Experts warn of dangers from breach of voter system software

Aug 28, 2021, 5:31 AM | Updated: Sep 1, 2021, 6:04 pm
FILE - In this Jan. 4, 2021, file photo a worker passes a Dominion Voting ballot scanner while sett...

FILE - In this Jan. 4, 2021, file photo a worker passes a Dominion Voting ballot scanner while setting up a polling location at an elementary school in Gwinnett County, Ga., outside of Atlanta. Republican efforts to question the results of the 2020 election have led to two significant breaches of voting software that have alarmed election security experts who say they have increased the risk to elections in jurisdictions that use the equipment. (AP Photo/Ben Gray, File)

(AP Photo/Ben Gray, File)

ATLANTA (AP) — Republican efforts questioning the outcome of the 2020 presidential race have led to voting system breaches that election security experts say pose a heightened risk to future elections.

Copies of the Dominion Voting Systems software used to manage elections — from designing ballots to configuring voting machines and tallying results — were distributed at an event this month in South Dakota organized by MyPillow CEO Mike Lindell, an ally of former President Donald Trump who has made unsubstantiated claims about last year’s election.

“It’s a game-changer in that the environment we have talked about existing now is a reality,” said Matt Masterson, a former top election security official in the Trump administration. “We told election officials, essentially, that you should assume this information is already out there. Now we know it is, and we don’t know what they are going to do with it.”

The software copies came from voting equipment in Mesa County, Colorado, and Antrim County, Michigan, where Trump allies had sue unsuccessfully challenging the results from last fall.

The Dominion software is used in some 30 states, including counties in California, Georgia and Michigan.

Election security pioneer Harri Hursti was at the South Dakota event and said he and other researchers in attendance were provided three separate copies of election management systems that run on the Dominion software. The data indicated they were from Antrim and Mesa counties. While it’s not clear how the copies came to be released at the event, they were posted online and made available for public download.

The release gives hackers a “practice environment” to probe for vulnerabilities they could exploit and a road map to avoid defenses, Hursti said. All the hackers would need is physical access to the systems because they are not supposed to be connected to the internet.

“The door is now wide open,” Hursti said. “The only question is, how do you sneak in the door?”

A Dominion representative declined comment, citing an investigation.

U.S. election technology is dominated by just three vendors comprising 90% of the market, meaning election officials cannot easily swap out their existing technology. Release of the software copies essentially provides a blueprint for those trying to interfere with how elections are run. They could sabotage the system, alter the ballot design or even try to change results, said election technology expert Kevin Skoglund.

“This disclosure increases both the likelihood that something happens and the impact of what would happen if it does,” he said.

The effort by Republicans to examine voting equipment began soon after the November presidential election as Trump challenged the results and blamed his loss on widespread fraud, even though there has been no evidence of it.

Judges appointed by both Democrats and Republicans, election officials of both parties and Trump’s own attorney general have dismissed the claims. A coalition of federal and state election officials called the 2020 election the “most secure” in U.S. history, and post-election audits across the country found no significant anomalies.

In Antrim County, a judge had allowed a forensic exam of voting equipment after a brief mix-up of election results led to a suit alleging fraud. It was dismissed in May. Hursti said the date on the software release matches the date of the forensic exam.

Calls seeking information from Antrim County’s clerk and the local prosecutor’s office were not immediately returned; a call to the judge’s office was referred to the county clerk. The Michigan secretary of state’s office declined comment.

In Colorado, federal, state and local authorities are investigating whether Mesa County elections staff might have provided unauthorized individuals access to their systems. The county elections clerk, Tina Peters, appeared onstage with Lindell in South Dakota and told the crowd her office was being targeted by Democrats in the state.

Colorado Secretary of State Jena Griswold said she alerted federal election security officials of the breach and was told it was not viewed as a “significant heightening of the election risk landscape at this point.” This past week, Mesa County commissioners voted to replace voting equipment that Griswold had ordered could no longer be used.

Geoff Hale, who leads the election security effort at the U.S. Cybersecurity and Infrastructure Security Agency, said his agency has always operated on the assumption that system vulnerabilities are known by malicious actors. Election officials are focused instead on ways they can reduce risk, such as using ballots with a paper record that can be verified by the voter and rigorous post-election audits, Hale said.

He said having Dominion’s software exposed publicly doesn’t change the agency’s guidance.

Security researcher Jack Cable said he assumes U.S. adversaries already had access to the software. He said he is more concerned the release would fan distrust among the growing number of people not inclined to believe in the security of U.S elections.

“It is a concern that people, in the pursuit of trying to show the system is insecure, are actually making it more insecure,” said Cable, who recently joined a cybersecurity firm run by former CISA Director Christopher Krebs and former Facebook security chief Alex Stamos.

Concerns over access to voting machines and software first surfaced this year in Arizona, where the Republican-controlled state Senate hired Cyber Ninjas, a firm with no previous election experience, to audit the Maricopa County election. The firm’s chief executive also had tweeted support of conspiracy theories surrounding last year’s election.

After the county’s Dominion voting systems were turned over to the firm, Arizona’s top election official said they could not be used again. The GOP-controlled Maricopa County Board of Supervisors voted in July to replace them.

Dominion has filed suits contesting various unfounded claims about its systems. In May, it called giving Cyber Ninjas access to its code “reckless,” given the firm’s bias, and said it would cause “irreparable damage” to election security.

Election technology and security expert Ryan Macias, in Arizona earlier this year to observe that review, was alarmed by a lack of cybersecurity protocols. There was no information about who was given access, whether those people had passed background checks or were asked to sign nondisclosure agreements.

Cyber Ninjas did not respond to an email with questions about the review and their security protocols.

Macias was not surprised to hear that copies of Antrim County’s election management system had surfaced online given the questionable motives of the various groups conducting the reviews and the central role that voting systems have played in conspiracy theories.

“This is what I anticipated would happen, and I anticipate it will happen yet again coming out of Arizona,” Macias said. “These actors have no liability and no rules of engagement.”

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Associated Press

Poisonous bite leads German police to farm with 110 snakes

BERLIN (AP) — Police in Germany said Sunday they discovered more than 110 dangerous snakes on a farm after a woman who lived there sought medical treatment for a poisonous bite. The 35-year-old woman drove to a hospital in Salzgitter, near Hannover, early Sunday and told doctors there that one of her rattlesnakes bit her […]
14 hours ago
Associated Press

Average US gasoline price drops 4 cents to $5.05 per gallon

CAMARILLO, Calif. (AP) — The average U.S. price of regular-grade gasoline fell by 4 cents per gallon in the past two weeks to $5.05 for regular grade, it was reported Sunday. It was the first drop in nine weeks and came with a drop in oil prices amid deepening global inflation fears, industry analyst Trilby […]
14 hours ago
Associated Press

Newspaper: Oklahoma gun deaths rose as firearms access grew

OKLAHOMA CITY (AP) — Gun deaths in Oklahoma have increased since a “permitless carry” law allowing people over the age of 21 to carry a gun without a permit or training went into effect in 2019, according to a newspaper’s review of data. The Oklahoman analyzed state medical examiner data and found that Oklahoma has […]
14 hours ago
FILE - Bosnian Serb member of the tripartite Presidency of Bosnia Milorad Dodik watches military ex...
Associated Press

Bosnian Serb leader prays for Trump’s return, praises Putin

SARAJEVO, Bosnia-Herzegovina (AP) — The leader of Bosnia’s Serbs said Sunday he hoped former U.S. President Donald Trump would return to power and that the Serbs would “wait for appropriate global circumstances” to reach for their goal of seceding from Bosnia, which he called an “unsustainable state.” Milorad Dodik, who was a rare European official […]
14 hours ago
FILE - Wallace Reid purchases fuel for the vehicle he drives to make a living using ride-share apps...
Associated Press

Greedflation: Is price-gouging helping fuel high inflation?

Most economists say corporate price gouging is, at most, one of many causes of runaway inflation — and not the primary one.
14 hours ago
Associated Press

Kenzo designer dazzles Paris with color, preppy styles

PARIS (AP) — Kenzo’s designer, Nigo, found his groove for his sophomore collection at the LVMH-owned house, drawing vibrant parallels with house founder Kenzo Takada. Nigo has made history as the first Japanese designer to front the house since Takada, who died in 2020. But beyond the fashion, Nigo — who has made high profile […]
14 hours ago

Sponsored Articles

...
Carla Berg, MHS, Deputy Director, Public Health Services, Arizona Department of Health Services

Vaccines are safe if you are pregnant or breastfeeding

Are you pregnant? Do you have a friend or loved one who’s expecting?
...
Day & Night Air

Tips to lower your energy bill in the Arizona heat

Does your summer electric bill make you groan? Are you looking for effective ways to reduce your bill?
...
Christina O’Haver

BE FAST to spot a stroke

Every 40 seconds—that’s how often someone has a stroke in the United States. It’s the fifth leading cause of death among Americans, with someone dying of a stroke every 3.5 minutes.
Experts warn of dangers from breach of voter system software