Colorado's Election Systems Are Being Hacked...on Purpose, by the Feds

Colorado’s election systems have been under attack by cyber intruders. Networks are being poked and prodded in an attempt to bypass security measures, access control systems and manipulate or extract data.

Don’t worry, though: The attacks are not real. Rather, they are simulations part of “Cyber Storm,” the nation’s largest cybersecurity exercise, overseen by the Department of Homeland Security.

Colorado is one of seven states participating in the exercise, along with nearly 1,000 other “players” across the nation that range from law enforcement agencies to transportation and manufacturing networks. According to DHS, the exercises are the sixth iteration of Operation Cyber Storm, and the simulated cyber attacks are meant to expose cyber vulnerabilities and test network administrators’ preparedness, security measures and responses.

It is no coincidence that the exercise is occurring months before midterm elections. DHS has reported that in November 2016, Russian hackers targeted 21 state elections systems, including Colorado’s.

As we reported in a July cover story, “Red Alert,” Colorado Secretary of State Wayne Williams maintains that Colorado’s election systems were not breached but rather “scanned" by Russians, which Williams likened to jiggling a doorknob to see if it’s unlocked.

He explained that while Colorado’s voter-registration database is online (containing names, addresses, party affiliation, phone numbers, etc.), the actual vote counts from elections are not connected to the Internet.

“The voting equipment is kept in a locked room with surveillance and a log of who goes in,” he told us, adding that changing votes would be possible only “if you’re Tom Cruise in Mission: Impossible — Ghost Protocol and you have the mask of somebody and you’ve stolen the passwords and you can adjust the seals on the voting machines.”

Still, Bloomberg reports that Colorado specifically asked to have its elections systems stress-tested under last week’s Cyber Storm activities.

When it comes to countering Russian meddling, Colorado is no novice. “Red Alert” described a little-known fact: that computers in the Centennial State were the very first in the U.S. that were proven to be infiltrated by hackers working for the Russian government.

We provided a brief synopsis of this twisting, decades-old saga in February after Special Counsel Robert Mueller indicted thirteen Russian nationals and three companies for carrying out a misinformation campaign beginning in 2014 designed to help Donald Trump win the White House. Here's that excerpt, along with a link to the story. 

The invasion began at 8:30 p.m. on October 7, 1996, and lasted until the early hours of the morning, a time when no one would notice that infiltrators had stealthily slipped through the defenses of a computer at the Colorado School of Mines. Once inside the machine, the hackers binged on data, consuming sensitive information from around the globe.

The next morning, computer technician Kathleen Lamb checked her email inbox and learned of the attack. Although she occasionally had to deal with hacks and breaches of the university’s computers from students and other aspiring hobbyists, she now had a slew of emails from network administrators around the country — and even a few outside of the United States — informing her that a computer located on the Mines campus in Golden had been used to probe or access their networks in a suspicious manner.

Hackers had used the corrupted computer in the engineering building to go after data at the Department of Defense and NASA. But it would be years before a crack cyber-forensics team at the FBI, which dubbed its investigation “Moonlight Maze,” would manage to trace the attack all the way to the Kremlin.

The twisting and turning investigation involved cat-and-mouse games between the federal agents and their slippery targets. And incredibly, one of the ways that the FBI sourced the attacks to Russia was by installing a tracing device on another breached computer they managed to discover in Colorado — this time at the Jefferson County Public Library — that provided forensic details about the origins of the cyberattacks.

The FBI’s clandestine investigation eventually took federal agents to Moscow in April 1999, where the Americans made up an excuse to meet with top Russian officials. The Russians got the Americans drunk on vodka at a dinner function in the hopes of finding out what they were really up to. As the evening took a bawdy turn, one Russian general even stuck his tongue into the ear of a female FBI agent.

But the agents were not deterred. While in Moscow, they finally found the information they were looking for: The Internet service provider used by the Russian hackers on computers such as the ones at Mines and the Jefferson County Library also served the Russian government.

That discovery established a direct link between the attacks and the Kremlin.

Even after the feds wrapped up the Moonlight Maze investigation, cyberattacks and misinformation campaigns by the Russians did not stop — and the American people are only now learning about many of them. The 1996 incident at the Colorado School of Mines, for example, was not known to the public until a British researcher and professor named Thomas Rid found out about it through an open-records request and wrote about the incident in a book that was released in 2016.
You can read the full version of the story here.