Ransomware Attacks Take On New Urgency Ahead of Vote

Attacks against small towns, big cities and the contractors who run their voting systems have federal officials fearing that hackers will try to sow chaos around the election.

By Nicole Perlroth and David E. Sanger

A Texas company that sells software that cities and states use to display results on election night was hit by ransomware last week, the latest of nearly a thousand such attacks over the past year against small towns, big cities and the contractors who run their voting systems.

Many of the attacks are conducted by Russian criminal groups, some with shady ties to President Vladimir V. Putin’s intelligence services. But the attack on Tyler Technologies, which continued on Friday night with efforts by outsiders to log into its clients’ systems around the country, was particularly rattling less than 40 days before the election.

While Tyler does not actually tally votes, it is used by election officials to aggregate and report them in at least 20 places around the country — making it exactly the kind of soft target that the Department of Homeland Security, the F.B.I. and United States Cyber Command worry could be struck by anyone trying to sow chaos and uncertainty on election night.

Tyler would not describe the attack in detail. It initially appeared to be an ordinary ransomware attack, in which data is made inaccessible unless the victim pays the ransom, usually in harder-to-trace cryptocurrencies. But then some of Tyler’s clients — the company would not say which ones — saw outsiders trying to gain access to their systems on Friday night, raising fears that the attackers might be out for something more than just a quick profit.

That has been the fear haunting federal officials for a year now: that in the days leading up to the election, or in its aftermath, ransomware groups will try to freeze voter registration data, election poll books or the computer systems of the secretaries of the state who certify election results.

With only 37 days before the election, federal investigators still do not have a clear picture of whether the ransomware attacks clobbering American networks are purely criminal acts, seeking a quick payday, or Trojan horses for more nefarious Russian interference. But they have not had much success in stopping them. In just the first two weeks of September, another seven American government entities have been hit with ransomware and their data stolen.

“The chance of a local government not being hit while attempting to manage the upcoming and already ridiculously messy election would seem to be very slim,” said Brett Callow, a threat analyst at Emsisoft, a security firm.

The proliferation of ransomware attacks that result in data theft is an evolution in Russian tactics, beyond the kind of “hack and leak” events engineered against the Democratic National Committee and Hillary Clinton’s campaign chairman, John Podesta, in 2016. By design, whether the attacks are criminal or state sponsored is not clear, and the attacker does not always have to be successful everywhere. Just a few well-placed ransomware attacks, in key battleground states, could create the impression that voters everywhere would not be able to cast their ballots or that the ballots could not be accurately counted — what the cybersecurity world calls a “perception hack.”

“We have been hardening these systems since last summer,” Christopher Krebs, who runs the Cybersecurity and Infrastructure Security Agency for the Department of Homeland Security, said this month. He noted that the agency was trying to make sure local election officials printed out their electronic poll books, which are used to check in voters, so that they had a backup.

The United States has made “tremendous progress” in the effort, Mr. Krebs added, by “getting on this problem early.”

Still, some officials worry that President Trump’s repeated assertion about the election that “we’re not going to lose this except if they cheat” may be the 2020 equivalent of “Russia, if you’re listening” — seen as a signal to hackers to create just enough incidents to bolster his unfounded claims of widespread fraud.

So far Mr. Trump has focused on mail-in ballots and new balloting systems, but on election night there would be no faster way to create turmoil than altering the reporting of the vote — even if the vote itself was free of fraud.

That would be a classic perception hack: If Mr. Trump was erroneously declared a winner, for example, and then the vote totals appeared to change, it would be easy to claim someone was fiddling with the numbers.

The Russians tried this, and almost got away with it, in Ukraine’s presidential election six years ago. That is one reason the F.B.I. warned last week that the days after the election could result in “disinformation that includes reports of voter suppression, cyberattacks targeting election infrastructure, voter or ballot fraud, and other problems intended to convince the public of the elections’ illegitimacy.”

The F.B.I. warning made no mention of Mr. Trump’s own declarations that if Mr. Biden wins, the election must be illegitimate, or his baseless attacks on the use of mail-in ballots. But on Saturday night at a rally in Pennsylvania, the president openly speculated how an uncertain outcome could throw the election into the courts or Congress, both places where he believes he has an advantage.

Source: Read Full Article