An attempt by Russian hackers to infiltrate an obscure Florida elections technology company is igniting concerns about whether the small industry is vulnerable to attacks that could undermine confidence in election results. Russian hackers apparently targeted employees of Tallahassee, Fla.-based VR Systems with phishing attacks to swipe their computer log-in credentials, then impersonated the company’s workers by sending emails with nefarious attachments to local governmental officials, according to a National Security Agency document leaked to news site The Intercept. The NSA concluded it was “likely” that at least one of the employees’ accounts was compromised. “We have seen no reports of attacks against voting machine vendors and vendors that program ballots for those machines, but it would be naïve to think it’s not a possibility that there would be attempts to do that,” said Lawrence Norden, deputy director of New York University School of Law Brennan Center for Justice’s Democracy Program.
… Most voter registration data is public, so accessing it is of limited utility. Still, once hackers have gained access to a network, they can use that foothold to grab a broader swath of data or alter records.
That’s why it’s ultimately critical to ensure that the system relies on paper ballots that are digitally counted and thus can be hand-checked if necessary to confirm results, said Susan Greenhalgh, elections specialist at the Verified Voting Foundation, an organization that advocates for the integrity of elections.
“You’re never going to be able to create one 100% secure computerized system that can’t be attacked,” she said, adding that lawmakers should adopt policy forcing elections technology companies to disclose when they’ve been hacked.