Report finds many US election officials vulnerable to phishing attacks

Attacks on voting machines may not be the main concern.

Sponsored Links

voting booths
Michael Robinson Chavez/The Washington Post via Getty Images

The security risks around the 2020 presidential election aren’t limited to direct attacks on the voting systems. Research firm Area 1 Security has published a report (via Wall Street Journal) warning that many election officials are using email systems that leave them vulnerable to phishing attacks and hacks. Out of more than 10,000 state and local officials, about 53 percent only had “rudimentary or non-standard” defenses against phishing. Only 18.6 percent had “advanced” safeguards in place, and 5.4 percent were using personal email addresses.

Small jurisdictions in Maine, Michigan, Missouri and New Hampshire were using a flawed version of Exim, software that’s free but has also been targeted by state-sponsored Russian hackers.

This wouldn’t necessarily let intruders compromise the voting process. The Cyber Threat Alliance’s J. Michael Daniel told the WSJ that it would be “really hard to do” digital vote manipulation at a meaningful level. However, ransomware and other phishing-based campaigns could make it difficult for election administrators to do their job, and might cast doubt on the results even if the voting infrastructure is safe.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

This could still be an improvement over security levels in past years. However, this still leaves many officials susceptible. Russia and other countries were reportedly trying to phish high-profile targets in 2018 — it’s difficult to rule out similar campaigns in 2020, particularly against election staff who don’t have the same resources to protect themselves. It may be a long while before email security is consistently strong.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget