U.S. election systems are increasingly at risk for cyber attacks ahead of the November midterms as Russia continues information operations to sow political division, according to cyber firm FireEye Inc.
State and local election infrastructure is becoming a more popular target for hackers, particularly state-sponsored cyber espionage actors, the Milpitas, California-based company said in a report Thursday, outlining risks to voter registration, polling places and ballot submission systems.
Although the U.S. primary season is well underway, FireEye said it hasn’t observed attacks against election infrastructure as of March. But following Russian meddling in the 2016 elections, “malicious actors and nation states likely already have an understanding of the flaws in the U.S. elections infrastructure and will seek to exploit opportunities where they can,” the report said.
As more states place their voter registration processes online, their websites become targets for cyber attackers. “Aggressive campaigns” to disrupt electoral process could use tools like ransomware and distributed denial-of-service attacks to destabilize state and local computer networks and mimic cyber crime activity, the report said.
The Department of Homeland Security has said Russia targeted 21 states’ voter registration systems, but only Illinois has indicated publicly that some of its voter data was stolen. In its report, FireEye says hackers used three penetration testing tools to gain access to 200,000 voter records in Illinois. While the state said no data was altered, “it is possible that the actors had the ability to modify or delete data,” the report said.
The U.S. uses 57 different types of voting machines that FireEye says have flaws, including machines being particularly vulnerable to malware introduced through removable hardware.
Cyber actors deploying information operation campaigns may “target or mimic state and local officials’ social media accounts directly to sow fear and mistrust,” the report said. In addition, FireEye regularly sees data from state election systems for sale in the “underground” web, according to John Hultquist, FireEye’s director of intelligence analysis.
Homeland Security is working with a growing number of state election officials to install “Albert sensors,” which detect traffic coming into and out of a computer network. But those sensors have critical limitations. While they funnel suspicious information to a federal-state information-sharing center, they can’t actually block attacks, they’re not deployed to most of the 9,000 local jurisdictions where votes are actually cast and sophisticated hackers can sneak past the sensors undetected.
With a slew of primary elections scheduled for June, Russian hackers are weighing their next moves, according to FireEye Chief Executive Officer Kevin Mandia. There’s probably a group in the country that thinks the 2016 election targeting “was great” and another group that doesn’t agree, Mandia said at the report’s release in Washington.
One challenge facing both hackers and the federal government in its efforts to stop them: the midterms are more decentralized, with state and local campaigns versus the one national presidential election in 2016, FireEye analysts say.
“There’s a moment of uncertainty of what they’re going to do next,” Mandia said, referring to Russia. “They’re probably still sorting what their cyber campaign’s goals are.”
Though the company hasn’t noted Russian hacking or leaks related to the upcoming elections, it was around this time two years ago that Russian hackers ramped up their activity targeting the 2016 president elections, Lee Foster, manager of information operations analysis at FireEye, said. He noted ongoing “trolling” efforts to foster discord, an effort that will likely increase in the coming months.
“There’s still plenty of time for this to occur,” Foster said.