DHS: Hackers Targeted 21 Election Systems in 21 States
Could hackers determine our presidential election?
Department of Homeland Security Secretary Jeh Johnson has urged states to take advantage of federal government protection to secure their election systems before November 8:
“These challenges aren’t just in the future — they are here today,” Johnson said in the statement. “In recent months, malicious cyber-actors have been scanning a large number of state systems, which could be a preamble to attempted intrusions. In a few cases, we have determined that malicious actors gained access to state voting-related systems.”
A few days ago, a DHS official said hackers targeted about 21 states.
Politico reported:
The DHS official — speaking on background because of the subject’s sensitive nature — explained that hackers of all stripes are constantly testing the digital defenses of every state’s public-facing election systems. But in 20-plus states, the agency determined that these intrusion attempts have become what DHS calls “probing of concern.”
“It’s reached a threshold of some concern,” the official told POLITICO, cautioning that the majority of states were not experiencing successful intrusions.
This official also told Politico that CNN and the Associated Press “misunderstood the nature of the cyber threat” in their stories on Friday. But secretaries of states have said their respective states have flagged “potential nefarious digital activity,” but hardly any of it “actually leads to a breach:
“The fact someone pinged it doesn’t mean there’s a breach,” said Colorado Secretary of State Wayne Williams said in an interview Friday.
Williams said his state wasn’t among the ones that had experienced a “probing of concern.” But, he added, it’s not uncommon for hackers to make a run at his data trove.
“The fact someone passes by, or runs a quick test on the database and doesn’t get through, that happens every day with every major database,” he said.
Concerns over election security peaked in August when “hackers successfully infiltrated one state board of election and targeted another” in Illinois and Arizona.
The FBI provided “eight separate IP addresses” and thinks they may have been linked since the hackers used one address in bothe attacks. The department recognized one address since it “surfaced before in Russian criminal underground hacker forums.” Rich Barger, chief intelligence officer for cybersecurity firm ThreatConnect, told Yahoo News that “the method of attack on one of the state election systems — including the types of tools used by the hackers to scan for vulnerabilities and exploit them — appears to resemble methods used in other suspected Russian state-sponsored cyberattacks, including one just this month on the World Anti-Doping Agency.”
However, the tools are not very sophisticated, but “very effective,” which is why “national governments or their proxies” use them.
Donations tax deductible
to the full extent allowed by law.
Comments
Not to be too conspiratorial, but what percentage of this hysteria is to enable Federal takeover of elections? I don’t know if you can be too paranoid with this bunch.
I am seeing this the same way.
I’ll really start worrying if Jeh Johnson hires Bryan Pagliano to be in charge of election security…..
But – these lists could easily be used to produce ABSENTEE votes. Certainly could steal the election.
What a load of BS. “State actors”, indeed. Shoot, I use proxy servers in foreign countries, and I don’t even have to get out of my chair to do it.
I never thought you were 400 lbs, but I guess sitting in a chair and not lying in bed disqualifies you.
Anytime something becomes electronic, there will be people running to take advantage of it. Could we please just go back to the punch cards? Thanks, Al Gore.
DHS clearly cannot even keep the contents of State Department emails from being hacked. They have NO business interfering in the voting in individual states.
Wait, wait, wait one darn minute, Obama and the MSM swore that Russia was a bunch of white hat good guys and that Romney was being mean calling them out during the debates.
The only way logically to protect against this would be some sort of voter ID program, one ID one vote. Once verified to be the correct person you are then given a random voter ID number to mark your vote with, this can then be used to verify your vote was recorded truly with a vote tallied database. Also so there are no mix ups like Florida every state should use the same form which will be provided by the US Bureau of Engraving and Printing.
Why do people really expect Democrats to care about security? Just look at how they feel about the security of this great nation.
DHS has already been hacked if I recall. The gubmint needs to push the Russian hack meme as a means to gangsterize Trump and discredit the content of the hacks. Prog trolls are selling this on every corner. Given their apparent the Combettas of this world and the masses of asses approach to software development (See Infosys) I’d guess that they are overmatched.
yeah – NO!
1. Back to paper ballots
2. Voter ID
3. Of ALL the outfits unqualified to manage voting – DHS is probably #1 on the list. They’ve done such a great job with the TSA.
The DHS would probably set up quotas for illegal alien voters.
Sure, DHS has got this.
http://www.computerworld.com/article/3030983/security/hackers-breach-doj-dump-details-of-9-000-dhs-employees-plan-to-leak-20-000-from-fbi.html
Jeh Johnson: Hello, I’m from the government and I’m here to help.
This is a string of misdirections.
They’ve only been “targeting” 21 states. That hardly makes it OK. If the 21 include, say, California, Texas, Florida, New York, New Jersey, Pennsylvania, Illinois, Michigan … then it hardly matters if the list doesn’t include pipsqueaks like Delaware, Montana, Vermont, Maine, Wyoming, Rhode Island, or South Dakota. They’ll have the Electoral College sewn up, with plenty of votes to spare.
A successful break-in is undetectable. The intrusions which left a trail may have broken in, but they were the clumsy ones. Any damage they can do can usually be corrected, via backups if nothing more clever is available. Government keeps lots of backups. Well, not Hillary, but the rest of government. The undetected intrusions won’t get corrected.
There’s little reason to assume the Russian angle is anything but bogus. They’re trying to smear Trump, implying that he’s some sort of unwitting Russian agent. But if the Russians are interested, they’d want Hillary, not Trump, especially if some Russian government agency had made “contributions” to the Clinton Foundation Slush Fund; they’d want Hillary in office just so they’d get something back for their money (assuming they haven’t already gotten it). In any case I’d bet that Russian “state actor” intrusions are some of the ones they don’t detect.
The whole deal with tracing servers to Russia is meaningless, and so elementary that I seriously doubt that these people believe it themselves; they’re conning the press, and of course us. The first web sites I set up were via a hosting company in India. The servers that company used were at a large and well-known data center in Texas. Of course I was nowhere near either place, but so what? The electrons do all the traveling, not me. People often set up web sites with hosting companies outside of the US so that they won’t be harassed by U.S. law when a poster on a forum puts up something which might be copyrighted, or a photo of a person they can’t prove is over 18; but it rarely works, because where ever the hosting company is located, most of the big commercial server farms are in the United States, and that’s where your web site files are likely to end up, even if you live in Hungary and your hosting firm is in Finland. So American law enforcement can pounce at its convenience. But that explains the popularity of servers physically located in Russia; no FBI raids.
I doubt these attacks are coming from overseas. The most likely candidates are Democrats—the home-town component of “enemies foreign and domestic”. If they can control a significant chunk of the voter registration lists, then there’s little chance of avoiding, or even detecting, voter fraud. If they can also control census databases, their position becomes even stronger, as cross-correlation of the two is probably the best and fastest way to automate fraud detection. The only thing better would be control of the voting machines; then they don’t have to fiddle with the databases. I’m sure they’re working on it.
The idea that any type of “federal help” can secure these systems, at the 11th hour, is preposterous. Security is something that must be designed into systems from the very beginning. It drives the architecture of the system, the way it is coded and the processes for testing, documenting, deploying, and managing the system. It defines the hardware and network architectures, and the way the data centers are built and managed. Some federal jerkoff throwing money at it with 45 days to go is nothing but a stupid joke. Kinda like the rest of our government.
While it is possible that voter rolls may have been targeted or even acquired which for the purpose of the election at best absentee ballots could be requested. I doubt that the actual general election is in jeopardy. Polling locations and machines to my previous possibly dated knowledge are not online and therefore cannot be remotely compromised. It would take physical access to the polling machines to compromise the election day tally.
Not claiming ANY expertise here, but….
A Jeep’s braking system is not “on line” either. Yet they can be remotely hacked. Same with “fly-by-wire” systems in modern aircraft, IIRC.
If a device is wireless it is online, the fact that you must be in range to be online with the device does not change that fact. There is no reason at this time for me to believe that the polling stations are anything but standalone stations.
I have massive doubts about any report from the DHS. Who are these nefarious hackers? Is it some teenager just fooling around to see what he can see? Is it some foreign person that is just trying to expose the carefully hidden shameful truth like Assange? Is it someone in our own government snooping on people just because they are paid to? Could they tell us more or are they just trying to raise a false alarm?