Feedback
Tech

Hackers Were Able to Breach — and Then Rick-Roll — a Voting Machine

"Never gonna give you up, never gonna let you down," Rick Astley sings in his 1987 hit. But the voting machine the song was blaring from at the Def Con security conference in Las Vegas sure did.

Hackers were able to successfully "Rick-Roll" a WinVote voting machine at the Def Con cyber security conference this weekend. Video of the hack, which was shared on Twitter, provides a stunning reminder of how nothing is ever truly safe from hackers.

"The need for us to get our act together on cyber security and get much better at it is becoming very acute," Michael Daniel, president of the Cyber Threat Alliance and former cyber security coordinator in the Obama Administration, told NBC News.

Related: Las Vegas is More Hackable Than Ever — But It May be a Good Thing

From connected home devices to voting machines and cars, thousands of hackers spent the past week in Las Vegas sharing research and discussing the future of hacking at the Black Hat and Def Con security conferences. But this year's message was striking: We have to do better.

Image: Attendee Don Laursen checks the conference schedule on his phone as he waits for a keynote address during the Black Hat information security conference in Las Vegas
A conference attendee checks the schedule on his phone as he waits for a keynote address during the Black Hat information security conference in Las Vegas on July 26. Steve Marcus / Reuters

Finding the problems is the relatively easier part. The harder part, according to security professionals, is designing defenses.

The research presented is essentially a glimpse into the future and "tells us what is going to happen in the next 12 to 18 to 24 months out," said Jeremiah Grossman, chief of security at SentinelOne.

"In many ways, the attack research is easy. Now we need to start designing and deploying the defenses," he said. "That is the hard part. That's where we need time. But if we don't talk about the attacks, when it's not allowed, that's when we have problems."

Grossman was referring to a Moroccan hacker living in France who was reportedly denied entry to the United States to give a scheduled Black Hat talk.

The public's perception of hacking — what it is and how it can harm people — has also undergone a metamorphosis in the past year. While there will likely always be black hat hackers who are happy to snag your credit card information and passwords, there's also an intense focus on how other countries may be using hacking to — say — meddle in an election.

"Cyber operations and the use of cyber capabilities as a tool of state craft is here to stay. It is a fact of life in the 21st century and one of the things we as societies need to figure out," Daniel said. "We need to figure out how to get some rules of the road surrounding the use of those capabilities so they don't become inherently destabilizing to the international system."

With the fake news scourge and bots running rampant online, Chris Wysopal, chief technology officer at Veracode, said the security community can use its expertise to help.

"It's not something we traditionally think about — people using info systems to target individuals with fake news or whatever," Wysopal said. "Usually intelligence agencies think about nation states and we don't, but I think we could have a role to play there on how systems can be misused to manipulate people."

"It's a little too new for this community to start doing anything about it, but hopefully by the next election we can start thinking about designing systems that can detect when you are being targeted by a bot," he told NBC News.