When people in several North Carolina precincts showed up to vote last November, weird things started to happen with the electronic systems used to check them in. “Voters were going in and being told that they had already voted — and they hadn’t,” recalls Allison Riggs, an attorney with the Southern Coalition for Social Justice. The electronic systems — known as poll books — also indicated that some voters had to show identification, even though they did not. Investigators later discovered the company that provided those poll books had been the target of a Russian cyberattack. There is no evidence the two incidents are linked, but the episode has revealed serious gaps in U.S. efforts to secure elections. Nine months later, officials are still trying to sort out the details. … At first, the county decided to switch to paper poll books in just those precincts to be safe. But Bowens says the State Board of Elections & Ethics Enforcement got involved “and determined that it would be better to have uniformity across all of our 57 precincts and we went paper poll books across the county.”
Editorials: Transparency is Solution to Shameful Lack of Security For U.S. Voting Systems Revealed by NSA Leak | Leah Rosenbloom/ACLU
Elections belong to the public. Just as we have the right to understand our overall election process, we have a right to understand the underlying hardware and software involved in electronic voting. We have a right to understand where our votes and voter registrations go, who checks them, and which institutions have access to that information. The NSA document allegedly leaked by Reality Leigh Winner and recently published by The Intercept suggests that the government is no longer confident about that critical information. The report details a Russian spear-phishing campaign that introduced malware into election contractors’ and officials’ machines, causing them to run “an unknown payload from malicious infrastructure.” According to the report, “It is unknown…what potential data could have been accessed” by Russian hackers. The malicious code was implanted into instructions for EViD, a piece of software that allows poll workers to verify voters’ sensitive personal information, including name, address, registration status, and voting history. The verification is done entirely over the Internet, and all data is communicated to and from EViD’s “secure website.”
Local officials consistently play down suspicions about the long lines at polling places on Election Day 2016 that led some discouraged voters in heavily Democratic Durham County, N.C., to leave without casting a ballot. Minor glitches in the way new electronic poll books were put to use had simply gummed things up, according to local elections officials there. Elections Board Chairman William Brian Jr. assured Durham residents that “an extensive investigation” showed there was nothing to worry about with the county’s new registration software. He was wrong. What Brian and other election officials across eight states didn’t know until the leak of a classified intelligence is that Russian operatives hacked into the Florida headquarters of VR Systems, Inc., the vendor that sold them digital products to manage voter registrations. … David Jefferson, a computer scientist at the Lawrence Livermore National Laboratory in California who has acted in his personal capacity in trying to safeguard election integrity, said he believes it is “absolutely possible” that the Russians affected last year’s election. “And we have done almost nothing to seriously examine that,” he said. “The Russians really were engaged in a pattern of attacks against the machinery of the election, and not merely a pattern of propaganda or information warfare and selective leaking,” said Alex Halderman, a University of Michigan computer science professor. “The question is, how far did they get in that pattern of attacks, and were they successful?”
The Florida elections vendor that was targeted in Russian cyberattacks last year has denied a recent report based on a leaked National Security Agency document that the company’s computer system was compromised. The hackers tried to break into employee email accounts last August but were unsuccessful, said Ben Martin, the chief operating officer of VR Systems, in an interview with NPR. Martin said the hackers appeared to be trying to steal employee credentials in order to launch a spear-phishing campaign aimed at the company’s customers. VR Systems, based in Tallahassee, Fla., provides voter registration software and hardware to elections offices in eight states. “Some emails came into our email account that we did not open. Even though NSA says it’s likely that we opened them, we did not,” Martin says. “We know for a fact they were never opened. They did not get into our domain.”
Election officials in Humboldt County are checking their voter data after a leaked National Security Agency document alleged that Russian operatives hacked one of the county’s voting software contractors. According to a NSA memo published Monday by the news website The Intercept, Russia’s military intelligence unit, the G.R.U., successfully hacked a Florida voting software company, VR Systems, last summer. That hack then led to a broader hacking attempt of local election boards around the country just days before the November election. Humboldt County, population 136,000, might not seem like a top target for the Russians. The far-north county, which includes the city of Eureka, is more famous for its redwoods, coastline and marijuana crop than its politics. But the county Office of Elections had a contract with elections company Hart InterCivic, and Hart used VR Systems for its electronic poll books — the devices poll workers use to check in voters at the ballot.
New York: Onondaga among 4 New York counties to use voting software targeted by Russian hackers | syracuse.com
Onondaga County is among four New York counties that used voting software provided by a U.S. company targeted in a cyber-attack by Russia before the 2016 presidential election, election officials said Wednesday. Onondaga, Cayuga, Cortland and Orange counties used the EVid software from a vendor that partnered with U.S. supplier VR Systems of Florida, said Thomas Connolly, speaking for the New York State Board of Elections. The company’s devices were used by the New York counties as electronic poll books to check voter registration, supplementing existing paper books at selected voting precincts in November as part of a state pilot program, Connolly said. The devices were never linked to live voter registration databases, and state elections officials have found no indication hackers compromised the state’s voting system, Connolly said.
Florida: Phishing expedition: At least 5 Florida counties targeted by Russian election hack | Tampa Bay Times
Russian hackers tried to break into the computer systems of at least five Florida county elections offices days before the 2016 presidential election, according to five county officials who say they received malicious emails described in a leaked intelligence report. Election supervisors in Hillsborough, Pasco, Citrus and Clay counties separately told the Times/Herald their offices got the emails, which contained attachments that could have taken over their computers. But all four said their staffers did not open them. Volusia County said it opened one of the infected emails, but not the attachment that could have compromised its systems. There’s been no evidence disclosed publicly that any counties were breached. It’s not clear how many counties were targeted, in Florida or across the country. The Times/Herald sent requests for the emails to all 67 elections offices in the state. Nineteen replied back that they searched for them and couldn’t find any.
Florida: E-pollbook Vendor takes responsibility for delaying St. Lucie County election results | TC Palm
A server malfunction — in equipment operated by a private company — resulted in the delay posting primary-election results Tuesday night, the company’s CEO said Thursday. Totals for early and absentee voting didn’t appear on the supervisor of elections website until nearly an hour after the polls closed at 7 p.m. St. Lucie’s problem was part of a domino effect, according to Mindy Perkins, CEO of VR Systems, an online election system-reporting company used by the St. Lucie County Supervisor of Elections Office and about 50 other Florida counties. A VR Systems technician used an incorrect link to allow Broward County Supervisor of Elections to preview results, according to affidavit from Perkins.
Florida: Broward state attorney reviewing how elections office posted results before polls closed | Miami Herald
When Broward County posted election results online before the polls closed Tuesday night, it was the election night screw-up seen around Florida. It is a felony to release results while voters are still casting ballots. Within a couple of hours, a vendor took full responsibility, but a chain of events was already in motion: On Tuesday night, the state elections chief, Ken Detzner, criticized the slip-up as “unacceptable” and called for an investigation — prompting the Broward state attorney to launch a review Wednesday. As the drama was unfolding in a warehouse at the Lauderhill Mall where Broward tabulates results, Supervisor of Elections Brenda Snipes coasted to a landslide victory over her Democratic primary opponent and deferred to the vendor to explain what went down. Despite the election website problems, experts say it’s unlikely that anyone will get charged with a crime.