Wisconsin officials awaiting more details on hack attempt
MADISON (AP) -- Elections officials were hoping to get more information as soon as Monday about a Russian attempt to hack Wisconsin's voter registration system, even as the state moved ahead with efforts to bolster cyber security defenses.
The U.S. Department of Homeland Security on Friday informed the Wisconsin Elections Commission that it was one of 21 states that "Russian government cyber actors" had unsuccessfully tried to infiltrate during the 2016 elections.
The hacking attempt focused on the state's voter registration database, not voting results that are counted and tabulated by more than 1,850 local election clerks.
Elections Commission spokesman Reid Magney said the commission was in the process of getting more information about what happened and hoped to hear those details from Homeland Security officials on Monday. Details about next steps will be discussed at a previously planned commission meeting Tuesday, Magney said.
The Commission had been slated to discuss security improvements Tuesday, even before news of the attempted hack broke last week. Changes being contemplated, Magney said, include encrypting the entire voter registration database to protect the information and make it unusable to anyone who may be able to steal it. Another change being considered is two-factor authentication for more than 1,850 local election clerks or state officials attempting to make changes to voter registration data contained in the WisVote database.
"We're going to look at the best practices from everywhere," Magney said.
Wisconsin's online voter registration database is accessible by about 3,000 users -- municipal and county clerks and their employees, and state Elections Commission staff, Magney said. The only way voters can affect information in the system is to register to vote. While some states allow registered voters to update their information online, that is not permitted in Wisconsin, Magney said.
The Elections Commission is unaware of any Wisconsin voter reporting that their registration information had been altered or deleted against their will, Magney said. There have also been no reports of identity theft or phishing attempts to break into voter registration data in the WisVote system, he said.
"We watch the WisVote system every day for changes," Magney said. "We know who makes changes to the system. ... We know any time somebody makes a change to a record, we know which user made those changes, we know where they came from."
The hacking attempt had no effect on Wisconsin's election systems or outcome of any race, the state's top elections official Michael Haas and a spokesman for Gov. Scott Walker said.
Walker's administration on Friday downplayed concerns, noting that the state experiences 9 million vulnerability scans and 505,000 attempts to break passwords each year.
Homeland Security told the Elections Commission that the Russians scanned the state's internet-connected election infrastructure, likely seeking specific vulnerabilities such as access to voter registration databases.
A hacker targeting a system without getting inside is similar to a burglar circling a house checking for unlocked doors and windows.
Wisconsin was one of several political battleground states, along with Ohio, Pennsylvania, Florida and Virginia that were targeted by the Russians, according to Homeland Security.
The hacking disclosure came as a special counsel investigated whether there was any coordination during the 2016 presidential campaign between Russia and associates of President Donald Trump.
He carried Wisconsin by fewer than 23,000 votes, a victory that was confirmed following a recount requested by Green Party candidate Jill Stein.