Ukraine computer involved in Tennessee elections attack
Investigators found evidence of a вЂњmalicious intrusionвЂќ into a Tennessee countyвЂ™s elections website from a computer in Ukraine during a concerted cyberattack, which likely caused the site to crash just as it was reporting vote totals in this monthвЂ™s primary.
Cyber-security experts hired by Knox County to analyze the so-called вЂњdenial of serviceвЂќ cyberattack, said Friday that вЂњa suspiciously large number of foreign countriesвЂќ accessed the site as votes were being reported on May 1.
That intense activity was among the likely causes of the crash, according to the report by Sword & Shield Enterprise Security.
County officials said no voting data was affected, but the site was down for an hour after the polls closed, causing confusion before technicians fixed the problem.
The vulnerability identified by Sword & Shield has been fixed and additional safeguards are now in place, said David Ball, the countyвЂ™s deputy director of information technology.
The election results, to be officially certified later this month, left Glenn Jacobs, also known as the pro wrestler Kane, ahead by 17 votes in the Republican primary for Knox CountyвЂ™s mayor.
Investigators said itвЂ™s impossible to prove just where the so-called вЂњdenial of serviceвЂќ attack originated from, since the county canвЂ™t store all the вЂњpacket dataвЂќ needed to identify the source.
вЂњThe effect was clearly a loss of service, but it is unclear, with the information provided, if the outage was an intended event or a side effect of the events,вЂќ the report said.
Ball said вЂњthe bottom line is that there was a proven malicious attack from a foreign source occurring simultaneously with an apparent deliberate DOS attack. Nothing was held back from Sword and Shield, and their assessment was well aligned with our initial assessment on election night.вЂќ
Knox County uses Hart InterCivicвЂ™s eSlate electronic voting machines, which do not create a paper record of the votes. Ball said HartвЂ™s equipment вЂњis not networked in any way.вЂќ
Joyce McCants, a spokeswoman for the FBI in Knoxville, said Knox County has not reached out to the FBI in relation to the website crash.
Election security experts have raised concerns that foreign state actors could use such attacks to erode public confidence in the democratic process. Projects like Defend Digital Democracy at Harvard University have been urging elections officials across the country to prepare for exactly such scenarios.
Richard Moran, the countyвЂ™s information and technology senior director, has said that while heavy traffic came from overseas servers, it doesnвЂ™t mean that the attacker was in a foreign country.
Dan Wallach, a computer science professor at Rice University, notes that the internet is a вЂњmessy placeвЂќ with a lot of background traffic, and it would be difficult to find its origin because attackers are very good at hiding their location.
вЂњWhat attackers will do is, theyвЂ™ll break into other computers and then launch their attacks from there,вЂќ he said.
The report said the website received requests for access from about 100 countries, from all over the world.
Associated Press reporter Frank Bajak contributed to this report