Florida elections systems were at risk of hacking says report
ORLANDO, Fla. — Seven Florida counties have elections systems that have been connected to the internet for months, if not years, according to a report by Vice Motherboard — and one was still connected as of this week.
The counties — Bradford, Charlotte, Flagler, Wakulla, Miami-Dade, Pasco and one other county researchers were unable to identify — were among 35 in 10 states in which elections systems were potentially exposed to risk of hacking, Motherboard reported.
At least 19 of the systems, including one in Miami-Dade, were still connected to the internet as of August.
Elections supervisors in Central Florida said although they use the equipment being cited, none of them believed their systems were exposed.
The systems are made by Election Systems & Software, one of the country’s top voting machine companies. Orange County Supervisor of Elections Bill Cowles said 49 of the state’s 67 counties, including Orange, use ES&S equipment.
The systems are used to transmit unofficial vote totals via a wireless modem from ES&S voting machines on election night, Motherboard reported. The server that receives these votes is connected to the internet behind a Cisco firewall, both of which are only supposed to be connected to the internet for only a few seconds.
Osceola supervisor Mary Jane Arrington said their connection lasts “a millisecond” on election night.
If connected for long periods, as in those seven counties, a hacker could theoretically access the server to send fake results to county offices to be posted on their websites on election night.
The unofficial returns are transmitted to give the candidates and public quick results. Official returns are hand-delivered from each precinct.
But, researchers added, the firewalls are connected to the even more critical backend systems, which tabulate official votes as well as unofficial ones, as well as the system used to program voting machines before elections in some counties.
“We ... discovered that at least some jurisdictions were not aware that their systems were online,” Kevin Skoglund, an independent security consultant who conducted the research with nine other security professionals and academics, told Motherboard. “In some cases, (the vendor was) in charge (of installing the systems) and there was no oversight. Election officials were publicly saying that their systems were never connected to the internet because they didn’t know differently.”