had its share of election incidents – in 2000 results of the presidential
election hung by a chad. But in 2016, weeks before the heated presidential
tussle, it seems, miscreants launched a ransomware attack on the West Palm
Beach County Supervisor of Elections Office.
Wendy Sartory Link told
The Palm Beach Post she found out about the attack, which occurred under the
watch of her predecessor Susan Bucher, only after the IT Director James Darter
was fired last November after being arrested for possessing child porn.
The acting IT director, Ed Sacerio, told Link about the attempt.
“He said, ‘One thing I don’t know is about … what happened with the hack we
had back (in 2016), to know if that’s still a problem,’” Link cited Sacerio as
saying. “I’m already reeling from the fact that we just lost our IT director,
and now you’re telling me that there was a hack that no one bothered to share?”
She soon found out that the attack, which she doesn’t believe to
be one of two Florida election hacks mentioned in the Mueller report, hadn’t
been reported to authorities.
“Called the state, they didn’t know about it. FBI didn’t know
about it. Homeland didn’t know about it,” Link told the Post.
“This attack coincides with the attack on San Francisco’s Muni rail system in November of 2016 and the ransomware attack that left 70 percent of Washington DC’s police security cameras inoperable in January of 2017, just weeks before the presidential inauguration,” Erich Kron, security awareness advocate at KnowBe4. “While the Muni attack was well known due to the fact that light rail ticketing systems displayed the ransom demands and Muni had to open the gates and allow free rides for several days, the Washington, D.C. event was also handled fairly quietly.”
Noting that in 2016 ransomware
infections didn’t spread across networks as quickly as they do today, Kron
said in the Florida elections board incident, it’s “possible that the infection
was isolated to a single machine or a couple of machines, which may explain why
the incident was not reported to the FBI or DHS.”
Even though it’s likely the
ransomware was delivered through a phishing attack, Kron said it was prudent to
understand how the event happened and to make sure the vulnerability that allowed
it had been addressed. “It is surprising that the second-in-command at the time
is unsure if the vulnerability still exists or how the infection started,” he
With the 2020 elections fast approaching and threats
intensifying with potentially monumental ramifications, organizations must take
measures to ensure election security and integrity by teaching users how to
detect phishing emails, conducting simulated phishing tests and securing remote
access portals for employees or IT staff and vendors, Kron said