National: File-Sharing Software on State Election Servers Could Expose Them to Intruders | ProPublica
As recently as Monday, computer servers that powered Kentuckyâs online voter registration and Wisconsinâs reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentuckyâs was accessible from other Eastern European countries. The service, known as FTP, provides public access to files â sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a serverâs operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives. Officials in both states said that voter-registration data has not been compromised and that their statesâ infrastructure was protected against infiltration. Still, Wisconsin said it turned off its FTP service following ProPublicaâs inquiries. Kentucky left its password-free service running and said ProPublica didnât understand its approach to security.