/ Modified jul 18, 2018 9:27 a.m.

Hackers Take Aim at State, Including Elections, Millions of Times a Month

Officials say attempts on Arizona line up with numbers for states around the country.

Arizona's sensitive databases are under constant cyberattack, state officials say.

"As a state, we get attacked about 8.5 million times a month," said Mike Lettman, co-chair of the Arizona Cybersecurity Team.

The computers at the Secretary of State's office, which houses the elections division, gets hit tens of thousands of times.

"It's not uncommon to get over 50,000 unwarranted attempts or intrusions a month," said Secretary of State Michele Reagan.

While both of those figures may seem staggering, they are average compared to other state governments around the country, according to Lettman.

Arizonans first became acutely aware of the hacking possibilities following the 2016 election. The FBI revealed Arizona's election data base was attacked. But state officials say that was blown out of proportion.

"We always get attacks, we always have people trying to get in, there are people from all over the world," said Lettman.

He said cybersecurity officials are not sure what the intent of the attacks are.

"They may be trying to do their normal thing of stealing data and make money or they may be targeting our system. Can I sit here and say nobody is interested in changing our election? No. I am sure there are many people who are trying to do that," said Lettman.

So how is the state keeping hackers out of its databases?

First, your vote is not online. The machines that count ballots in each precinct are not connected to the internet. The only way to hack them would be to take the data cards out of the machines. Thousands of those machines are in the state.

Ballots are also paper, so they can be recounted.

Voter information, however, is online. That means it is vulnerable to hacking. Changing the voter rolls is one of the nightmare scenarios for election officials.

"If you really want to mess up an election, that would be the way to do it," said Reagan.

To help prevent that, anyone using he voter database must use two-factor authentication, according to Reagan.

The system is also set up so that only letters can be entered into the name fields. That keeps someone from entering programming code instead of names into the database, a common way hackers plant programs to steal data.

If the voter rolls were compromised, voters could vote provisional ballots, which can be verified later.

To aid in the anti-hacking efforts, Gov. Doug Ducey, created the Arizona Cybersecurity Team in early 2018. The team's job is to outsmart hackers, though they won't talk about most of the methods they use.

The Hollywood image of the hacker is a single person sitting in a dark room. Lettman said those people exist, but they aren't the only threats.

"It could also be as complex as that same guy has control of a thousand of computers around the world and he can have all thousand at once launch some sort of attack against a single entity or multiple entities," he said.

Arizona's team is in constant contact with federal cybersecurity officials to ensure they are up to date on the latest threats and methods. Those threats change daily.

"The bad guys only need to be right once, and our systems need to be right every time," said Reagan.

Your Vote 2018
Read more coverage of national, Arizona, and local elections at our 2018 elections portal, Your Vote 2018.
By posting comments, you agree to our
AZPM encourages comments, but comments that contain profanity, unrelated information, threats, libel, defamatory statements, obscenities, pornography or that violate the law are not allowed. Comments that promote commercial products or services are not allowed. Comments in violation of this policy will be removed. Continued posting of comments that violate this policy will result in the commenter being banned from the site.

By submitting your comments, you hereby give AZPM the right to post your comments and potentially use them in any other form of media operated by this institution.
AZPM is a service of the University of Arizona and our broadcast stations are licensed to the Arizona Board of Regents who hold the trademarks for Arizona Public Media and AZPM. We respectfully acknowledge the University of Arizona is on the land and territories of Indigenous peoples.
The University of Arizona