Just days before a pivotal midterm congressional election, dozens of jurisdictions around the country go to polls without a paper backup for electronic voting systems. The shortfall comes despite nearly two years of warnings from cybersecurity experts that in the absence of a paper backup system, voters’ intentions cannot be verified in case of a cyberattack that alters election databases. Fourteen states will conduct the midterm elections where voters will register their choices in an electronic form but will not leave behind any paper trail that could be used to audit and verify the outcome. Delaware, Georgia, Louisiana, New Jersey and South Carolina have no paper backup systems anywhere in the state. Nine other states have several jurisdictions without a physical alternative to electronic records — Arkansas, Florida, Indiana, Kansas, Kentucky, Mississippi, Pennsylvania, Tennessee and Texas. Experts have urged states to have backup systems after officials from U.S. intelligence agencies and the Department of Homeland Security said that Russian entities scanned election systems in at least 21 states before the 2016 election in an attempt to breach. Seven states had their computer systems breached to various degrees, officials have said. Illinois has said its voter registration system was breached. But officials have said no votes were altered.
“It’s fair to say that 2016 changed the threat environment we face, pitting state and local election officials against nation-state actors who scan for vulnerabilities and were successful in accessing one state’s voter rolls,” U.S. Election Assistance Commission Chairman Thomas Hicks said at an Oct. 3 event on election security. “These same actors made additional attempts to infiltrate states’ elections systems ahead of the 2018 midterms, and by all accounts, they will be back for 2020.”
Technology companies and U.S. law enforcement agencies have described various attempts by Russian entities to interfere in the midterms, but not all of them are related to the security of election machinery operated by states. Many of the attempts by adversaries are aimed at influencing American voters or targeting individual political campaigns through fake social media campaigns.
In August, Microsoft said it had seized six Internet domains belonging to Russian hackers and linked to the country’s military intelligence agency. The domains mimicked Republican-leaning think tanks and were being used to send phishing emails to lawmakers’ offices.
Two months earlier, the company disclosed it had found and disabled three spear-phishing campaigns mounted by the Russian military intelligence agency that targeted three 2018 candidates. Microsoft didn’t name the candidates, but Rolling Stone magazine reported that Hans Kierstad, a Democrat, who participated in California’s open primary to challenge Republican Rep. Dana Rohrabacher and lost, was targeted by Russian entities. Rohrabacher has expressed strong pro-Russia views and the FBI is said to have warned him that Moscow saw him as an intelligence source.
Full Article: 14 States Forgo Paper Ballots, Despite Security Warnings.