Colorado's election system was 'scanned' by Russians but not breached, DHS tells state

Colorado's election system was 'scanned' by Russians but not breached, DHS tells state
Posted at 4:19 PM, Sep 22, 2017
and last updated 2017-09-22 18:33:32-04

DENVER – Russians scanned Colorado’s election system for possible points of weakness in the weeks before last year’s election but were not able to penetrate it, the Department of Homeland Security told the Colorado Secretary of State’s Office Friday.

Colorado was one of 21 states DHS informed Friday were “impacted” by Russian activity in the run-up to the election. But the secretary of state’s office maintains it was not breached, as it has for months now.

The office compared the scan to a burglar jiggling a locked doorknob, then moving on.

“According to Homeland Security, we were not attacked, probed, breached, infiltrated or penetrated. This was a scan and many computer systems are regularly scanned. It happens hundreds if not thousands of times per day,” Secretary of State Wayne Williams said. “That’s why we continue to be vigilant and monitor our systems around the clock.”

In June, Williams and his office said they hadn’t been notified that any voter systems were compromised after The Intercept published a leaked National Security Agency document showing Russian hackers phished their way into some U.S. elections systems that were using a company called VR Systems.

Trevor Timmons, the chief information officer for the secretary of state’s office, said at the time that Colorado’s system has extra steps to ensure phishing schemes, like the one that was purportedly used to gain access to other states’ systems, don’t affect Colorado’s.

He said that Colorado’s system requires multi-factor authentication beyond a simple user name and password. He also said that there are special codes needed for the multi-factor authentication that change thousands of times each day—another level of security aimed at keeping hackers from penetrating Colorado’s voting and voter registration systems.

The Secretary of State’s Office also gives new employees rigorous training on security measures, and often conducts phishing tests to identify any employees who may be susceptible to those schemes for further training.

The Denver Post reports that an additional $1.2 million was appropriated earlier this week by the Joint Budget Committee to add a new risk management platform, which would be aimed at monitoring people trying to gain access to Colorado’s voter registration system.

Williams said Friday the office “continues to have a strong relationship with Homeland Security, the FBI, and the Governor’s Office of Information Technology.”

DHS’ disclosure to the states comes amid Special Counsel Robert Mueller’s probe into Russian interference into last year’s election of Donald Trump as president. Trump has called the idea that Russia interfered “a hoax.”

Among the other states who publicly said Friday they were notified are Alaska, Arizona, Connecticut, Illinois, Iowa, Maryland, Minnesota, Ohio, Oklahoma, Oregon, Pennsylvania, Virginia, Washington and Oregon.