Russian-owned company caught trying to hack Ohio voting systems on Election Day

Russian intrusion attempts continue to mount as Mitch McConnell blocks much-needed election security reforms

By Igor Derysh

Managing Editor

Published December 3, 2019 6:00AM (EST)

Voting Booths (Getty Images/Salon)
Voting Booths (Getty Images/Salon)

A Russian-owned company tried to hack the Ohio office that oversees the state’s voting systems on Election Day, according to Ohio Secretary of State Frank LaRose.

LaRose told the Columbus Dispatch that the state’s internal systems detected an “SQL injection” attack that attempted to insert malicious code onto his office’s website.

LaRose said that the attack originated in Panama but was traced back to a Russian-owned company. He downplayed the attempted hack as “relatively unsophisticated.”

“Some of these unsophisticated attacks are ways that they probe for vulnerabilities. They are poking around for soft spots,” LaRose explained.

He went on to credit the state’s “Albert” alert system that quickly identified the attack. “The good guys won that day and the bad guys lost,” he said.

LaRose said that similar attacks are designed to disrupt or undermine the credibility of elections but he is confident that hackers cannot access voting machines because they are not connected to the internet.

LaRose’s announcement came several months after Florida Gov. Ron DeSantis revealed that Russian hackers had breached the voting systems of two counties in the state in 2016, though he said there was “nothing that affected the vote count.”

That attack was first revealed in the final report of former special counsel Robert Mueller, who later testified to Congress that Russia was planning to interfere in upcoming elections “as we sit here.”

A Senate Intelligence Committee report found that Russia targeted election systems in all 50 states in 2016. The report said that Russian hackers were “in a position to delete or change voter data” in Illinois. The investigation found no evidence that they did so, but the report warned that Russian operatives may have been cataloguing options “for use at a later date.”

Though voting machines are not supposed to connect to the internet for security reasons, some machine analysts have discovered remote-access software on machines in key swing states and other flaws that could expose the systems to hacking. Motherboard recently reported that election systems in 10 different states have connected to the internet in the last year.

“Some machines that officials insist don’t connect to the internet actually do connect to the internet, and even some machines that don’t connect directly to the internet are programmed with cards that have themselves been programmed on computers that connect to the internet,” HBO host John Oliver explained on a recent edition of “Last Week Tonight.” “So your voting machine isn’t connected to the internet the same way your Alexa isn’t recording everything you say and sending it directly to Jeff Bezos. It’s totally not doing that, except for when it’s totally sometimes doing that.”

While remote hacking may be difficult, hacking experts have shown numerous times that voting machines can easily be accessed and manipulated in person. One video taken at the hacking conference Def Con showed a hacker breaking into a Diebold voting machine, a model used in 18 different states, in a matter of minutes and with no special tools.

Websites that display election results, like the Ohio Secretary of State’s website, were able to be breached by hackers as young as six years old. "Unfortunately, it's so easy to hack the websites that report election results that we couldn't do it in this room because [adult hackers] would find it boring," event organizer Jake Braun told CNN.

A report by the Brennan Center for Justice released days after the conference pointed to recommendations in the Senate report that called for replacing outdated machines and requiring paper backups to secure elections. The report showed that a third of all election systems used voting machines that were more than a decade old and that one in every eight ballots in 2020 would be cast on a machine with no paper backup.

The House of Representatives approved a bill over the summer that would provide $600 million for states to buy new voting machines that would not connect to the internet and would provide paper backups. The bill was blocked by Senate Majority Leader Mitch McConnell, who had also blocked multiple Senate election security bills before agreeing to back a bill that would provide $250 million — less than half the amount budgeted in the House version — to improve states’ election security.

Senate Minority Leader Chuck Schumer, D-N.Y., called McConnell’s announcement a “start” but added that the bill doesn’t provide “all the money we requested” and “doesn’t include a single solitary reform that virtually everyone knows we need.”

“If Americans don’t believe their elections are on the up-and-up,” he said, “woe is us as a country and as a democracy.”

As Congress continues to debate how much it will ultimately spend to shore up election systems, experts warn that efforts to secure next year’s elections should have started much earlier and with more urgency.

“Right now, Russia’s security services and their proxies have geared up to repeat their interference in the 2020 election,” Fiona Hill, the former top Russia expert on the National Security Council, told the House Intelligence Committee last month. “We are running out of time to stop them.”

By Igor Derysh

Igor Derysh is Salon's managing editor. His work has also appeared in the Los Angeles Times, Chicago Tribune, Boston Herald and Baltimore Sun.

MORE FROM Igor Derysh