Voting system security is problematic enough, but one company might have unintentionally laid out a welcome mat for hackers. Politico claims VR Systems, a voting software firm targeted by Russians, took a gigantic risk in 2016 by using remote access software to connect to a computer in North Carolina and troubleshoot a voter list management tool in the last two days before the election. As the tool downloaded the Durham County voter list straight from the state’s Board of Elections, intruders could have altered local (and potentially state-level) records to prevent people from voting in key precincts.
The connection was only open for several hours, Politico said, but that would have been long enough for would-be infiltrators. There’s no known evidence of hacks skewing North Carolina’s results, although investigations are still underway. The company reportedly made a habit of using remote access when it thought an in-person visit would take too long.
VR Systems hasn’t responded to requests for comment, although a Politico source said the company had agreed to stop the practice.
This latest report paints a less flattering picture of the company, which already dealt with a spearphishing attack (claimed to be unsuccessful) in 2016. It also suggests that the practice of using remote access software on election-related systems was more commonplace in 2016 than previously thought. There is good news, though — the Department of Homeland Security now plans to study the laptops used in Durham County that led to the remote access use, potentially boosting security ahead of the 2020 vote.