Security News

A final 2020 U.S. election security update

David Strom, 28 October 2020

Local voting systems are highly vulnerable to ransomware attempts

We're less than a week away from the 2020 U.S. election, and there has been news of a ransomware attack in northern Georgia. The attack hit a network that supports the Hall County government infrastructure and includes election and telephone systems. It was the first time that systems were brought down, although it wasn’t the first time election systems have been targeted by ransomware.

The attack happened earlier in October and was reported in this series of notices by the county. The affected systems included the voter signature database and various geographic data including precinct maps, according to the local newspaper account. The county is about an hour’s drive north of Atlanta. Despite systems taken offline, voting and registration continued without any interruption of service. Georgia is one of the “universal” mail-in voting states.


Further reading:
An elections security progress report: Black Hat edition
Election hacking: A September update
October election update: Hacking and suppressing the vote


According to the U.S. Elections Project, almost 3 million voters, or more than 40% of those registered, have already voted. Hall County is a bit ahead of the rest of the state, with 47% of registered voters already sending in their ballots. According to county officials, they have enlisted the aid of a third-party security firm to recover these systems.

“Georgia is kind of a petri dish,” says Alex Halderman, who is a professor of computer science at the University of Michigan. Halderman has studied election technology for many years and was quoted in a recent NPR piece on the chaos that has happened there. “I am worried that the Georgia system is the technical equivalent to the 737 MAX.”

Georgia’s voting systems have other issues, according to a new investigation by the Atlanta Journal-Constitution newspaper. Part of the problem is the state’s electronic voting machines, which were purchased last year to replace older equipment that didn’t have paper backups. The new machines were first used in the statewide primary race in June, which had major voting problems with long lines of voters at the polls. To make matters worse, the new machines received updated firmware in mid-October. The updates were distributed on thumb drives, which could be compromised before they would be used on the various voting machines.

As I mentioned, there have been at least two other ransomware efforts discovered in September, although both have been thwarted, in Louisiana and in Washington State. The former was helped through the efforts of the National Guard cyber team who found hacking tools that have North Korean origins. The tools include Emotet (which we wrote about in a previous blog post here), along with a remote access Trojan called KimJongRat which has been widely published – so widely distributed that its attribution is nearly impossible.

The Washington attack was a large-scale phishing attempt aimed at several state agency networks and not specific to the elections computers. It also used Emotet along with Trickbot (we wrote the latter about here). No systems were brought down in either attack.