Not every election hack is a blockbuster — but even small-scale attacks on states’ cyber infrastructure have the potential for catastrophic effects. After receiving a tip from a small cyber firm called Appsecuri, FiveThirtyEight has confirmed that two states, Alabama and Nevada, had vulnerabilities that left them open to potential compromises of their state web presences. Earlier this month, Appsecuri approached FiveThirtyEight and said it found potential flaws on several states’ websites that would allow for information to be tampered with. It provided a number of vulnerabilities to FiveThirtyEight; FiveThirtyEight is only reporting those it could verify with the states affected.
Alabama has acknowledged that one of its state sites could have been penetrated to let bad actors tamper with an official webpage and potentially spread misinformation about voting and elections over social media. Nevada has acknowledged that a state site has a vulnerability identified by Appsecuri but disputes Appsecuri’s allegation that the weakness poses a risk to the state’s election system. Officials from both states said the flaws did not have the potential to allow the posting of erroneous vote counts to official pages. But outside experts suggested that there’s still reason to be concerned.
“A lot of these vulnerabilities are easily classified as a cosmetic error until someone thinks through how they can be used for other purposes,” said Harri Hursti, a cybersecurity expert with a focus in election security. A hacker’s attack may seem minor now, but it could grow into a bigger, more urgent problem come Election Day.