Security Vulnerabilities identified in Washington, Georgia, and North Carolina’s voting systems

Security gaps have been identified in both Washington State’s and North Carolina’s voter registration systems. Spotted by cybersecurity experts, these vulnerabilities could potentially be exploited to interfere with citizens’ eligibility to cast ballots in last week’s elections. Fortunately, it seems like that hasn’t happened.

Officials in both Washington and North Carolina expressed confidence they would spot any widespread tampering with voter registration records.

According to The Seattle Times, “cyber experts said Washington appears to have failed to plug all the holes after the U.S. Department of Homeland Security warned last year that Russian cyber operatives had downloaded voter records from Illinois’ database in advance of the 2016 presidential election and attempted to do so in 20 other states.”

Washington Secretary of State Kim Whyman assures voters systems are secure

Washington Secretary of State Kim Whyman was keen to stress that the Washington electoral infrastructure is secure. In a statement on her website, she said “voters can rest assured that Washington’s election system is secure.”

It was only in May that the Senate Intelligence Committee alleged that in “a small number of states,” cyberattackers affiliated with the Russian government “were in a position to” alter or delete voter registration information during the 2016 election. As part of that report, the Committee urged “federal grant funds to improve cybersecurity by hiring additional Information Technology staff, updating software, and contracting vendors to provide cybersecurity services.”

However, cybersecurity experts have been quick to pick up on vulnerabilities that still haven’t been tackled.

Susan Greenhalgh, policy director for the National Election Defense Coalition, said “the gaping vulnerability found in Georgia should be sending shock waves, not just in the Georgia Secretary of State’s office, but in all the other states that are using the same technology. The vendor left a door wide open that allows an attacker, anywhere in the world, to execute a voter suppression operation using election technology.”

The vendor who installed Georgia’s computer programming has been identified as PCC Technologies, at the time a Connecticut-based firm. Cyber experts examined four states’ registration sites for McClatchy, including North Carolina and Washington, because PCC had listed them alongside 15 other states for whom it had performed work.

Officials in both Washington and North Carolina said PCC did not program their voter registration databases, but the cyber experts said they still could see vulnerabilities.

According to The Seattle times, “[cybersecurity experts] said hackers could get around authentication requirements in the voter registration system for Washington’s statewide vote-by-mail operation.” This would mean that “if data were deleted, the affected voters would not be mailed ballots, creating significant challenges, especially if the voter failed to act before Election Day.”

Georgia’s online registration system is out of date, cybersecurity expert claims

Harri Hursti, a New York-based cybersecurity expert who monitored Georgia’s election on Tuesday, said the design of its online registration system was acceptable 15 years ago. But today, he said, it would violate “every single manual” because it exposes “critical information” to any viewer.

Erich Ebel, a spokesperson for Kim Wyman, said “the state has a very robust election security protocol, both physical and electronic. Our firewalls are state-of-the-art, and we have a number of other measures in place to identify, block and report suspicious activity”.

“Bernhard and a prominent cyber expert who evaluated Washington’s security on condition of anonymity said there’s still a way for a bad actor to manipulate the system.”, according to Seattle Times.

A group of computer geeks created a website named Highprogrammer.com, which can easily obtain driver’s licenses for residents of Washington and a number of other states to show how easily systems can be breached.

Patrick Gannon, a spokesman for North Carolina’s elections board, also acknowledged that a North Carolina law makes state’s voter registration data widely available. This includes personal information such as ages and addresses and could allow anyone to pluck names off the list, fill out a form and mail fake address changes to state or county officials.



*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Savia Lobo. Read the original post at: https://hub.packtpub.com/security-vulnerabilities-identified-in-washington-georgia-and-north-carolinas-voting-systems/