Member-only story
How to Hack a Voting Machine
Hacker Rachel Tobac talks to OneZero about DEF CON 2019 and fighting back against election hacking
Rachel Tobac doesn’t seem like those hooded hackers you see in standard stock art. She’s friendly and welcoming and the first to offer that she didn’t come from a technical background. In short, she has all the skills of a successful social engineer who could convince you to turn over your passwords without even knowing it. But Tobac isn’t interested in your passwords — she’s more interested in showing you and your company how to protect them.
After a video of Tobac hacking a voting machine at the hacker conference DEF CON went viral in 2018, she made improving election security a personal mission. She now works with organizations to help lock down their human processes against social engineering threats.
Tobac spoke to OneZero from her burner phone a few days after returning home from DEF CON in Las Vegas this year.
This interview has been edited and condensed for clarity.
OneZero: I want to start by asking you what you call yourself. A social engineer?
Rachel Tobac: I would call myself a hacker. Sometimes people like to use the phrase “white hat hacker,” because they’re trying to differentiate themselves from criminals. And sometimes people use the phrase “black hat hacker” to describe a criminal, but I prefer to just call them criminals. So I would say I’m a hacker, not a criminal.
Tell us what brought you to DEF CON the first time.
My husband is a cybersecurity researcher, and he went to DEF CON many, many moons ago. He called me on a Friday night when he was in Vegas and said, “Rachel, I lied when I told you that you didn’t need to come to Vegas for DEF CON. You need to buy a ticket out tonight.”
I was in a conference room at work. At the time, I was a community manager. I was completely nontechnical, not involved in the hacking space or world in any way. I had a background in neuroscience and statistics in psychology, and I was like, “Evan, I love you, but why do you think I would go to a hacker conference? It’s gonna…
