ATLANTA (AP) – Republican efforts questioning the outcome of the 2020 presidential race have led to breaches of the voting system, according to election security experts who pose a high risk for future elections.
Copies of the Dominion Voting Systems software used to manage the election, from ballot design to voting machine setup and accounting results, were distributed at an event this month in South Dakota hosted by the CEO of MyPillow, Mike Lindell, ally of former President Donald Trump unfounded claims about last year’s election.
“It’s a game changer in which the environment we’re talking about right now is a reality,” said Matt Masterson, the Trump administration’s former chief of election security. “We essentially told election officials that you should assume that this information already exists. Now we know it is, and we don’t know what they will do with it. “
The software copies came from voting teams in Mesa County, Colorado, and Antrim County, Michigan, where Trump’s allies sued challenging last fall’s results without success.
Dominion software is used in about 30 states, including the counties of California, Georgia, and Michigan.
Electoral Security Pioneer Harri Hursti attended the South Dakota event and said he and other attending researchers were provided with three separate copies of the election management systems running on Dominion software. The data indicated that they were from the counties of Antrim and Mesa. While it’s unclear how copies of the event were posted, they were posted online and made available for public download.
The statement provides hackers with a “practical environment” to investigate vulnerabilities they could exploit and a roadmap to prevent defenses, Hursti said. All hackers would need is physical access to systems because they are not supposed to be connected to the Internet.
“The door is now wide open,” Hursti said. “The only question is: how will you sneak in the door?”
A Dominion representative declined to comment, citing an investigation.
U.S. election technology is dominated by only three vendors that account for 90% of the market, meaning election officials cannot easily change their existing technology. The release of software copies essentially provides a blueprint for those trying to interfere with the way elections are conducted. They could sabotage the system, alter the design of the ballot or even try to change the results, said Kevin Skoglund, an election technology expert.
“This disclosure increases both the likelihood of something happening and the impact of what would happen if it happened,” he said.
The Republican effort to examine the voting team began shortly after the November presidential election, as Trump challenged the results and blamed his loss for widespread fraud, although there has been no evidence of this.
Judges appointed by both Democrats and Republicans, election officials from both parties and Trump’s own attorney general they have dismissed the claims. A coalition of federal and state election officials rated the 2020 elections as the “safest” in U.S. history and post-election audits across the country found no significant anomalies.
In Antrim County, a judge had authorized a forensic examination of voting equipment after a brief mix of election results led to a lawsuit alleging fraud. He was fired in May. Hursti said the date of the software release coincides with the date of the forensic examination.
Calls requesting information from the Antrim county secretary and the local prosecutor’s office were not immediately returned; a call was sent to the county clerk at the judge’s office. The Michigan Secretary of State’s office declined to comment.
In Colorado, federal, state and local authorities are investigating whether Mesa County election staff could have provided unauthorized people with access to their systems. County Election Secretary Tina Peters appeared on stage with Lindell in South Dakota and told the crowd that her Democrats were the target of state Democrats.
Colorado Secretary of State Jena Griswold said she alerted federal election security officials to the breach and told her it was not considered a “significant increase in the electoral risk landscape at this time.” Last week, Mesa County commissioners voted to replace the voting equipment that Griswold had ordered could no longer be used.
Geoff Hale, who leads the electoral security effort at the U.S. Cybersecurity and Infrastructure Agency, said his agency has always operated on the assumption that malicious agents know the vulnerabilities of the system. Election officials, on the other hand, focus on ways to reduce risk, such as using ballots with a paper record that can verify the voter and rigorous post-election audits, Hale said.
He said public exposure to Dominion software does not change the agency’s guidelines.
Security researcher Jack Cable said he assumes U.S. opponents already had access to the software. He said he was more concerned that the release would foster mistrust among the growing number of people who are not inclined to believe in the security of the US election.
“It’s a concern that people, trying to prove the system is insecure, make it more insecure,” said Cable, who recently joined a cybersecurity company run by former CISA director Christopher Krebs and former chief Facebook Security Officer Alex Stamos.
Concerns about access to voting machines and programs first arose this year in Arizona, where the Republican-controlled state Senate hired Cyber Ninjas, a company with no previous electoral experience, to audit county elections. Maricopa. The firm’s chief executive had also tweeted support for conspiracy theories surrounding last year’s election.
After the county’s Dominion voting systems were handed over to the firm, Arizona’s top election official determined they could never be used again and ordered the county to buy new ones.
Dominion has filed lawsuits to answer several unfounded claims about its systems. In May, he called it “reckless” to give Cyber Ninjas access to his code, given the firm’s bias, and said it would cause “irreparable damage” to electoral security.
Election technology and security expert Ryan Macias, in Arizona earlier this year to observe this review, was alarmed by the lack of cybersecurity protocols. There was no information on who was given access, whether these people had passed background checks or were asked to sign non-disclosure agreements.
Cyber Ninjas did not respond to any emails with questions about the review and its security protocols.
Macias was not surprised to hear that copies of Antrim County’s electoral management system had appeared online given the questionable motives of the various groups conducting the reviews and the central role that voting systems have played in theories of conspiracy.
“That’s what I predicted would happen and I anticipate it will happen again coming out of Arizona,” Macias said. “These actors have no responsibility or rules of engagement.”