Mail-in ballots during COVID crisis necessary, but with risk…

lead centered=”no”Noted election security researcher Harri Hursti says mail-in voting is likely the only option for a safe, secure US presidential election, but voter and election worker training needed./lead

One of the foremost topics facing the nation, the security of the 2020 presidential election, has been obscured by the COVID-19 pandemic. Cybersecurity company Grimm brought the topic to the forefront during its virtual GRIMMcon event held April 14 by inviting noted election security specialist, hacker and researcher Harri Hursti to offer his take on the state of US election security.

HBO’s documentary on the weakness of the US election system called Kill Chain, which premiered in late-2019, follows Hursti as he travels the world and across the US exposing voting insecurities. CSO caught up with Hursti after his GRIMMcon talk to discuss the state of US election security, the feasibility of mass mail-in voting during the COVID-19 pandemic, and whether new voting machine standards under development by a revived Election Assistance Commission could make a difference in election security.

Hursti says that despite years of warning and repeated demonstrations of the insecurity of voting systems, “a lot of the infrastructure in the United States has not even been updated since 2002. Nothing has changed since the Help America Vote Act of 2002. The majority of systems are running 2004, 2005 deployments. The vast majority of systems are old and have not been updated.”

This article appeared in CSO Online. To read the rest of the article please visit here.


2016 election hacking in Florida: Russian emails, hidden tracks

lead centered=”no”
The Mueller Report says the Russians planted malware on at least one Florida county system, and Florida’s governor announces that two counties were hacked in 2016. Experts believe the problem could be bigger.

Since early April when Special Counsel Robert Mueller’s redacted report on the investigation into Russian interference in the 2016 presidential election was released, a storm of confusion and controversy has raged over what happened in Florida during that election. A cryptic passage in the Mueller report outlines how Unit 74455 of Russia’s military intelligence arm GRU sent “spear-phishing emails to public officials involved in election administration and personnel involved in voting technology.”

The Mueller report states that in August 2016, the GRU targeted employees of a voting technology company that “developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.” The voting technology vendor’s name was redacted in the report.

According to the Mueller report, an FBI investigation revealed that in November 2016 the GRU “sent spear-phishing emails to over 120 email accounts used by Florida county officials responsible for administering the 2016 U.S. election” and malware embedded in Word documents in those emails enabled the GRU to gain access to “at least one Florida county government.”

This article appeared in CSO Online. To read the rest of the article please visit here.