As the Alaska Legislature held a Thursday hearing examining the security state’s election system, the Alaska Division of Elections responded to claims that a hacker penetrated its systems on Election Day 2016.
Earlier this week, the Anchorage Daily News published details of a previously undisclosed penetration of the division’s computer systems. The division has previously said Alaska was among the 21 states identified by the Department of Homeland Security as targets of Russian vulnerability scans, but it had not discussed an event on the morning of Election Day itself.
In that event, exposed by emails first obtained by the ADN (and subsequently obtained by the Associated Press and the Empire), a hacker identified on Twitter as @cyberzeist published pictures of the administrative tools the division uses to share election results with the public.
The systems the state uses to tabulate votes are not connected to the internet, meaning the hacker’s actions were the rough equivalent of having the ability to deface a bulletin board.
The hacker claimed to have penetrated the state’s elections database, but state officials found no evidence of that.
Leonard Robertson, a network systems specialist for the state, wrote on Election Day, “They claim to have discovered a vulnerability, but this has not been proven true. … There is no path from Elections.alaska.gov to reach the tabulation system. Tabulation results are hand-carried one way from the tabulation system to the elections webserver.”
Josie Bahnke, director of the Division of Elections, said Thursday that nothing in the emails changes the division’s assertion that the state’s elections are secure.
“Our story didn’t change because of this. No voter data was breached. No results of the election were changed because of the event,” she said. “This incident didn’t, in any way, impact the integrity of Alaska’s voting system.”
In February, NBC News reported that the elections systems of seven states, including Alaska, were penetrated by Russian hackers. The Department of Homeland Security subsequently rejected that claim, and no corroborating evidence has been produced.
That same month, the progressive public policy group Center for American Progress gave Alaska a “B” grade for election security. That was the highest grade given any state. In the wake of the group’s report, and to further improve security, the state suspended a little-used program that allows absentee voters overseas to submit ballots through the internet.
Phillip Malander, elections systems manager for the division, said the division defends against “thousands of attacks every day.”
Though the Election Day attempt didn’t touch ballot-counting computers, “it’s a significant event,” he said. “It’s definitely a level we are uncomfortable with. We don’t like that sort of thing going on.”
The Election Day penetration of the division’s computers used an unpatched software bug that was fixed within hours, according to emails provided to the Empire.
That allowed division officials to continue addressing normal Election Day issues, Bahnke said.
“There was no reason why we didn’t report it,” she said. “It was an Election Day issue that was dealt with immediately.”
• Contact reporter James Brooks at firstname.lastname@example.org 523-2258.