Forget the states that swung the election, South Carolina went for Donald Trump with nearly 55 percent of the vote and hackers still bombarded its registration system nearly 150,000 times on Election Day alone. The revelation from the state's election commission provides some insight into just how extensive the 2016 hacking efforts were and will be again in 2018. The Wall Street Journal’s Alexa Corse writes:
In harder-fought Illinois, for instance, hackers were hitting the State Board of Elections “5 times per second, 24 hours per day” from late June until Aug. 12, 2016, when the attacks ceased for unknown reasons, according to an Aug. 26, 2016, report by the state’s computer staff. Hackers ultimately accessed approximately 90,000 voter records, the State Board of Elections said.
Unlike in Illinois, South Carolina didn’t see evidence that any attempted penetration succeeded, said Chris Whitmire, the State Election Commission’s director of public information and training, last week. Most of the attempted intrusions in that state likely came from automated computer bots, not thousands of individual hackers.
In Illinois, election staff determined that hackers breached some 90,000 voter records, and the Department of Homeland Security (DHS) has found evidence that hackers targeted at least 21 states, though other reports suggest that's a conservative estimate.
In Illinois, the computer staff at the State Board of Elections noticed on July 12 that the activity of its server for the voter-registration database “had spiked to 100% with no explanation,” according to the state’s report.
Around mid-August, the FBI sent a "flash" alert to all state election officials regarding hacking attempts and DHS offered to help states secure their systems. South Carolina was one of 33 states and 36 locales that accepted that help. In addition, the state hired a private cybersecurity firm to administer on-site assessments at county election offices.
On Sept. 18, DHS officials remotely completed an initial “cyber-hygiene scan” for South Carolina. The scans examined the state agency’s website and office network, checking for vulnerabilities using a federally-maintained database. The scan didn’t examine vote-tabulation machines, which aren’t connected to the internet, or the statewide voter-registration database.
The DHS discovered 55 vulnerabilities—the virtual equivalent of unlocked doors—across four internet-connected devices used by the State Election Commission, according to a copy of the DHS report. Two of them were classified as “critical,” the highest level of severity.
The DHS scans did not show that SC's voting systems had actually been compromised.
In the week of Sept. 26, Soteria, the private cybersecurity firm, started its work on South Carolina’s election system.
Twenty-five days passed before the majority of the vulnerabilities, including the two most severe ones, were fixed, DHS reports show. [...]
By Election Day, South Carolina had resolved all but one low-risk vulnerability, according to a DHS report dated Nov. 8. Malicious actors, who haven’t been identified, tried 149,832 times to find it, according to the South Carolina State Election Commission’s report. Data on the number of hacking attempts in the days before Election Day—or from the 2012 general election—weren’t included in the report and the commission declined a request for those numbers.
Hackers attempted to exploit that single vulnerability 149,832 times in a single day. Notably, hackers’ efforts decreased following the election but by no means stopped entirely.
And Donald Trump's voter suppression commission is busy trying to gain the personal data of voters across America rather than securing our voting infrastructure against external attacks. Why not just open the floodgates to hackers now in anticipation of 2018?