by Darlene Storm / Feb 22, 2017

“Indiana is the newest state to accuse the Department of Homeland Security (DHS) of trying to hack its state electoral system. The state’s IT team claimed that a DHS IP address repeatedly scanned Indiana’s system. The attempted hacks occurred tens of thousands of times over a period of 46 days, beginning while Vice President Mike Pence was still the governor of Indiana. “We know that between November 1 and December 16, we were scanned with about 14,800 scans, nearly 15,000 different times,” Indiana Secretary of State Connie Lawson told The Daily Caller. Like Georgia, Indiana did not give DHS permission to scan. “Thomas Vessely, IT director for the Indiana secretary of state, told TheDCNF that “we kindly declined [DHS] assistance because we were very comfortable in the work we were doing in monitoring our election system.” So why did DHS allegedly go for it anyway? “Lawson said she “always assumed it was because I was the incoming President of the National Association of Secretaries of State and because we declined their assistance.”

Georgia also declined “help” from DHS regarding its election system. Georgia Secretary of State Brian Kemp believes DHS may have been trying to intimidate him with the scans before he publicly opposed election systems being labeled as “critical infrastructure” by the Obama administration.

As for what was breached by the alleged DHS “hacking attempts” in Indiana, Lawson said, “Our voter registration system was not penetrated.” There was, however, “one slight penetration on an (election) website that was actually old and out of date, so it didn’t go anywhere.” Lawson added that she is “very concerned,” but hasn’t decided whether or not to involve the DHS Office of Inspector General like Georgia did. Regarding the alleged penetration testing on Indiana’s election system, a DHS spokesman said, “DHS does not conduct scans of networks or systems without the cooperation and consent of the system owner.”

Indiana isn’t alone with such recent DHS hacking claims as Idaho Secretary of State Lawerence Denney said he believes DHS may have attempted to hack its state election website around Nov. 8. It wasn’t a Russian IP address mucking around in the state’s affairs, but an IP address belonging to DHS, he said. When Idaho “looked at IP addresses that tried to get into our system,” it didn’t find “a single IP address from a foreign country,” but one from “our own Department of Homeland Security.”

Denney also told the Post Register, “I don’t know what they [DHS] penetrated, or what they tried, I just know their IP address showed up as hitting our website. I don’t know what they were doing. It would have been nice if they had told us.” Denney expressed frustration that DHS conducted penetration tests without any warning or permission, adding that other secretaries of state across the country are also really concerned about what the election system designation of critical infrastructure will mean in the long run. A DHS spokesman said it will address Denney’s concerns, but “when DHS conducts a cybersecurity scan of a network or system, we do so only with the cooperation and consent of the system owner.”

After Georgia accused DHS of trying to hack its computer network and voter registration database, and DHS denied it, West Virginia Secretary of State-Elect Mac Warner accused DHS of attempting to hack West Virginia election records too, just as agency had allegedly tried to hack Kentucky’s. Kentucky later claimed the alleged DHS IP address did not access “public voter information and online voter registration websites.” Kentucky had granted DHS permission to conduct regular scans and concluded the “IP address made no attempt to scan, attack, or infiltrate our system and that the visits appeared to be regular web traffic.”

Warner’s claims about the West Virginia election records hack by DHS were disputed by then Secretary of State Natalie Tennant. Unlike Georgia, Indiana and Idaho, Tennant said West Virginia did grant DHS permission to do a “cyber-hygiene scan prior to the election.” Tennant said Warner’s statements about the DHS hack were false. “The IP address did not access anything of concern and after discussions with DHS about our specific traffic here in West Virginia, we have no indication at this time that the visits were malicious.”

Leave a Reply