Scope of US Election Hack Revealed
The hacking of the 2016 United States Presidential Election, as well as the hack of the Democratic servers has been a contentious topic. The US government has made allegations against Russia and its state-funded hacker groups. In response to the hack, sanctions were leveled against Russia by the United States, including the shutdown of their embassies. Originally the depth and reach of the hackers was not released by the government, but that has changed.
In a statement, the Department of Homeland Security revealed that 21 states had an attempted hacking, and 39 in total showed “suspicious or unusual” activity during the time of the elections. Illinois and Arizona are the only two states confirmed by the FBI to have actually been infiltrated by the Russians, while several other states were scanned or probed. Part of the issue is that each state is responsible for its own security, leading to a large decentralized mass of frameworks and protocols that investigators have to sort through.
Part of the issue is that information only flows one way, upwards. Local voting areas report to the State, which reports to the Federal government but not the other way around. Counties may remain entirely unaware of a threat or attempted hack that is targeting the next county over. This applies at the State level as well, meaning that there are no coordinated responses to widespread attacks. Ken Menzel, Illinois’ General Counsel said that probes and scans are not unusual, and they have been going on for years during the elections. There have been attempts in the past to breach voter databases, but none have been successful or on this wide of a scale.
There has been a push at the state level for there to be a unification of voting methods, but some fear that this would be detrimental. The mixed use of systems, ranging from electronic to punch cards, means that it is practically impossible to target all of them at once. A unified electronic system would mean that a successful hack would grant access to all 50 states all at once. However, the unification of their resources would mean that the states would be far safer from attack in general. According to reports and requests at the state level, federal agencies have been unwilling to share specific information about the attacks that occurred.
Federal agencies have been going so far as to only provide generic guidance and information about how to deal with hacking. There have been no frameworks or security patches provided. States are trying to overhaul their weakened security systems on their own, without the guidance of federal cyber agencies.
In Florida, VR Systems was the target of a spearphishing scam that saw hundreds of emails sent to their employees as well as their clients. This includes US officials, many of whom opened the emails according to VR Systems. These emails were then used as jumping off point for the attempted infiltration of several Florida counties, all which were reported to be unsuccessful.
The Electronic Privacy Information Center requested a publication of the entire report on the 2016 hacks via the Freedom of Information Act, citing the pressing need for the American people to have a clear picture of what occurred.
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.