Saturday, October 1, 2016

Over 20 States Have Faced Major Election Hacking Attempts

Hackers have intensely probed State Voter Registration systems in more than 20 states, a Department of Homeland Security (DHS) official said.

The revelation comes amid fears that the Electoral system is vulnerable to digital meddling, following a series of suspected Russian hacks of Democratic organizations, Party officials and State Election networks.

The DHS official, speaking on background because of the subject’s sensitive nature, explained that hackers of all stripes are constantly testing the digital defenses of every state’s public-facing Election systems. But in 20-plus states, the agency determined that these intrusion attempts have become what DHS calls “probing of concern.” “It’s reached a threshold of some concern,” the official said, cautioning that the majority of states were not experiencing successful intrusions.

The Federal Government has focused more attention on State Voting systems in the wake of confirmed digital intrusions into Voter Rolls in Arizona and Illinois.

The Federal Bureau of Investigation (FBI) and DHS asked states to look for hacking attempts coming from the IP addresses linked to those intrusions. That filtering exposed the maelstrom of attacks on State Election systems that officials are now trying to analyze. “It’s not to say that people weren’t constantly trying to probe all these different websites” before the Arizona and Illinois incidents, said the DHS official. “I would imagine they probably were.”

The Associated Press first reported that DHS had seen attempted hacks in more than 20 states. But the DHS official stressed that the AP’s report, along with an earlier CNN story, misunderstood the nature of the cyber threat.

All states are constantly targeted, the official said, not just the states most seriously affected. “It’s gotten a little bit, I think, blown out of proportion with the general public,” the official said.

Several Secretaries of State, who oversee Elections, acknowledged that they are constantly flagging potential nefarious digital activity. But very little of this activity actually leads to a breach. "The fact someone pinged it doesn’t mean there’s a breach," said Colorado Secretary of State Wayne Williams in an interview Friday.

Williams said his State wasn’t among the ones that had experienced a "probing of concern." But, he added, it’s not uncommon for hackers to make a run at his data trove. “The fact someone passes by, or runs a quick test on the database and doesn’t get through, that happens every day with every major database,” he said.

Georgia Secretary of State Brian Kemp echoed this assessment. “We get pings on our systems every day, not just in election, but in our corporation division and other parts of state government,” Kemp said.

Williams explained that, "there are always people out there doing that. When we detect it, we block the IP address and take steps to protect the data. There’s virtually no way to stop someone from doing that initial pass, and the issue is then what are your responses and how do you deal with it?”

DHS said it has not traced the State probes to a common source. There is also no consensus among Digital Security Experts and former officials about whether Russia is behind the State Election hacks. But some IP addresses have been associated with prior Russian hack attempts.

But the DHS official explained that the attempted break-ins didn't fit a clear pattern, and some were more representing a "storm" of attacks.

“We’re still in the storm phase right now,” the official said. “It’s really not uncommon. You’ve got all sorts of cyber criminal groups, you’ve got your regular hackers that are just sort of messing around.”

Lawmakers on both sides of the aisle have said they suspect Moscow is trying to sow general distrust in the Electoral system with the spate of hacks.

To help states fend off these hacks, DHS has offered to provide states with additional digital scans of their systems, on top of the nationwide monitoring DHS already does regularly.

The DHS official said that currently 21 states have “expressed interest” in these vulnerability-scanning services. But because of the paperwork involved in formally establishing those relationships, the official added, “they’re all in varying stages of receiving that assistance.”

Rep. Jim Langevin (D-R.I.), a Co-Founder of the Congressional Cybersecurity Caucus, noted there are many states “who don’t know” that their systems have gotten hackers’ attention. “I’d proceed under the assumption that [with] many election systems — in terms of voter registration systems — there have been at least attempts and perhaps they’ve been probed,” Langevin said.

NYC Wins When Everyone Can Vote! Michael H. Drucker
Digg! StumbleUpon

No comments: