Federal Government to Check Election Materials in North Carolina About Piracy Fears: NPR

The Department of Homeland Security finally agreed to conduct a thorough inspection of election materials used in North Carolina and provided by a vendor whose system had been targeted by Russian hackers in 2016.

It's been three years since the machines – the laptops used to register voters in Durham County – have malfunctioned on polling day, telling voters that they had already voted, while they did not vote. Had not done so yet.

The county shut down laptops that day and started using paper notebooks, but the cause of the problem remained a mystery. This is one of many questions that remain about what happened in the 2016 election, whose answers could help the United States protect itself against future cyber attacks.

"This support can help to better understand previous issues and secure the 2020 elections," said DHS spokesperson Sara Sendek. She added that the agency "has no information that there are any previous or ongoing issues regarding electoral systems" in the state.

The problem in North Carolina would have been dismissed as a routine if it had not been revealed in 2017 that the supplier, VR Systems, based in Florida, was one of the targets of Russia's efforts to interfere in the US elections.

Information reported by the National Security Agency revealed that Russian intelligence agents launched a spear-phishing campaign in August 2016 against a company known as "US Company 1" and then used information from Identification of VR Systems to send malicious emails to about 120 local government offices. later identified as clients of the Florida company.

Last month, Florida Governor Ron DeSantis revealed that the Russians had successfully violated two county electoral systems in his state following this phishing attack, although there was no evidence that voter data has been affected. The governor's announcement follows the release of the report of special advocate Robert Mueller, according to which the Russians had successfully installed malware on the network of a company widely known as VR Systems. .

VR Systems has always denied to NPR and others that its system was hacked, although the company acknowledges that the Russians tried to do so and imitated the company during its phishing attack against its customers. . He also defended the safety of his equipment in North Carolina.

The latest revelations from Mueller and DeSantis sparked renewed interest in what happened in Durham County.

After its own investigation in 2016, the county concluded that the problem was probably due to human error. Officials said that it appeared that the problematic electronic copybooks software had not been updated and that they contained information relating to a previous election, which is why voters have were wrongly informed that they had already voted.

But when the NSA report was leaked in 2017, revealing Russia's efforts to hack VR Systems, the state election council of North Carolina has decided to conduct its own investigation. He took custody of Durham County's laptops – more than a dozen – and announced that he would conduct his own medico-legal tests to determine what had caused the problems of polling day.

Subsequent efforts by NPR and others to discover the outcome of these tests were unsuccessful. However, after the publication of the Mueller report this year, the state's state election office said it was unable to conclusively determine the cause of the machine malfunctions, although its investigators believed that "the user had made a mistake in elections and polls. " the workers probably contributed to the 2016 incident ".

The committee then revealed that it lacked "the technical expertise needed to scientifically analyze the computers" and that "other government agencies refused the agency's requests for the computers." assess".

Josh Lawson, who was until Friday general counsel of the state's elections council, told NPR that North Carolina officials had been asking the Department of Homeland Security several times over the past few weeks. last two years to conduct a survey on the equipment but had received a positive response only a few days ago. .

"It's not that we have anything definitive that can trace what has happened in Durham County up to a breach, but we have not definitively ruled it out. ", did he declare.

DHS is the main federal agency that has been working with state and local authorities on electoral security since the 2016 elections, but it took several months to open the lines of communication. One of the biggest problems has been the amount of threat information that federal agencies can share with election officials and the public.

Florida officials were disturbed to learn only last month that two counties – which have not yet been publicly identified – were successfully hacked by the Russians. County electoral supervisors told NPR that they were not too concerned about the counties involved but that they needed to know what the Russians had done and how the problem had been solved for that. They can guarantee the security of their systems by 2020.

Members of the Florida congressional delegation were also concerned to learn in 2019 new details about what had happened in 2016, first in the Mueller report, then from the governor, and then during from a classified FBI briefing.

"These chaotic pieces of information undermine the confidence of our constituents in the electoral system and only provide them with information," said Democratic Representative Stephanie Murphy.

There are other unanswered questions about what the Russians did in 2016. The FBI told Florida officials that it had "no evidence" indicating that the data voters had been manipulated, which the legislator noted was not the same as to state that the agency was certain that nothing had been falsified. with.

The leaked NSA report also indicated that the Russians had usurped a second company, "US 2", and sent a test e-mail offering election-related products and services. Publicly, we do not know which company was usurped nor what the Russians finally tried to do.

The Russians also sent test emails to what appeared to be two fake accounts created to give the impression of being able to provide voters with postal ballots, according to the NSA report leaked. Again, we do not know what was the ultimate goal and there were other sellers and election officials whose systems were attacked or involved.

Increased reliance on electronic voting registers, such as those used in Durham County, has also raised security concerns as the material may be connected at some point to the Internet or a network of election commissions to obtain information. electoral lists, which increases their vulnerability to cyberattacks.