Loading...

Attacks from Within Seen as a Growing Threat to Elections

February 25, 2022by By CHRISTINA A. CASSIDY Associated Press
Attacks from Within Seen as a Growing Threat to Elections
Colorado Secretary of State Jena Griswold speaks during a news conference in downtown Denver. Election officials preparing for this year’s midterms have yet another security concern to add to an already long list that includes disinformation, death threats, ransomware or a cyberattack waged by a hostile foreign government. (AP Photo/David Zalubowski, File)

Election officials preparing for this year’s midterms have yet another security concern to add to an already long list that includes death threats, disinformation, ransomware and cyberattacks — threats from within.

In a handful of states, authorities are investigating whether local officials directed or aided in suspected security breaches at their own election offices. At least some have expressed doubt about the 2020 presidential election, and information gleaned from the breaches has surfaced in conspiracy theories pushed by allies of former President Donald Trump.

Adding to the concern is a wave of candidates for state and local election offices this year who parrot Trump’s false claims about his loss to Democrat Joe Biden.

“Putting them in positions of authority over elections is akin to putting arsonists in charge of a fire department,” said Secretary of State Jocelyn Benson, a Democrat and former law school dean who serves as Michigan’s top elections official.

Experts say insider threats have always been a concern. But previously, the focus was mostly on what a volunteer poll worker or part-time employee could do to a polling place or county system, said Ryan Macias, who advises officials at the federal, state and local levels on election security. Now the potential harm extends to the very foundation of democracy — conducting fair elections.

“Since 2020, the coordinated efforts to have threat actors run for office, apply to be election officials and volunteer as a poll worker or observer should be treated as national security concerns,” Macias said. 

The potential risks posed by insider attacks run from granting unauthorized access to sensitive information to planting malware within election systems. 

While insider threats are the hardest to guard against, Macias said measures are in place to recover from an attack. Most of the country relies on paper ballots filled out by hand or with the use of a voting machine, so there should be a paper record of each ballot cast. In addition, post-election checks are designed to identify potential manipulation or discrepancies in the vote.

This year, voters in 25 states will elect their state’s chief election official, and several races feature candidates who dispute the outcome of the 2020 presidential contest despite no evidence of widespread fraud or a coordinated scheme to steal the election. 

Some voters also will decide who will run their local elections as the next county clerk. It’s these local election offices that have experienced security breaches.

In Mesa County, Colorado, authorities are investigating whether unauthorized people were granted access to county voting equipment. State officials began investigating after the county’s voting system passwords appeared on a conservative website. Because each county has unique passwords maintained by the state, officials identified them as belonging to Mesa County, where Trump won nearly 63% of the vote. 

Clerk Tina Peters — a Republican elected in 2018 — then appeared at a “cybersymposium” hosted by Trump ally Mike Lindell, the MyPillow CEO who has sought to prove that voting systems were somehow manipulated to favor Democrats.

At that event a copy of Mesa County’s election management system — which is used for designing ballots, configuring voting machines and tallying results — was distributed. Experts have described the unauthorized release as serious, potentially providing a “practice environment” to probe for vulnerabilities.

Peters, in an interview, said she made the copy of a county voting system hard drive to preserve “the evidence of how you get to the result of an election, who came in, who made changes, who did what.” She denied knowledge of how a copy came to be distributed at the Lindell event and would not say who was with her when the copy was made.

“I didn’t go in to try to address some conspiracy theory,” Peters told The Associated Press. “It’s just my responsibility to protect, and solely my responsibility to protect election records.”

A grand jury in Mesa County is reviewing the case. Meanwhile, Peters has announced plans to run for secretary of state, overseeing elections for Colorado.

Elsewhere in Colorado, state officials are investigating after the election clerk in Elbert County, southeast of Denver, indicated he made two copies of a voting system hard drive last summer. 

An attorney for Dallas Schroeder said in a written response to the state that Schroeder believes he had a “statutory duty to preserve election records” and was concerned that a visit by state officials to prepare for the 2021 elections “might erase or alter electronic records of the November 2020 election.” 

There has been no indication of widespread fraud or other major irregularities following the 2020 election in Colorado or elsewhere. 

In Ohio, federal and state authorities are investigating after network data purportedly from the Lake County Board of Elections in suburban Cleveland was made available online along with other data by people seeking to show the 2020 election was somehow manipulated. 

A state analysis determined the data wasn’t from the Board of Elections at all, but rather a network that runs other county business. Secretary of State Frank LaRose, a former Republican state lawmaker who serves as Ohio’s chief election official, said it showed only “innocuous traffic,” such as between a county computer and a printer, but was used to suggest something nefarious.

“They grabbed that and they said, ‘Oh, look, here’s evidence,'” LaRose said. “It was evidence of nothing, and they were nowhere close to the Board of Elections.”

In Michigan, the secretary of state’s office recently announced a potential security breach at an election office in Roscommon County, in the rural northern part of the state, where someone is suspected of gaining unauthorized access to voting systems. State authorities are investigating.

Experts said these types of security breaches have so far been few and most election officials are experienced, neutral professionals who follow the rules and want no part of conspiracy theories. 

But, they said, any official found to be undermining elections and breaking the law must be held accountable. No charges have been brought so far in any of the breaches being investigated in Colorado, Ohio and Michigan.

“One of the keys to combatting insider threats is that there are consequences, and we haven’t seen that yet,” said Matt Masterson, a former top election security official during the Trump administration. 

In advance of this year’s midterm elections, federal officials who oversee election security say they have conducted training with officials on ways they can limit access to voting systems to reduce the chances of an insider threat.

In Ohio, state election officials credited additional cybersecurity measures put in place in 2019 with preventing the attempted breach in Lake County, which Trump won in 2016 and 2020. A state order required that election-related systems be separated from county networks to better protect them. 

In Michigan, Benson said her office is “keeping a close eye — closer than ever before” on local election officials and is prepared to stop anyone who tries to jeopardize election security. 

In Colorado, Secretary of State Jena Griswold recently announced a set of temporary rules she said were designed to address “emerging security risks,” specifically citing the cases in Mesa and Elbert counties. 

The new rules reduce the number of county employees with access to the election management system and require that they be identified in the county’s security plan filed with the state. Proof of background checks must be provided to the state for anyone present as voting systems are prepared for an election.

“Undoubtedly, we will see more insider threats to come,” said Griswold, a Democrat. “States have to prepare themselves.”

___

Associated Press writers Julie Carr Smyth in Columbus, Ohio, and David Eggert in Lansing, Michigan, contributed to this report.

In The News

U.S. Senate
Political News
Political News

Health

Voting

In The States

September 27, 2022
by Madeline Hughes
DC Considers Wide-Ranging Anti-Discrimination Data Law

WASHINGTON — D.C. Councilman Robert White heard nearly seven hours of wide-ranging testimony about the proposed Stop Discrimination by Algorithms... Read More

WASHINGTON — D.C. Councilman Robert White heard nearly seven hours of wide-ranging testimony about the proposed Stop Discrimination by Algorithms Act last week. The proposed law would prohibit a wide range of businesses across the district from using algorithms to make decisions based on protected personal... Read More

Hurricane Ian Strikes Cuba, Florida Braces for Cat 4 Damage

HAVANA (AP) — Hurricane Ian tore into western Cuba on Tuesday as a major hurricane, with nothing to stop it... Read More

HAVANA (AP) — Hurricane Ian tore into western Cuba on Tuesday as a major hurricane, with nothing to stop it from intensifying into a catastrophic Category 4 storm before it hits Florida on Wednesday. Ian made landfall at 4:30 a.m. EDT Tuesday in Cuba’s Pinar del Rio province,... Read More

September 26, 2022
by Dan McCue
Newsom Signs California Community Solar Act Into Law

SACRAMENTO, Calif. — California Gov. Gavin Newsom last week signed into a law a new program intended to help low-income... Read More

SACRAMENTO, Calif. — California Gov. Gavin Newsom last week signed into a law a new program intended to help low-income communities reap the benefits of solar power. It has been estimated that nearly half of Californians who rent or have low or modest incomes do not... Read More

September 26, 2022
by Dan McCue
Renewables Firm Closes Financing on 105 MW Montana PV Project

BOISE, Idaho — Renewable Energy developer Clēnera, a subsidiary of Enlight Renewable Energy, has closed a construction and tax equity... Read More

BOISE, Idaho — Renewable Energy developer Clēnera, a subsidiary of Enlight Renewable Energy, has closed a construction and tax equity financing round on a 105 MW utility-scale solar project in Beaverhead County, Montana. Bank of America, a leader in financing renewable energy projects in the U.S.,... Read More

September 26, 2022
by Dan McCue
Arizona Judge Revives State’s 19th Century Near-Total Ban on Abortion

TUCSON, Ariz. — A near-total ban on abortion written nearly 50 years before Arizona became the nation’s 48th state must... Read More

TUCSON, Ariz. — A near-total ban on abortion written nearly 50 years before Arizona became the nation’s 48th state must be enforced as a result of the U.S. Supreme Court’s decision to overturn Roe v. Wade, a state circuit court judge ruled on Friday. The ruling... Read More

Civil Rights Law Targets 'Cancer Alley' Discrimination

RESERVE, La. (AP) — Sprawling industrial complexes line the drive east along the Mississippi River to the majority-Black town of... Read More

RESERVE, La. (AP) — Sprawling industrial complexes line the drive east along the Mississippi River to the majority-Black town of Reserve, Louisiana. In the last seven miles the road passes a massive, rust-colored aluminum-oxide refinery, then the Evonik chemical plant, then rows of white tanks at... Read More

News From The Well