can be
done.
It's just to show that how the system is controlled.
So this is a good example of a hack, and I say it,
only reason why anything is seen on the screen and why it's this slow is because I artificially
slowed it down and made it visible so that the audience can see that there's a control over the voting machine.
This particular machine has many other vulnerabilities way worse than this one.
So that's why it's very good that this machine is no longer in use in the US.
And this is also showing how demonstrating vulnerabilities
work, because that causes changes.
And for example, removal of this machine
from being used in the US.
So now, what is it doing right now, Harri?
Nothing.
It's already, the whole hack was done.
But if this would have been an election,
I could have gone to the database and, for example, change the votes. That's one possibility.
How much of it could you have changed?
Anything.
You could have gone from 51 to 73.
Add a new candidate who was not even on the ballot. It doesn't matter. Because if you
have total control over the system, you can do anything you want. As I say, one example
was that we add a new candidate
and make that candidate to win.
It would be obvious if that.
The president of DEF CON is the one who won,
George Washington, that's the one you're saying.
Yeah.
I got what you're saying.
So is this like to the average hacker,
is this machine a joke on how easy it is?
It is a joke.
And how many years ago was it used?
I think this was last time used in 2012.
God. 12 years ago.
And also, just an example, that when this was brought first time to DEFCON,
we had a professor from Denmark, and in less than half an hour,
he hacked into this machine wirelessly.
He didn't even touch the machine. He took he hacked into this machine wirelessly. He didn't even touch the machine.
He took complete control over this machine wirelessly, because this voting machine happens
to have wireless Wi-Fi access.
So, okay.
So is it fair for one to speculate and question that any of the electronic voting machines we've used previously, possibility
that could have been hacked, possibility that the winners were flipped because somebody
got into it.
So again, the fundamental problem with this voting machine is it doesn't have a paper
ballot. So if somebody hacked this kind of machine and would have manipulated it,
there is no evidence. That's why we need paper ballots and especially we need hand-marked paper
ballots because if the results are called in the question, now you can go and hand count those
ballots and verify that the outcome of the election is right. But in these older type of
machines called DRIs, Dire of Recording Election
Machines, this is if somebody gets into and changes the outcome, the game is over.
So that means anything previously used 2012, if somebody did get into it, one may be sitting
here saying 99% of all the people that have won pre-2012, maybe somebody had their hands
on it. Well, I don't believe in... So first of all, I would say that if you think about elections as the attackers point of view,
US elections use many type of machines.
And I think the number in 2016 was 52 different types of voting machines were used.
The money is on the local elections.
It's not in the top of the ballot.
It's in the proposal, a few billion dollars for Chris.
The question is, that's where the motivation is.
Hi, my name is Harry Hirste.
I'm a lifelong hacker and security researcher.
An engineer with a heart which thinks that impossible is just a state of mind.
Connect with me in Minn-Eggt. I'm here to explain anything you
might wonder about election security, critical infrastructure security, cyberspace, cyber
warfare, information space, information warfare and connecting warfare. So please ask me questions.
Hope to see you there in Minn-Eggt.
The person who gets to come up with policies
that's going to protect this country,
which the rest of the world relies on what America does,
is in the hands of someone that can tamper with it.
So, interesting point is that a lot of the voting machines used in the US
actually don't have a US technology.
They are not made in US technology. Number
two machine, for example, is programmed in Serbia. That's where the software comes from.
That's where everybody who is controlling that...
Which one is that? The Serbia one? What's the model called?
That's the new Dominion machines.
Do you trust those?
As I said, never trust, always verify.
Have you messed with those yet or you haven't, you don't have access to them?
I have one of those machines in the voting village.
How new is it?
It's how recent?
I mean, again, the question is, because we are hardware-ruling a village, we look, it
doesn't matter.
And every single time when somebody says, well, you didn't have a newest machine, well,
then please submit to independent research the newest machine and let's
see what happens. Because again, how secure a company is is not how easily it's hacked,
it's what you do after it has been hacked. Because every single problem can be fixed or mitigated.
The first step is to identify the problem so it can be mitigated.
And as I said, the software independence as a principle means you go to the hand-marked
paper ballots, which means that no matter what happens in the voting machines, you can
always get the outcome verified.
Rob, can you do me a favor and pull up what we did exercise earlier?
So here's what we did earlier, just to test it on. And credit goes to Brandon with this.
Shout out to Brandon.
That's a great job.
Okay, so we first took the different tabulations methods
used in 2020, okay?
And Rob, if you wanna say this,
and then we compared it to 2024 to see what's changed, right?
Correct, according to Ballotpedia.
According to Ballotpedia, and then we fed it to Chad GBT
and what did Chad GBT tell us? It gave us a list of I believe it was 13, 16 states that have changed
the way that they count or tabulate the votes for the 2024 election as opposed to 2020. So 2020 went
from Alaska went from hand count and optical scan in 2020 to the DRE with VVPAT now using hand count,
optical scan and DRE. Arizona optical scan including DREs and VVPAT, they went to that and
now only using hand marked paper ballots and BMDs. Delaware optical scan to BMD tabulator. Hawaii optical scan and DRE to now they removed optical scan only no more DRE.
Idaho hand count optical scan and DRE to now hand count and optical scan only removed DRE.
Kansas you see it they removed hand count and DRE.
Kentucky they are using BMDs only in 2024.
Mississippi they reduced the DREs., they reduced the DREs.
Missouri, they reduced the DREs.
Montana, no major change, about the same.
Nevada, no major change, but emphasis on mail ballots.
New Hampshire, no major change.
And in New Jersey, they went from optical scan to BMD tabulator, optical scan DRE accessible
interference, expanded use system,
system use, and there's a couple more, three more left at the bottom.
Ohio went from optical scan DRE to BMD tabulator, optical scan DRE, and Oklahoma, they added
direct recording assistive interference.
West Virginia, hand count, optical scan DRE, and now BMD tabulator and optical scan.
When you see this, and at the bottom just to explain what the different things are,
additional BMD tabulator systems in states like Delaware, Kansas and West Virginia, reduction
of the DREUs, Ohio, Idaho, Mississippi, Missouri, shifting voting system and so on.
When you hear this, are you telling yourself, okay good, they're making progress or no,
they're still doing the same thing?
So first of all, this is DRE.
And DRE is the most insecure way of voting.
So most what? Most insecure the most insecure way of voting. So most what most
insecure, most insecure way of voting. So that's why every reduction of the area is a move to the
right direction. My joke was that 2020 election was secured by COVID because when in person voting
went down, it means that less the areass were used, because DRE is the
most insecure way.
So you're saying 2020 election was the most accurate one according to your assessment?
So I'm not agreeing with what Chris was saying when he was running a CISA, that this was
most insecure, most secure election.
I say it's most recent, it's more secure secure recent elections. Because we don't know how secure
elections were 50s and 60s and 70s. There's no way of making that measurement. But since Hava,
that 2020 was more secure election because all of the problems had been flagged, not all of the
problems, but the problems have been flagged. And that's why more eyeballs were looking into the election. More scrutinizing was put in place. And that is always good, as I said, transparency is
very important and people wanting to scrutinize the election is the good thing. So when I look,
this whole thing is, I like the fact that DRE is going away because that's a move the right
direction. I'm disagreeing that using a ballot marking
device is a good move, because ballot marking devices is putting another computer between
voter and voters vote. There's a recent study by University of Michigan where voters were
presented a voting machine. They were told that they're testing a new method of voting. And that was ballot marking device.
And the voters were encouraged and advised to study the ballot.
What the voters didn't know is that the machine will cheat every single time.
Every ballot printed by the machine was wrong.
Really?
And at the same time, only a tiny fraction of the voters actually caught it because we
humans are very bad in verifying our choices.
This was a study where people were told to verify the ballot.
So again, I'm against ballot marking devices.
I'm advocate for hand-marked paper ballots.
And I'm advocating at the same time to use,
if a jurisdiction is large,
use a ballot optical scans to do the scanning,
because when it works, it's accurate,
but you cannot trust it.
You always have to use risk limiting audit
or complete recount if you want
to verify that the machine got right,
because the human error rate is too high.
And again, you have to think about the way elections are carried out.
Rob, check it from, go ahead.
The average age of poll workers, the joke is average age of poll workers goes up one every year.
So the poll, there's always a shortage of poll workers. The whole idea with some activists are promoting,
well, let's make smaller precincts and let's bring another set of people
to do a hand count after the election night.
It doesn't work because you don't have the manpower.
You don't have the people who are willing to do it.
And if you use same people who have been up 14 hours
before you start counting. You have even increased
a you have the pressure, you have the tiredness, all of that. So hand mark paper ballots, optical
scan and then mandatory risk limiting audit. Every race, every ballot, every race, every
time you are doing a mandatory check that the outcome of the election is right.
And let me underline one thing. Risk limiting audit is...
Risk limiting audit starts from an assumption that the result is wrong.
It never... It's misrepresented saying it verifies the result.
No, it starts from the assumption the result is wrong.
And then risk limiting audit is proving that the outcome is correct.
So it starts by thinking it's wrong
and then it's proving it's right,
or it proves that you have to go and recount everything
because it doesn't match.
What kind of machines are used in Wisconsin, do you know?
I don't know on top of my head.
And remember one thing, there are two kinds of states.
There are states where every whole state uses the same machine.
Most states don't have that.
So you have multiple different kind of machines used across the state.
Like Georgia is special in the sense that the whole Georgia is voting with the same
machines.
Most US is, every county is different.
So next county over might have a completely different machine than your county.
Oh my God.
Do you think that's a good idea?
There is a strong belief in US that elections are state rights.
So every state has a right to do the elections whatever way they want.
I believe that.
So that is, then you have two different kinds.
My question isn't that.
My question is that they use different ways to calculate in a same state by different counties.
I understand if it's state, but is it better to use one way of counting votes in an entire state?
Well, if you think about different size of jurisdictions, like in New
Hampshire. New Hampshire has 120 plus voting jurisdictions who don't need voting machines
because they are so small. So it would be not good to force them to use voting machines just
because the large jurisdictions need to have a voting machine. So what I'm saying is that we need to federally set
basic standards, what all voting machines have to meet. And after that, it doesn't matter if the
next county over in the same state use different machine, but we need to have a unified set of rules.
What are the minimum requirements for voting machines to be accepted to be used in the United States?
Yeah, I just, you know, when you're counting, you know, it's kind of like a crude versus cash basis.
When a company is selling and you're calculating your EBITDA, if you, the way you calculate valuations cash basis, such as say somebody else does accrued,
those are two different philosophical ways of calculating something, right?
That's why I don't know if it's a good idea to have different methods of counting votes
in the same state.
I understand you want to do DREs, you want to do BMDs, you want to do paper ballots,
but it's the entire state paper ballots, the entire state DRE, the entire state BMDs, you want to do paper ballots, but it's the entire state paper ballots,
the entire state DRE, the entire state BMD, that gives a little bit more credibility than
diversifying it too much.
I think every state and every county in the US should be paper ballots.
I don't think the DRE should be accepted.
I mean, that's fundamentally the most insecure. We have been using mail-in ballots during Vietnam War, Korean War, World War II, World War I, the Revolutionary War.
We know how mail-in ballots work. And in mail-in ballots, you get the paper ballot. You have problems like voter cohesion, for example,
somebody can be forced, and that's usually happening whole circles next to you.
All of those technologies are way better
because you have a paper ballot which you can go back.
Instead of the area where you don't have,
you have just electronic records.
The same reason is internet voting,
we don't have a technology to do internet voting today.
We just fundamentally don't have a way to do it.
And people who are promoting internet voting use false analogies.
For example, claiming that since we can do online banking,
why can't we vote on internet?
So first of all, election is a unique security problem in the world
because of two requirements, secret ballot and auditability.
Secret ballot means that even if the voter wants to reveal how he or she voted,
shouldn't be able to.
Because if you can be proving how you vote, it enables vote buying,
vote selling and vote cohesion, election cohesion, voter cohesion.
So that's the one thing.
So if we wouldn't have secret ballot, we will have all of these problems coming back.
And then we need to have the auditability.
Of course, additional aspect is now public trust.
And there are promising ways of thinking internet voting, for example, homomorphic encryption.
But would you believe if I say that this machine is using the homomorphic encryption correctly,
I don't think it's a good idea to use technology, which is very small handful of people can even verify that it honestly works right. We need public trust. A paper ballot, hand-marked paper ballot, is the only way we can bring public trust. Also, people who are promoting internet voting
are claiming that it will activate young voters. Estonia is one of the democracies which have
been using internet voting longest, and they published the age brackets. And when you go
to Estonia, you see that the young voters are actually going down as a percentage.
And the people over 55 is the crowing people of internet voting. So the analogy used and the claim used,
we need internet voting and mobile phone voting in order to get the younger people...
That's a valid argument. That's a valid argument.
But the evidence doesn's a valid argument. That's a valid argument. But the
evidence doesn't support the argument. I get what you're saying. What do you think about
blockchain? A lot of these guys are talking about what if we decide to go to blockchain
for voting. A lot of hackers are fans of blockchain technology, right? Actually, hackers are not.
Hackers are not? No. So let me ask you. Let me ask you a question. How do you think, what
do hackers think about Bitcoin and cryptocurrency?
So let me go back to the blockchain.
Blockchain is a solution looking for a problem it can solve.
And it really haven't found a problem it can solve.
Blockchain is fundamentally energy efficient, inefficient, slow distributed database system, depending what is your consensus algorithm,
how you put it. Blockchain, if you look 10 problems in elections, blockchain can be
partial solution to one or two of those 10, but blockchain would create then 10 more problems.
So you will be always net negative. Blockchain has no role in the vote counting part
of the elections at all. It just doesn't. And even if you look for other parts like voter registration,
then the question becomes a consensus algorithm, all the other technologies.
Furthermore, blockchain voting systems have been proposed. For example, Duma of Moscow. Yeah. And it got
immediately hacked. If you look at the US proposals, votes, it got hacked and got demonstrated. So the
whole idea that blockchain is somehow harder to be hacked, not true. Can you hack into blockchain?
I mean, depends which blockchain, but just before COVID, I was hired to validate three
different blockchain systems overseas in Europe, and I hacked all three of them.
It's just a question of what is the vulnerability.
So, okay, so then just answer the second question if you could.
Hackers, are they fans of Bitcoin, Ethereum, so, okay. So then this answer to second question, if you could. Hackers, are they fans of Bitcoin,
Ethereum, cryptocurrency?
Are they fans of it or no?
If you look how many hacker conference
have always presentation, what are the vulnerabilities
and how Bitcoin, for example,
has a fundamental problems of blockchain.
Individually, yes, there's probably one hacker
is here than there who are fan of that.
But generally speaking, blockchain is not really a favorite thing for hackers.
Interesting.
Interesting.
Hackers are not fans of blockchain.
Because I'm looking at this year's Cyber Defense Magazine says, why do hackers love cryptocurrency?
I've had another guy that was a hacker who was a very big fan of blockchain and cryptocurrency,
but you're not.
I really have to say that if I think my community of hackers and security researchers, if I
have one out of 10 who are fans of blockchain, that's about it.
One out of 10.
One out of 10. One out of 10. Because if you look how blockchain works, first of all, most of the people
who claim to be blockchain experts don't even understand how blockchain works. And you can
always test it by starting asking questions, for example, how the consensus algorithm works,
how you, what is the anchor of trust, how you measure all of that? And you realize whether the person actually understands how blockchain works or not.
So, yeah, I mean, there are people who call themselves hackers.
And I would say also that over the years this has changed.
When blockchain was a brand new technology,
it was a way different acceptance level than it's now.
Okay, Rob, can I read this here?
I think you have the same article.
Can you go all the way to the top what it says?
It doesn't have a title for some reason.
It's not loading, but it is the same article.
But in here it says, why do hackers love cryptocurrency cyber criminals
and hackers love cryptocurrency because it's off the books and it's perfect
for me.
I understand it's a cyber criminals.
Yes, you are using here.
You are using your hackers as a synonym of my criminal. Totally get it. That's, I understand, it's at cyber criminals. Yes, you are using here hackers as a syndrome of a criminal.
I totally get it, that's why I stopped it.
It's perfect for moving illegal payments and demanding ransom.
Ransomware is a type of malicious software designed to block access to computer system and data,
typically by encrypting it using ransomware.
Attacker usually demands payment.
Okay, so this is criminal activity, we're not talking the same thing.
Actually, let me, this is actually very good conversation
because when you look the history of ransomware,
ransomware was dying.
It was going away.
In a lot of my presentation, I have the first ransomware
because the first ransomware ever asked checks to be mailed
to PO box in Panama.
Right.
That was how the ransom was supposed to be mailed to PO Box in Panama. Right. That was how the ransom was supposed to be paid.
Very slow.
And what made ransomware to bloom and the whole criminal ecosystem around ransomware
was cryptocurrencies.
That was the rocket fuel.
So absolutely, if you are using hacker as a synonym, the criminals. Yes, then they love it. But when I'm using
hacker, I'm using hacker as the original term, people who are curious, who are tinkerers,
who are researchers, and they are not criminals.
What do you think about Elon Musk?
I don't have personal opinion. I have only met the guy once.
Was it at a conference or?
That was when he was not that famous yet.
Really? How long ago was that?
Over 10 years ago.
You met him?
Yeah, that was a conference in California.
That was right at the time when he was starting with the Tesla Roaster.
You think he's a net positive to society with what he's doing and what he's questioning?
I'm not taking that position one way or another.
Are most hackers similar to you?
There was an amazing study, a PhD study in psychology by a guy who was working for Pentagon a long time. And he made an assumption when he started PhD study,
he had a hypothesis, there's this thing called cameleon hacker.
So there's a special breed, an archetype of cameleon hacker.
Chameleon hacker?
Yes.
Okay.
So he was defining that as a hacker who had a credibility
with enterprises and government and criminals at the same time.
So he was searching for an archetype of chameleon hacker.
What he came up with-
Is this Mark Mifred?
No.
The Rhino Nine?
Or no, you're not?
No, no, no.
Okay.
So what he found out that there's no one archetype, there's actually two different
archetypes who are archiving that. So hackers come with all, as I said, all backgrounds, shapes and sizes.
So there is a, it's a, it's a wrong assumption to say that there would be, this is all hackers are
same. No, we are not. We are, we are very different. we come from different backgrounds.
And again, originally hackers were basically non-political.
I mean, it was curiosity and tinkering.
Then media started mixing hackers to be a criminal,
and the word of hacker became meaning something else than it originally was.
I'm always using myself, proudly I'm a hacker,
because I use the original engineer curiosity, studying and try to make the world better place. And
when you go to old school hacker conferences, there is a strong moral compass and strong
intention to make the world a better place for all.
I think you guys are necessary because you can break into things that,
okay, so you know Ryan Montgomery? I don't. Okay, we had Ryan Montgomery on and he's another hacker and he calls himself the ethical hacker, right? One of the things he was investigating is human
trafficking, okay? Because with the ability to be able to hack systems,
messaging, you can see if somebody's trying to, you know, go and, you know, link
up with a 12 year old, 14 year old, 15 year old, and he was catching a lot of
people, is what he was doing, right?
And it was consistent.
And he's done that for a while.
If you have access to be able to get the kind of information that you wanted to get, if
the US government wanted to hire all the hackers to find out, you know, what the communications
like right now, did he's being accused of all this stuff?
Puff Daddy, I don't know if you listen to a lot of puffed out.
He's been accused of doing a lot of stuff that he did with kids and all that stuff for
Epstein back in the days.
If the US government really wanted to know that stuff, and he hired, they hired 50 of
you guys, a hundred of you guys, would you guys be able to hack into systems to find
out communications, what's been said, what's not been said?
Would you be able to get to the bottom of it faster?
Different US agencies are hiring hackers in large numbers, especially if you look at the
alphabet soup. So different intelligence agencies. Really the question is the legal system. Again,
what kind of evidence can be archived in different ways? Also hackers, generally speaking, respect privacy. So it's when you
are asking question, can people hack to certain systems? There's first question is, is it
legal? But second thing is, even if it would be legal, hackers tend to have a strong respect
of privacy of the others for good reason. And that's really the difference between
when you think hackers as a criminals and when you think hackers as criminals and when you
think hackers as the way I define hackers.
Yeah, but I mean, that's kind of like when, you know, mainstream media, say from the left,
there's somebody that's investigating the story and if they don't like the story because
it goes against them, they'll say, that's a conspiracy theorist.
That's what he's doing.
And they'll kind of, they want to kind of put them
in a box to make fun of them and have them lose credibility.
It seems like that's the same thing they do with you guys,
with hackers and they put you in that, you know,
it sounds like you guys are offended by that as well,
when it happens to you.
Well, it's a necessary evil, but as I said,
it's very important to know the difference.
So now, again, going back to when you said ethical hacker, that's another
thing which is important to understand. I'm very often asked, you are white hat. I say,
not necessarily so. I'm ethical. But white hat hackers are very often trained and certified so
that they are smarter than the other people. Well, criminals don't get to brag about their achievements.
They try to stay out of jail.
And in order to be good in what I do,
I have to have the criminal mind.
So I'm always saying, my black hat who doesn't practice crime.
But I have to know the way of thinking
so that I can find the vulnerabilities, which
might be sometimes stupid.
But again, there's no style points in crime.
So you have to understand to how you look into the places which are stupid, but work.
What do you think about Bill Gates? What about him? Any opinion on him? Like the work he's
done, the things he works on? Do you have an opinion on him?
I mean, one of the pioneers, unlike Steve Jobs, who was a marketing guy, Bill Gates was a true engineer and put a lot
of work into building early software and trail place how we work.
Whether we are agreeing or disagreeing about open source and different kernel models and
different ways of making things work, Those are part of the corporate world, but nobody can deny his contributions to early
computers and how we get to where we are today.
Got it.
Mark Zuckerberg, what do you think about him?
Again, that's more an application, not trailblazing, social media is a... So when we talk about cyber war, we have to
understand that every domain where we fight wars, air, space, land, sea, undersea, they are natural
domains. There's a laws of physics, there is a rules of the road by the laws of physics. The main domains we fight
wars is cyber and information. For a long time, those two things have been put in the
same basket, because cyber was information was not understood to be separate. What Mark Zuckerberg and the founder of Twitter, all of them, they
created a new space, information space. Information space has been existing since the dawn of
the time, but they make a new mechanism to reach the information space. So when I look,
Mark Zuckerberg and everybody who created the social media, they created a new space which can
be used for good and bad. But right now when we look at the crime and everything bad happening,
cybercrime and cyberspace is different than information space, cognitive warfare,
information, influence operations, all of that, that's completely different space.
Because that is what happens between your ears and behind your eyes.
And one thing what we don't have is a human firewall.
So what Mark Zuckerberg and all of them, when they created this whole new industry and whole
new space, information space, what we are right now lacking is the defense mechanisms,
because they have to be built into humans.
Yeah.
Last question for you. When it comes on to hacking nuclear plants, is that something
that worries you at all?
Of course.
Is it easy to do?
Russia has a hacker conference which is strongly promoted and basically working for
Russian government. It's called Positive Hack Days. It was about 23rd to 26th of May this year.
And they had a number of capture the flag competitions
and which were targeted in different areas
of critical infrastructure.
One of those were nuclear.
One of those were nuclear.
And one of the award monies which have been reported was to pay for a hack to shut down
the cooling system of a nuclear power plant, which was framed as stopping energy production.
Well, it will stop the energy production, but it will cause some other problems too. So everything in a critical infrastructure has a long lifespan
and it's hard to upgrade. It's hard to secure because they are old and they have a long
lifespan. Isolation air gapping is the only way to keep those systems safe. The only way.
And of course we have the weakest link, which is humans. If you look And of course, we have the weakest language is humans. If
you look Stuxnet, you have air gap system and then people were carrying around USB sticks
and off you go. So of course I'm worried. I would be stupid if I wouldn't be worried
about nuclear power plant security because...
I don't want to upset you. It seems like you're getting... It's upsetting. I'm just asking
an open-ended question.
No, no, I'm not upset. I'm just saying that this is like, this is one of the many things
which when we look critical infrastructure, whether it's nuclear, power grid, water treatment,
we have to pay more attention.
I mean, are you kidding me? Like I'm looking at the website right now, which you're telling me, right?
The conference.
Yeah. This is, and they, hey, contest. Oh, but it says
it's a, this hacker party is ground zero for Russia's cyber spies. Kremlin's intelligent
officers, Russian traders, and Moscow's answer to the global dragon tattoos, they all gather
at this cyber security conference. That is wild. So that is wild. That is wild.
Now you understand why I got excited about critical infrastructure, because critical
infrastructure is everything we need for keeping the society going.
And if there's a conference where they are targeting indiscriminately civilian life,
indiscriminately finding ways to disrupt civilian life.
That's worrisome.
Yeah, it says, let me see here.
So there's also some of the things that they don't like here.
Held this year, Technology Complex and Event Central, called Digital October, about a mile
away from Kremlin, and 2014 attendees list included two of the GRU officers charged with breaching the Democratic National Committee as well as two other key figures in Russia.
Pavel Yavlowski-Yershov was one of the attendees, a GRU officer by the name of his charge, where
Robert Mukhanski.
Now this is getting into very interesting things.
Either Russian intelligence officers went there to recruit or they went there to learn.
My guess it's a combination of both
And so and so this answers your question are people hiring hackers to well
Listen if you have to anytime you're looking to size your enemy you have to think like them exactly
So if a criminal if a country hates, wanted to destroy America, how would
you do it? I'm hiring every single hacker in the world. I'm hiring 500 of you, paying
each of you a million a year. You know what that budget is? 500 million a year. That's
nothing. That's nothing. They're printing billions right now. I would hire you. I'd
put you in a nice place. I'd bring you in I would feed you good food if you're an evil leader that wants to put down the greatest country in the world
Which is you as which is where you live, which is where I live, right?
That would that would be the way to go. That's why I'm wondering how often does your resume get shopped by people from Russia saying hey
Harry
Come on. Kappa's your wife see I come from Finland. We come from Finland. We have the longest border with Russia.
The other thing is, you made a very good point.
A lot of people in the USA, oh, I can think like an enemy.
Critical thinking is not human.
We humans build societies because we have inherent trust.
And a lot of the things which are spin out of hacker culture like
social engineering are exploiting that trust.
So a lot of people say, I can think like an enemy.
No, you are thinking like you wish your enemy would be thinking.
But the enemy doesn't agree.
He's actually a fiction writer, Robert Lulum, who coined that phrase.
That is hilarious.
So, okay.
So what's the plan?
Are you planning on keeping this, selling this, auctioning this off?
By the way, for the folks that are listening to this, at this point, you know, Hari is
on Manek.
You can ask him questions.
I am sure you have a ton of questions.
Go on Manek, download the app, ask them the questions.
There's a list of questions that people have about this. I'm sure it's coming your way. I really enjoyed this. I'm not going to lie to you. Coming into it, I'm like, I don't know what's going to happen.
I'm walking away with enough stories to tell for the next month where it starts off with,
you will not believe who I spoke to the other day.
This guy named Harry, let me tell you what he did.
But anyways, it's great to have you here.
Where would you like the audience to go look for you outside of Manek?
I'm sure you're going to love it. You will not believe why I spoke to the other day. This guy named Harry, let me tell you what he did.
But anyways, it's great to have you here.
Where would you like the audience to go look for you
outside of Manect?
So I'm in LinkedIn, I'm in X.
Oh, you wanna put your nonprofit again?
Yeah, nonprofit, which we have
Alexan Integrity Foundation, af.vote.
Please check because we run the voting village
and we are educational.
So Defcon voting village is not about proving that voting machines can be hacked.
Every voting machine can be hacked. We are educational.
We want to dismiss the misinformation, disinformation, make sure that people have the right facts.
And voting village single-handedly have hundredfolded the people who have a first-hand
understanding what is true about voting machines, how the voting machines actually work.
So our mission is educational, purely educational.
We want to educate the stakeholders, the government officials, the policymakers, the people who
are working for policymakers and the general public, the policymakers, the people who are working for policymakers,
and the general public about the truth.
And truth here is that's why for years
we have now been very hard,
we have been waiting, fighting against misinformation,
disinformation, make sure that people
have the facts in their hand.
Just keep your politics out of it.
Try to stay as fair as possible.
I know you give me the vibes of which way you lean politically, just keep it out of it. Be fair.
We always in voting village, we are non-partisan or bi-partisan. We never want to do anything partisan.
I have a feeling, I'm trying to see like 80% of hackers based on what you're telling me are liberals on the left who are fans of probably New York Times, CNN, and MSNBC.
That's the vibe you're giving me, which I would prefer it be 50-50, but I don't think
you guys sound like because, you know, you were not a fan of Musk's.
I'm just trying to see where you would be with it.
But anyways, either way, very educational.
And I'm going to reconsider my vote for 2024.
Maybe not even vote this year after talking to you.
You have discouraged me from voting this year.
No, that's the wrong message.
Please vote.
Wherever you can vote, please vote.
Don't let anything discourage me.
Whoever you vote, doesn't matter.
This man is discouraging you to not vote.
Never trust. Always verify.
Obviously, we're having a good time with you.
I'm teasing you a little bit, but Hari, thanks for coming.
I've been a great sport, truly.
Thank you.
I appreciate you.
Thank you so much.
Yes, this was great.
Hi, my name is Harry Hersti.
I'm a lifelong hacker and security researcher.
An engineer with a heart which thinks
that impossible is just a state of mind.
Connect with me in a minute.
I'm here to explain anything you might wonder about election security, critical infrastructure security, cyberspace, cyber warfare,
information space, information warfare and connectivity warfare. So please ask me questions.
Hope to see you there in Minect.