DHS: 21 States Targeted By Hackers Ahead of the US Presidential Election

A comprehensive tally is in, and US election systems in 21 states were targeted by Russian actors ahead of the 2016 presidential election, according to the US Department of Homeland Security (DHS).

Election officials in Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Florida, Illinois, Iowa, Maryland, Minnesota, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Texas, Virginia, Washington and Wisconsin were all notified on Friday, according to The Associated Press—a year after the activity was identified.

The hacking efforts were mostly preliminary, the AP reported, involving things like testing for weak links in voter registration systems and the like. Actual compromises were few, although in at least two places, Arizona and Illinois, systems were breached. These incidents were reported last year.

Nonetheless, the states were concerned about the lack of communication.

"It is completely unacceptable that it has taken DHS over a year to inform our office of Russian scanning of our systems, despite our repeated requests for information," California Secretary of State Alex Padilla, a Democrat, said in a statement to the AP. "The practice of withholding critical information from elections officials is a detriment to the security of our elections and our democracy."

"While I understand that DHS detects thousands of attempted cyberattacks daily, I expect the top election officials of each state to be made aware of all such attempted intrusions, successful or not, so that they can strengthen their defenses—just as any homeowner would expect the alarm company to inform them of all break-in attempts, even if the burglar doesn't actually get inside the house," Alaska Elections Division Director Josie Bahnke told the outlet, adding that Russian actors were scanning the state's election systems searching for vulnerabilities.

DHS seemed moderately contrite. "We are working with them to refine our processes for sharing this information while protecting the integrity of investigations and the confidentiality of system owners," DHS said in a statement obtained by the AP.

Nathan Wenzler, chief security strategist at AsTech, said that a deeper response is needed.

 “Open communication and notification is one of the most important defensive measures we have in the security community, and time after time we see organizations absolutely fail in this regard,” he said via email. “These attackers move quickly and will wait for no one in their attempts to compromise systems, steal data or perform other cyberattacks. If we are not moving just as fast in detecting and responding to these incidents, we're going to be left being in the wake of more data breaches and compromises of critical systems we typically consider to be secure. DHS needs to do far better in this regard to give election agencies, along with any other government entity, a fighting chance to be prepared against the ever-growing threat of cyberattacks.”

The information comes as a special counsel under former FBI Director Bob Mueller continues to investigate possible collusion of the Trump campaign with Russia during the 2016 presidential campaign.

Public details are few when it comes to which systems were targeted, but “there are two likely places of security failure in this attack,” said Isabelle Dumont, vice president at Lacework, a Mountain View, Calif. based provider of cloud security solutions, via email. “First, unusual activity might have been detected by the security solutions deployed but these incidents were lost in thousands of other alerts. Second, security staff might have seen the alerts, tried to investigate them but did not have the right data at hand. This chain of failure is way too common in most organizations and highlights shortcomings in today’s security solutions: too much data but not enough of the right one.”

Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit https://www.infosecurity-magazine.com/conferences/infosecurity-north-america/


What’s Hot on Infosecurity Magazine?