A ProPublica analysis found election computer servers in Wisconsin and Kentucky could be susceptible to hacking. Wisconsin shut down its service in response to our inquiries. As recently as Monday, computer servers that powered Kentucky’s online voter registration and Wisconsin’s reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries. The service, known as FTP, provides public access to files — sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server’s operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives.
Officials in both states said that voter-registration data has not been compromised and that their states’ infrastructure was protected against infiltration. Still, Wisconsin said it turned off its FTP service following ProPublica’s inquiries. Kentucky left its password-free service running and said ProPublica didn’t understand its approach to security.
The states’ reliance on FTP highlights the uneven security practices in online election systems just days before the midterm elections. In September, ProPublica reported that more than one-third of counties overseeing closely contested elections for congressional seats ran email systems that could make it easy for hackers to log in and steal potentially sensitive information.
Some states remain hampered by bureaucratic disagreements, or regard other needs as more pressing. If intruders were able to gain access to election-related server files, for instance, they could prevent people from registering to vote, compromise unofficial tallies or direct voters to the wrong polling place. Those actions could potentially sow chaos on Election Day and raise questions as to whether the vote was legitimate.
Full Article: This Software is Exposing State Election Servers to Intruders.