The Washington Post has an article by Ellen Nakashima about them damned Russkies:
Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that the Russians were behind the assault on the election system in that state.Rico says the Russians haven't had a free and open election since the turn of the last century, and don't understand the concept...
The bureau described the threat as “credible” and significant, “an eight on a scale of one to ten”, Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan (a Republican), said. As a result, Reagan shut down the state’s voter registration system for nearly a week.
It turned out that the hackers had not compromised the state system or even any county system. They had, however, stolen the username and password of a single election official in Gila County.
Roberts said FBI investigators did not specify whether the hackers were criminals or employed by the Russian government. Bureau officials declined to comment, except to say that they routinely advise private industry of cyberthreats detected in investigations.
The Arizona incident is the latest indication of Russian interest in American elections and party operations, and it follows the discovery of a high-profile penetration into Democratic National Committee computers. That hack produced embarrassing emails that led to the resignation of DNC Chairwoman Debbie Wasserman Schultz and sowed dissension on the eve of Hillary Clinton’s nomination as the party’s presidential candidate.
The Russian campaign is also sparking intense anxiety about the security of this year’s elections. Earlier this month, the FBI warned state officials to be on the lookout for intrusions into their election systems. The “flash” alert, which was first reported by Yahoo News, said investigators had detected attempts to penetrate election systems in several states, and listed Internet protocol addresses and other technical fingerprints associated with the hacks.
In addition to Arizona, officials in Illinois discovered an intrusion into their election system in July of 2016. Although the hackers did not alter any data, the intrusion marks the first successful compromise of a state voter registration database, federal officials said.
“This was a highly sophisticated attack, most likely from a foreign entity,” said Kyle Thomas, director of voting and registration systems for the Illinois State Board of Elections, in a message that was sent to all election authorities in the state.
The Illinois hackers were able to retrieve voter records, but the number accessed was “a fairly small percentage of the total,” said Ken Menzel, general counsel for the Illinois election board.
State officials alerted the FBI, he said, and the Department of Homeland Security also was involved. The intrusion in Illinois led to a week-long shutdown of the voter registration system.
The FBI has told Illinois officials that it is looking at foreign government agencies and criminal hackers as potential culprits, Menzel said.
At least two other states are looking into possible breaches, officials said. Meanwhile, states across the nation are scrambling to ensure that their systems are secure.
Until now, countries such as Russia and China have shown little interest in voting systems in the United States. But experts said that, if a foreign government gained the ability to tamper with voter data, for instance by deleting registration records, such a hack could cast doubt on the legitimacy of American elections.
“I’m less concerned about the attackers getting access to and downloading the information. I’m more concerned about the information being altered, modified or deleted. That’s where the real potential is for any sort of meddling in the election,” said Brian Kalkin, vice president of operations for the Center for Internet Security, which operates the MS-ISAC, a multi-state information-sharing center that helps government agencies combat cyberthreats and works closely with federal law enforcement.
James R. Clapper Jr., the director of national intelligence, has told Congress that manipulation or deletion of data is the next big cyberthreat, “the next push on the envelope”.
Tom Hicks, chairman of the Federal Election Assistance Commission, an agency set up by Congress after the 2000 Florida recount to maintain election integrity, said he is confident that states have sufficient safeguards in place to ward off attempts to manipulate data.
For example, if a voter’s name were deleted and did not show up on the precinct list, the individual could still cast a provisional ballot, Hicks said. Once the voter’s status was confirmed, the ballot would be counted.
Hicks also said the actual systems used to cast votes “are not hooked up to the Internet” and so “there’s not going to be any manipulation of data.” However, more than thirty states have some provisions for online voting, primarily for voters living overseas or serving in the military.
This spring, a Department of Homeland Security official cautioned that online voting is not yet secure. “We believe that online voting, especially online voting on a large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability, and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” said Neil Jenkins, an official in the department’s Office of Cybersecurity and Communications.
Private-sector researchers are also concerned about potential meddling by Russians in the election system. Rich Barger, chief information officer at ThreatConnect, said that several of the IP addresses listed in the FBI alert trace back to a website-hosting service called King Servers that offers Russia-based technical support. Barger also said that one of the methods used was similar to a tactic employed in other intrusions suspected of being carried out by the Russian government, including one this month on the World Anti-Doping Agency.
“The very fact that someone has rattled the doorknobs, the very fact that the state election commissions are in the crosshairs, gives grounds to the average American voter to wonder: Can they really trust the results?” Barger said.
Earlier this month, Department of Homeland Security Secretary Jeh Johnson held a conference call with state elections officials, offering his assistance in protecting against cyberattacks. Johnson said that the Department of Homeland Security was “not aware of any specific or credible cybersecurity threats relating to the upcoming general election systems,” according to a readout of the call. It was not clear whether he was aware at the time of the FBI’s investigations in Arizona and Illinois.
No comments:
Post a Comment