Cybersecurity

Wyden wants answers on hack of voting tech firm

election security (Shutterstock.com) 

Sen. Ron Wyden (D-Ore.) is questioning whether an intrusion by Russian hackers into the network of an American voting technology company referenced in Special Counsel Robert Mueller's report is related to a breakdown of electronic pollbook systems in North Carolina on election day in 2016.

In a May 8 letter to the CEO of VR Systems, Wyden raised concerns about whether the company was forthcoming during a 2017 and 2018 legal battle with the state of North Carolina, when it denied in court filings that its e-pollbook system had ever experienced a breach in the past.

"The Mueller Report's revelation that Russia infected your network with malware raises serious questions about your March 2018 claim your company had not experienced a security breach," Wyden wrote.

The company acknowledged in April 2019 that it was the entity mentioned in the Mueller report. The company was cited in documents leaked by a former National Security Agency contractor to the Intercept.

Wyden is concerned because e-pollbook software made by VR Systems "catastrophically" failed on Election Day 2016 in a number of Durham County, N.C., voting precincts. While e-pollbooks do not count or tally vote totals, they help election officials check voter eligibility.

The Mueller report claims that Russian hackers successfully installed malware inside the company's network, using it as a foothold to launch more phishing attacks against state and local governments in the weeks leading up to the 2016 elections.

Lawyers for VR Systems have claimed the attackers never got further than a failed phishing attempt.

The NSA documents leaked by Reality Winner indicate that it is likely at least one of seven identified phishing targets may have clicked on a compromised hyperlink, but they are not conclusive about whether the hackers succeeded or later installed malware.

As recently as April, the company had denied that its systems were successfully hacked and claimed the 2016 e-pollbook failures in North Carolina were due to user error.

Wyden is seeking information on whether any government agency has ever forensically examined the computers used in Durham County in 2016, the evidentiary basis for the company's claim that it hasn't experienced a security breach and other details about the firm's security posture.

"Given the voting problems caused by the failure of e-pollbooks manufactured by your company in November 2016, the American people have a right to know if there was any connection to the Russian cyberattack against your company three months earlier," Wyden wrote.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.