Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Iowa Fiasco Highlights Security Risks in US Vote, Officials Say

US officials and cyber experts warned Tuesday that the voting debacle in the Democratic caucuses in Iowa underscored the vulnerabilities in the country’s election infrastructure in everything from hacking to trust-eroding conspiracy theories.

US officials and cyber experts warned Tuesday that the voting debacle in the Democratic caucuses in Iowa underscored the vulnerabilities in the country’s election infrastructure in everything from hacking to trust-eroding conspiracy theories.

The technology problems which have prevented a complete vote count in the first test for the 2020 election were founded on what experts described as a poorly-tested, poorly performing vote reporting smartphone app.

“We have every indication that our systems were secure and there was not a cyber security intrusion,” the Iowa Democratic Party said in a statement.

But specialists said that the episode has shown how vulnerable state-based voting is to unproven systems.

“Given the amount of scrutiny that we have on election security these days, this is a concerning event. It really goes to the public confidence of our elections,” acting Homeland Security Secretary Chad Wolf told Fox News.

– ‘Continuing chaos’ –

“The continuing chaos in Iowa is illustrative of our overall failure to take sufficient steps to protect the integrity of our election systems,” said Democratic Senator Mark Warner, co-chair of the Senate Cybersecurity Caucus.

“We need to look holistically at protecting the security, integrity, and resiliency of election systems — from registration systems, to e-poll books, voting machines, tabulation machines, and election night reporting systems.”

The 2016 national election hangs over the coming November presidential and Congressional contests.

The US government says Russian hackers broke into Democratic party communications and systems, stealing documents and emails which were released on WikiLeaks to embarrass the party.

The hackers, which US intelligence says were tied to Russian spy agencies, also made repeated efforts, some partly successful, to break into systems in all 50 states, according to a Senate investigation.

The activity exposed a large gulf between federal cybersecurity efforts and those in the states — where distrust of federal involvement, even assistance, was widespread.

– 2020 threat –

US intelligence officials believe that Russia and other countries are preparing to interfere in the 2020 election, from hacking to disinformation.

And weaknesses are still widespread, especially at local levels.

The McAfee cybersecurity group reported that “significant majorities” of the official election websites in the 13 states viewed as crucial battlegrounds in the presidential race had fundamental security issues.

Many of the websites do not use “https” encryption, McAfee said.

Many also do not use the US government-vetted “.gov” address which can assure users that it is an authentic election website.

Both measures help “prevent malicious actors from launching copycat web domains posing as legitimate county government sites,” McAfee said.

Out of 1,117 counties, 83 percent of websites didn’t use “.gov” and 46 percent lacked “https” protection.

Alex Stamos, director of the Stanford Internet Observatory and former Facebook security chief, describes risks from voter registration rolls to failing voting machines to the possible injection of ransomware into voting systems.

All of that, he says, can be exacerbated by online distortion and false news reporting.

“The largest external risk to American democracy is an attack that combines a technical assault against our widely distributed and poorly secured election infrastructure with disinformation that American partisans will happily amplify,” he said on Twitter Tuesday.

– ‘Rampant’ misinformation –

The issue of fake news was present Tuesday with widespread rumors and conspiracy theories swirling around the Iowa vote.

“This chaos has created an environment where misinformation is now running rampant online, further undermining confidence in the democratic process,” Warner said.

“As we get further into the 2020 primaries, what happened in Iowa is an early warning sign that Congress, local officials, and the social media platform companies have much more work to do to ensure the integrity of our elections.”

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.