Local voting systems are highly vulnerable to ransomware attempts
We're less than a week away from the 2020 U.S. election, and there has been news of a ransomware attack in northern Georgia. The attack hit a network that supports the Hall County government infrastructure and includes election and telephone systems. It was the first time that systems were brought down, although it wasn’t the first time election systems have been targeted by ransomware.
The attack happened earlier in October and was reported in this series of notices by the county. The affected systems included the voter signature database and various geographic data including precinct maps, according to the local newspaper account. The county is about an hour’s drive north of Atlanta. Despite systems taken offline, voting and registration continued without any interruption of service. Georgia is one of the “universal” mail-in voting states.
According to the U.S. Elections Project, almost 3 million voters, or more than 40% of those registered, have already voted. Hall County is a bit ahead of the rest of the state, with 47% of registered voters already sending in their ballots. According to county officials, they have enlisted the aid of a third-party security firm to recover these systems.
“Georgia is kind of a petri dish,” says Alex Halderman, who is a professor of computer science at the University of Michigan. Halderman has studied election technology for many years and was quoted in a recent NPR piece on the chaos that has happened there. “I am worried that the Georgia system is the technical equivalent to the 737 MAX.”
Georgia’s voting systems have other issues, according to anew investigation by the Atlanta Journal-Constitution newspaper. Part of the problem is the state’s electronic voting machines, which were purchased last year to replace older equipment that didn’t have paper backups. The new machines were first used in the statewide primary race in June,which had major voting problems with long lines of voters at the polls. To make matters worse, the new machines received updated firmware in mid-October. The updates were distributed on thumb drives, which could be compromised before they would be used on the various voting machines.