https://www.politico.com/story/2019/06/05/vr-systems-russian-hackers-2016-1505582
By Kim Zetter
Politico
06/05/2019
A Florida election software company targeted by Russians in 2016
inadvertently opened a potential pathway for hackers to tamper with voter
records in North Carolina on the eve of the presidential election,
according to a document reviewed by POLITICO and a person with knowledge
of the episode.
VR Systems, based in Tallahassee but with customers in eight states, used
what’s known as remote-access software to connect for several hours to a
central computer in Durham County, N.C., to troubleshoot problems with the
company's voter list management tool, the person said. The software
distributes voter lists to so-called electronic poll books, which poll
workers use to check in voters and verify their eligibility to cast a
ballot.
The company did not respond to POLITICO's requests for comment about its
practices. But election security experts widely condemn remote connections
to election-related computer systems — not only because they can open a
door for intruders but because they can also give attackers access to an
entire network, depending on how they’re configured.
In Durham County’s case, the computer in question communicated with North
Carolina’s State Board of Elections to download the county’s voter list
before elections, which could have potentially opened a gateway to the
state system as well.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
