A long-awaited report this week from the Department of Homeland Security found security problems with the computer systems that a North Carolina county used to handle voter data during the 2016 election — but no evidence that Russian hackers had breached them. Still, the review is unlikely to totally resolve questions surrounding the county’s use of software provided by the Florida company VR Systems, which — as POLITICO reported last week — have added to broader doubts about the security of election technology that Americans will use at the polls in 2020. Experts contacted by POLITICO said the new DHS analysis has its share of holes — for instance, failing to examine all the computer systems the Russians could have targeted. And they noted that officials in Durham County, N.C., had waited until about a week after Election Day to preserve some potentially important evidence. “I think [the investigation is] incomplete,” says Jake Williams a former NSA hacker who is founder of the security firm Rendition Infosec and trains forensic analysts. “It’s the best investigation that can be conducted under the circumstances. We can’t investigate what we don’t have, [and] a lot of the crucial evidence is missing.” Among other security issues, the heavily redacted DHS report indicates that someone had used a “high value” desktop computer handling Durham County’s voter-registration data to access a personal Gmail account on Election Day. The report provides a lengthy list of suggestions — all blacked out — for how the county can improve the security of its election infrastructure.
Florida: DHS preparing report on 2016 Palm Beach election ransomware | David Smiley and Nicholas Nehamas/Miami Herald
Less than five weeks before Florida’s March presidential primary, the Department of Homeland Security is investigating a previously unreported cyber attack on Palm Beach County’s elections office, according to Supervisor of Elections Wendy Sartory Link. Link, who was appointed last year by the governor to oversee the county’s beleaguered elections department, said she contacted the FBI in November after a veteran IT employee told her that the office had been infected by a ransomware virus only a few weeks prior to the 2016 election. The virus was not publicly disclosed in 2016. Link said the FBI referred her to DHS, which sent a team of a half-dozen employees to her office late last month to do a “deep dive” into her department’s network. She said a report of their findings and recommendations is expected shortly. “We’ve had the top experts in the country here and they spent a lot of time with our system. When we get the report, we’ll be able to take care of everything we can take care of,” Link said in an interview Thursday. “I wanted this done before March if at all possible.”Full Article: DHS preparing report on 2016 Palm Beach election ransomware | Miami Herald.