The boy was the quickest of 35 children, ages 6 to 17, who all eventually hacked into copies of the websites of six swing states during the three-day Def Con security convention over the weekend, the event said on Twitter on Tuesday.
The event was meant to test the strength of U.S. election infrastructure and details of the vulnerabilities would be passed onto the states, it added.
The National Association of Secretaries of State – who are responsible for tallying votes – said it welcomed the convention’s efforts. But it said the actual systems used by states would have additional protections.
“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,” the association said.
The hacking demonstration came as concerns swirl about election system vulnerabilities before mid-term state and federal elections.
U.S President Donald Trump’s national security team warned two weeks ago that Russia had launched “pervasive” efforts to interfere in the November polls.
Participants at the convention changed party names and added as many as 12 billion votes to candidates, the event said.
“Candidate names were changed to ‘Bob Da Builder’ and ‘Richard Nixon’s head’,” the convention tweeted.
The convention linked to what it said was the Twitter account of the winning boy – named there as Emmett Brewer from Austin, Texas.
A screenshot posted on the account showed he had managed to change the name of the winning candidate on the replica Florida website to his own and gave himself billions of votes.
The convention’s “Voting Village” also aimed to expose security issues in other systems such as digital poll books and memory-card readers.