A voter goes into the Boulder County Clerks Office to cast their ballot on Election Day in Longmont, Colo., on Tuesday, Nov. 8, 2016.
No compatible source was found for this media.
Hackers poke and prod Colorado’s election infrastructure on a regular basis, but the state doesn’t appear to be among dozens of states cited in a news report Tuesday that claims Russian computer experts targeted dozens of states in the months leading up to the 2016 election.
“To our knowledge, we don’t think they were targeting Colorado,” said Trevor Timmons, chief information officer for the Colorado secretary of state’s office. “We didn’t see any (attempted infiltration from Russian groups). We got what looked like some standard type of activity, but we didn’t see concerted intrusion attempts from those Russian-affiliated groups.”
Timmons said the Colorado secretary of state’s office, which oversees elections and voting in the state, was warned about two specific internet protocol — or IP — addresses linked to Russian cyber attackers as well as their methods of attempted intrusions. Cybersecurity officials kept close tabs on the state’s voter systems, looking for any signs of those intruders, but didn’t find anything of particular concern.
The office was responding to a Bloomberg News report Tuesday that Russian hackers tried to hit election-related in as many as 39 states. The news service says in Illinois, there were signs hackers even tried to delete or alter voter data.
Colorado officials say they also don’t believe any of the state’s election systems were using a private, third-party contractor — VR Systems — identified by Bloomberg as being a particular target by Russian hackers.
But while Colorado’s voting system wasn’t a target of Russian infiltration attempts, that doesn’t mean there aren’t other groups constantly scanning the secretary of state’s office for weaknesses every day.
For instance, the Colorado secretary of state’s office blocks anywhere from 10 to 15 IP addresses each day that it finds are linked to suspicious behavior toward its system.
“The state of Colorado as a whole obviously sees thousands of attacks a day,” said Rich Schliep, chief information security officer for the secretary of state. “And our office sees hundreds. And that’s just normal activity.”
Most of the “attacks” really aren’t that, however, and are really just attempts by hackers to scan for weaknesses.
“That happens all the time from all sorts of sources,” Timmons said. “It’s not just Eastern Europe and North Korea. It’s also from computers that are in Germany and France and the United States. We see those things all the time.”
And so far the cybersecurity in the secretary of state’s office have worked well, officials in the office say. There haven’t been any identified breaches of its system, and Secretary of State Wayne Williams has repeatedly lauded the state’s voting systems as being very secure.
Reasons include extensive staff training on how to avoid falling victim to hackers’ phishing emails and routine tests by private cybersecurity company on the office’s ability to thwart an infiltration.
“We’re doing quite well,” Schliep sad. “We’ve got a good security program. We are ahead of a lot of different organizations.”