ONE-TIME FBI most-wanted hacker Kevin Mitnick has warned the Australian federal government not to introduce electronic voting until it is “damn sure the technology cannot easily be manipulated”.
The infamous former black hat hacker, who spent five years in prison for exploiting vulnerabilities in American corporations and government agencies, said electronic voting systems had previously been hacked and the technology would never be completely trustworthy.
Mr Mitnick, who previously worked with the Ecuadorean government to secure systems in charge of tabulating the country’s 2013 elections, said using e-voting machines without enough security testing could put criminals in charge of choosing who runs the country.
“If a government implements electronic voting, they have to be extremely vigilant about having very skilled security engineers test these products,” he said.
“In deploying something that will decide the result of a (federal) election, you better be damn sure the technology cannot easily be manipulated.
“Usually, technology can be compromised given enough time and money.”
Despite the risks, Prime Minister Malcolm Turnbull and opposition leader Bill Shorten this week spoke in favour of introducing electronic voting in Australia following an eight-day wait for an election result while paper votes were counted.
But Mr Mitnick said e-voting machines had been exploited and Australia would have to invest in “extreme diligence” by top engineers to ensure e-voting technology was difficult to compromise.
“There’s no such thing as 100 per cent secure,” he said.
Mr Mitnick, in Australia ahead of two speaking engagements in Melbourne and Sydney next month, said Australian businesses were also “very vulnerable” to attack, and the biggest risk remained the human factor.
The American author was arrested in 1995 after gaining infamy for hacking companies including Nokia, Motorola, IBM, and Sun Microsystems using social engineering techniques.
He spent five years in prison, including eight months in solitary confinement due to concerns, according to Mr Mitnick, that he could “start a nuclear war by whistling into a payphone”.
Now heading up Mitnick Security to legitimately test vulnerabilities in companies’ security, Mr Mitnick said humans were still the weakest link in security systems, and companies should test their employees with fake scams under controlled conditions, baiting them to install software on their corporate network or click on inappropriate web links.
“People taught in this method usually have an ‘a ha’ moment,” he said.
“People don’t like to be fooled more than once, and it’s a way to get people to repel these types of (social engineering) attacks.”
Mr Mitnick will show off his skills in live hacking demonstration during talks in Sydney and Melbourne on August 24 and 26.