A three-pronged wave of cyber-attacks aimed at wrecking Ukraine’s presidential vote – including an attempt to fake computer vote totals – was narrowly defeated by government cyber experts, Ukrainian officials say. The still little-known hacks, which surfaced May 22-26, appear to be among the most dangerous cyber-attacks yet deployed to sabotage a national election – and a warning shot for future elections in the US and abroad, political scientists and cyber experts say. National elections in the Netherlands, Norway, and other nations have seen hackers probe Internet-tied election systems, but never with such destructive abandon, said experts monitoring the Ukraine vote. “This is the first time we’ve seen a cyber-hacktivist organization act in a malicious way on such a grand scale to try to wreck a national election,” says Joseph Kiniry, an Internet voting systems cyber-security expert. “To hack in and delete everything on those servers is just pillaging, wanton destruction.” That wanton destruction began four days ahead of the national vote, when CyberBerkut, a group of pro-Russia hackers, infiltrated Ukraine’s central election computers and deleted key files, rendering the vote-tallying system inoperable. The next day, the hackers declared they had “destroyed the computer network infrastructure” for the election, spilling e-mails and other documents onto the web as proof. A day later, government officials said the system had been repaired, restored from backups, and was ready to go. But it was just the beginning.
Only 40 minutes before election results were to go live on television at 8 p.m., Sunday, May 25, a team of government cyber experts removed a “virus” covertly installed on Central Election Commission computers, Ukrainian security officials said later.
… The Ukraine hack is a stark warning for the US and other democracies that use the Internet for tabulation and even direct voting, election security experts say. One clear lesson, they say, is to always have paper ballots to back up election results – like Ukraine – and to avoid Internet voting.
“The Ukraine attack story demonstrates there is no shortage of methods which a determined adversary will make use of to sabotage an election,” says Pamela Smith, president of the Verified Voting Foundation, a US group that has researched US election systems security.