Hackers targeted Texas and 20 other states prior to the 2016 presidential election, the United States Department of Homeland Security has formally informed the states.
But the hackers who tried to mess with Texas didn’t get far, officials with the Texas Secretary of State’s office said Monday.
The federal agents said instead of targeting the state’s voter registration database during the 2016 elections, hackers searched for a vulnerability on the Secretary of State’s public-facing website, according to Sam Taylor, an agency spokesman.
“If anyone was trying to get into the elections system, they were apparently targeting the wrong website,” Taylor said.
The website, http://www.sos.state.tx.us, is devoid of voter information, he said, and hackers never find a way to crack into it.
According to testimony before the U.S. Senate Intelligence Committee, the Department of Homeland Security began finding incidents of scanning and probing of state and local election systems in August 2016. A declassified report from national intelligence officials released in January stated that “Russian intelligence obtained and maintained access to elements of multiple U.S. state or local electoral boards.”
“There is no complacency in Texas when it comes to protecting the security of our elections system,” Secretary Rolando Pablos said. “We take our responsibility to guard against any and all threats to the integrity of elections extremely seriously and will continue to do so moving forward.”
Here’s what bothers me about this. It’s not that our Secretary of State websites may have been attacked – that’s a matter of when, not if – and it’s not even that they might not have known about it until the feds informed them of it – it may have been a new vulnerability being exploited. What bothers me is the assertion that because there was nothing of value on the server that was hacked, there was nothing to worry about. Low-value servers, ones that are public facing and have no proprietary or confidential information on them, are often targets for hackers. The reason for this is that once you have access to such a machine, you have the opportunity to look for vulnerabilities inside the network, to do things like try to crack passwords on higher-privilege accounts so that you can gain access to more valuable resources. A spokesperson like Sam Taylor may not understand this, but I sure hope someone at the SOS office does.
Also, too: It’s not possible to stop every attack – any IT professional worth their salt will tell you this – but what is possible and very necessary is to detect as quickly as you can abnormal system activity so you can tell when you’ve been breached and take steps to stop it. As I said, the SOS may not have known about these particular attacks at the time. Some of this is cutting edge stuff, and the majority of us only find out about them in retrospect. But now that they do know, I sure hope they’re reviewing all their logs and their various monitoring tools to see what they might have missed and how they can detect this sort of attack going forward. I also hope they’re sharing this information with every elections administrator to ensure they are aware of this and can perform the same reviews. That is something I’d expect a spokesperson to address.