U.S. election systems are increasingly at risk for cyberattacks ahead of the November midterms as Russia continues information operations to sow political division, according to cybersecurity firm FireEye Inc. State and local election infrastructure is becoming a more popular target for hackers, particularly state-sponsored cyberespionage actors, the Milpitas, California-based company said in a recent report, outlining risks to voter registration, polling places and ballot submission systems. Although the U.S. primary season is well underway, FireEye said it hasn’t observed attacks against election infrastructure as of March. But following Russian meddling in the 2016 elections, “malicious actors and nation states likely already have an understanding of the flaws in the U.S. elections infrastructure and will seek to exploit opportunities where they can,” the report said.
As more states place their voter registration processes online, their websites become targets for cyberattackers. “Aggressive campaigns” to disrupt electoral process could use tools like ransomware and distributed denial-of-service attacks to destabilize state and local computer networks and mimic cybercrime activity, the report said.
The Department of Homeland Security has said Russia targeted 21 states’ voter registration systems, but only Illinois has indicated publicly that some of its voter data was stolen. In its report, FireEye says hackers used three penetration testing tools to gain access to 200,000 voter records in Illinois. While the state said no data was altered, “it is possible that the actors had the ability to modify or delete data,” the report said.
The U.S. uses 57 different types of voting machines that FireEye says have flaws, including machines being particularly vulnerable to malware introduced through removable hardware.