Can We Protect ‘Points of Vulnerability’ in the Wake of Hack Into State Election Databases?

The Federal Bureau of Investigation issued a shocking alert Monday: Hackers had successfully penetrated the election databases of two U.S. states. Yahoo News, which broke the news, reported:

The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections. …

The bulletin does not identify the states in question, but sources familiar with the document say it refers to the targeting by suspected foreign hackers of voter registration databases in Arizona and Illinois. In the Illinois case, officials were forced to shut down the state’s voter registration system for 10 days in late July, after the hackers managed to download personal data on up to 200,000 state voters, Ken Menzel, the general counsel of the Illinois Board of Elections, said in an interview. The Arizona attack was more limited, involving malicious software that was introduced into its voter registration system but no successful exfiltration of data, a state official said.

This alarming announcement raised security concerns over the November election. Senate Minority Leader Harry Reid called for the FBI to investigate possible Russian ties to the hack, noting that manipulation of data in “less than six” swing states would be all that would be needed to change the outcome of the general election.

FBI Director James Comey said the agency “take[s] very seriously any effort by any actor, including nation-states, and maybe especially nation-states, that moves beyond the collection of information about our country and that offers the prospect of an effort to influence the conduct of affairs in our country.”

Some argue that the hack would not alter the election. “It would be harder than we think,” says The Washington Post, “in part because we tend to conflate a number of very different election systems.”

Yahoo News investigative correspondent Michael Isikoff provides more detail about the initial hack and cybersecurity concerns for the general election. “[T]hey might seek to tamper with the election itself,” he tells Amy Goodman in an episode of ”Democracy Now!” He continues:

Now, that would not be an easy thing to do. In 40 states, we have optical scan voting, in which there are backup of paper ballots, so there’s a safety net there. But there are points of vulnerability. …

[This hack] has raised the concerns to new levels that this is something that state election officials have to take a lot more seriously, and federal officials, as well.

Isikoff’s concerns echoed Reid’s. “[T]he two [states] that would be of particular concern, because they’re swing states in the election, [are] Pennsylvania and Virginia,” he explains. “I can tell you that this is being taken seriously in those states.”

Goodman notes that it’s not just foreign hackers the U.S. should be concerned about. “Right, it could be anybody,” Isikoff answers. He wraps up by easing the fears of those who worry that the general election results will be tampered with, however. “[T]here are points of vulnerability,” he acknowledges, but a serious hack “would take a lot, given that elections are state and local affairs, and there’s a lot of points of entry, and it would be a huge undertaking.”

Watch the entire interview below:

—Posted by Emma Niles