Indiana confirmed hacking of 2016 election systems

In the analysis of Indiana’s election system, we find hacking and confirmed penetration, millions of scans, and alarming concerns related to voter suppression. This is part of a U.S. wide analysis regarding potential “Vote Hacking” in the following states: Arizona, Alabama, Alaska, CaliforniaColorado, ConnecticutFlorida’s primary electionFlorida’s general election, GeorgiaHawaii, Idaho, & Illinois. This analysis follows below.

On October 18, 2016, Secretary of State Connie Lawson explained that thousands of voter registration records were altered using paper forms, through the Bureau of Motor Vehicles and via the state’s online voter registration system. In response, State police blamed and raided the Indiana Voter Registration Project, an organization with a solid reputation for getting out the vote, just prior to the election — thus preventing the additional potential registration of approximately 45,000 of black voters. The IVRP contacted the Department of Justice to assist, claiming Indiana violated the law in a manner which discriminates against minorities.

There has not yet been an update on the disposition of this case.

On November 1, 2016, Secretary Lawson explained Indiana began having its election systems scanned.

On December 16, 2016, scanning ceased, according to Secretary Lawson

On February 21, 2017, it was reported that an IP address originating from the Department of Homeland Security scanned Indiana’s voter registration database approximately 14,800 times. Secretary Lawson explained:

“we know that between November 1 and December 16 we were scanned with about 14,800 scans, nearly 15,000 different times.”

Accordingly, Indiana had been scanned approximately 222 Million times within one and a half months. The state’s IT team traced the intruder to a DHS computer’s IP address. The same DHS unit attempted 10 times in 2016 to hack into the Georgia electoral system. I discussed this countrywide issue at length in my analysis of Idaho and Georgia.

DHS had asked Indiana if their state wanted assistance with securing their election systems, along with many other states after the Illinois and Arizona election systems were compromised. Secretary Lawson’s IT Director, Thomas Vessely explained that Indiana, “kindly declined [DHS] assistance because we were very comfortable in the work we were doing in monitoring our election system.”

Secretary Lawson was asked why she believed DHS chose to scan their system. She explained that she:

“always assumed it was because I was the incoming President of the National Association of Secretaries of State and because we declined their assistance.”

I think it is important to repeat the same critical questions:

Was scanning the result of an active investigation?

If the IP addresses were from DHS, what would the agency have to gain from scanning a system after the election?

Why would DHS scan a state’s election system thousands of times?

It also calls into question Georgia’s case where there were only 10 scans conducted, versus other states reporting thousands. Further information is required and should be disclosed from the states and federal government so we can make a proper analysis. Transparency related to our elections process is key.

On February 22, 2017,  Computer World reported that Secretary Lawson made an admission that Indiana’s election system had indeed been penetrated. While defending that their voter registration system had not been penetrated, Secretary Lawson shockingly admitted that there was:

“one slight penetration on an (election) website that was actually old and out of date, so it didn’t go anywhere.”

This is highly critical because it represents an admission from a state governmental body that part of the election system, although implied to be insignificant, was penetrated.

Questions arise here, such as what was the extent of the hacking? When did the hacking occur? Is there logging information of the hacking? Also, was the IP address the same as those which came from Georgia or were they different?

Again, many more questions to be answered here.

Currently, there is an ongoing effort by the Indiana Secretary of State to purge voter information from the voter rolls. Secretary Lawson contends that this effort is meant to clean up information that is outdated and is compliant with federal law. In light of suspicious activities surrounding the voter rolls in the last election, such activities need to be scrutinized by the public and must be as transparent as possible and include reporting by the government so that there is accountability to ensure people are not unjustly purged from the rolls.

Analysis

We have numerous concerns related to the practices in Indiana which potentially point to minority voters discrimination. Additionally, with a confirmation of election system penetration, as well as over 200 million scans detected and reported upon, we need further information regarding the breech as well as scanning from Secretary Lawson’s office. There needs to be more transparency with voter registration system with regard to removing voters from the rolls. There also needs to be transparency in investigation process in order for voters to trust that the election system is working properly. Systems with multiple layers of protection best serve the public. Those responsible for maintaining the election systems have an obligation to ensure that we have confidence in administration. Failure to inform the voters does not instill confidence.

We need a full accounting of the voter registration problems in Indiana, answers to the above questions asked as well as a forensic analysis of the election results in order to ensure the vote counts. Same day voter registration, combined with other transparency safeguards, such as those advocated by the National Association of Voting Officials will help improve the system. Paper ballots with open source, general public license voting with a 100% count at each precinct, and an anonymous receipt is the best way to rebuild confidence.

Follow/Like:
  • Ricemanstm

    Sound more like a ping or pentest than actual “hacking”. If I “ping” Yahoo my IP will show up as the origination address. Could have been looking for open ports or almost anything else. Calling it “hacking” is almost “click bait”.

  • Ruben Major

    Ricemanstm, thanks for your comments, however, this is from Secretary Lawson directly: there was… “one slight penetration on an (election) website that was actually old and out of date, so it didn’t go anywhere.” Her words… Hope that helps. 🙂