Officials: Russian hackers scanned Colorado’s election infrastructure last year but failed to breach it
Author: Ernest Luning - September 22, 2017 - Updated: September 23, 2017
Russian hackers tried without success to get into Colorado’s computerized voter system before last year’s election, officials with the Colorado secretary of state’s office said Friday.
The Department of Homeland Security informed Secretary of State Wayne Williams’ office in a phone call before noon that Colorado was among states targeted last summer by hackers earlier identified as Russians — contrary to what DHS officials told Williams earlier this year — but stressed that the hackers didn’t get into the state’s electronic voter data system, Gary Zimmerman, chief of staff for the secretary of state’s office, told Colorado Politics.
“They confirmed we are one of the 21 states where intelligence sources — they didn’t tell us what those were — advised they detected scanning activity here in Colorado,” Zimmerman said. “The analogy would be if somebody went to your home and jiggled the windows and the door handles to see if any were unlocked. That’s what scanning is. At the same time, DHS also confirmed there is absolutely no evidence they penetrated our systems or network.”
The DHS official who informed Zimmerman of the attempted breach only found out Colorado was among the targeted states “an hour or so before we did,” Zimmerman said. “Apparently this information was known in September or October of lat year,” he added, although he couldn’t say whether anyone within DHS had that knowledge.
Federal authorities on Friday notified the top election officials in 21 states that the hackers had scanned their systems, according to news reports. Although DHS didn’t release a list of the affected states, a spokesman told The Hill that it was up to officials in each state whether to disclose their involvement.
DHS announced in the run-up to the November election last year that Russian hackers had targeted voting systems in “more than 20” states, although the hackers appeared to have penetrated the systems in just two states, Arizona and Illinois. In June, Bloomberg News reported that authorities suspect the hackers tried to delete tens of thousands of voter files in Illinois, but federal officials have insisted that they’ve found no evidence the cyber attacks affected the vote count or election results anywhere in the country.
Zimmerman said it was important to understand that the kind of scans Colorado’s computerized election system was subject to are exceedingly common.
“That probably happens 70,000 times a year,” he said. “It is very common that bad guys as well as people just poking around attempt scans of networks. It doesn’t mean somebody breaks into our network — it happens all around the world every day.”
When that occurs, Zimmerman said, it’s like a burglar alarm that beeps, alerting that there might be some activity. “We have those systems, and we have logs that somebody is poking at the window or the door, and we have a team of people that works to protect us.”
DHS and the FBI told Colorado election officials last year to be on the lookout for Internet addresses linked to the Arizona and Illinois attacks, Trevor Timmons, chief information officer for the secretary of state’s office, told Colorado Politics earlier this year.
“We got that information about all these computers associated with specific attacks and the patterns of behavior associated with those attacks,” Timmons said. “We added those to our system, to look through our log and see if we were seeing those same kind of attacks or anything using those patterns. We didn’t see anything. … Once we’d done that investigation, we blocked those computers.”
His colleague chief information security officer Rich Schliep said the office doesn’t just rely on those reports but is constantly on the lookout for attacks. “It’s part of doing business in this day and age,” he said.
Federal authorities didn’t issue any more warnings last year after alerting states about details associated with the Arizona and Illinois attacks but did offer additional assistance to state election security officials, Timmons said.
Homeland Security Secretary Jeh Johnson offered “cyber hygiene” scanning services — “they’ll do that same poking and prodding that the bad guys do,” Timmons said — to help identify vulnerabilities in voter and election systems. “I’m not saying we were the first to sign up, but we were among the first three states to sign up,” Timmons said.
Colorado regularly tests its systems using similar methods, Schliep said. “We pay organizations to try to hack our website on a continual basis so we don’t find out about something the wrong way. We want to know we have a vulnerability so we can patch it.”
Williams said Friday that the terminology was important.
“According to Homeland Security, we were not attacked, probed, breached, infiltrated or penetrated,” he said in a statement. “This was a scan and many computer systems are regularly scanned. It happens hundreds if not thousands of times per day. That’s why we continue to be vigilant and monitor our systems around the clock.”
This is a developing story that will be updated.