Election year brings a billion hacking attempts per day to Utah’s online systems
SALT LAKE CITY, Utah – Leading up to Utah’s June primary election, state employees have been busy blocking more than a billion hacking attempts every day, according to the state elections office.
“The closer we get to Election Day the more attacks we get,” said elections director Justin Lee. “As we got close to the election, we went over a billion attacks a day.”
The attempted intrusions targeted the state’s overall information network, but it’s believed the would-be hackers were targeting Utah’s elections systems, Lee said, because the attacks amplified as the June 26 primary neared.
“We’re talking 12,000 attacks-plus a second that the IT guys are doing their job and they’re blocking,” Lee said.
Earlier this year, the Utah State Elections Office worried it might be the target of increased cyberattacks due to former presidential candidate Mitt Romney entering the U.S. Senate race. In fact, Utah officials reached out to the Department of Homeland Security to develop a security plan because of Romney’s high-profile status and hawkish foreign policy position towards Russia.
“We’ve seen stuff coming from Russia, from China, from the actors where you’d expect it to come from,” Lee said about the geographic origins of the suspicious online traffic. “We’re seeing attacks from all over the world.”
In 2017, the Utah Department of Technology Services defended the state’s data systems from 500,000 to 700,000 attacks per day, according to Phil Bates, the department’s chief information security officer. In June of this year, that number peaked at more than a billion attempts per day—or about 80 percent of the total traffic attempting to access the Utah’s online systems.
A cybersecurity expert with accounting and business advising company Eide Bailly said he wasn’t surprised by the level of suspicious traffic.
“They’re looking for some sort of a vulnerability, a hole in fence or something like that,” said Richard Hickman, with the firm’s computer forensics department. “They’re doing a lot of automated scans to be able to see if there’s anything that’s left open.”
While Utah’s electronic voting machines have not never been connected to the internet, the state’s voter registration database could be hacked from the outside. The database contained names, addresses, political party affiliations, voter participation history, dates of birth, and possibly driver’s license numbers or partial Social Security numbers.
“If you got in there, you could change people’s voter information around, which would affect how they could vote,” Lee said.
Besides the threat of accessing personal information, Lee said the hacking attempts could also be designed to create doubt about the integrity of the elections system.
“Whether they actually effect anything or change anything is one thing but then there’s sort of just eroding the trust in the democratic process,” he said. “That’s what we’re concerned about, we want to make sure the vote is secure but we also want to make sure the public’s trust is secure in what we do.”
Leading up to the general election in November, Lee said they expect another upswing in hacking attempts.