"A team of election security experts used a “Google for servers” to challenge claims that voting machines do not connect to the internet and found some did."
nbcnews.com/politics/elect…
“We found over 35 [voting systems] had been left online and we’re still continuing to find more,” said Kevin Skoglund, a senior technical advisor at the election security advocacy group National Election Defense Coalition.
“We...discovered that at least some jurisdictions were not aware that their systems were online. In some cases, [the vendor was] in charge [of installing the systems] and there was no oversight.
vice.com/en_us/article/…
"While no one is suggesting that any of these systems have been manipulated or hacked, the findings highlight how little local & fed officials understand how these...systems are configured & connected and the extent to which they are beholden to what the vendors tell them."
"ES&S installs and configures the firewalls for the “majority” of its customers. Counties then take over the maintenance or contract it out to a third party, which may even be ES&S in some cases."
"There are more than 33,000 ES&S DS200 optical scan machines with modems in use across eleven states and the District of Columbia. But ES&S [said] it doesn’t know how many of its customers currently transmit results."
"What’s not generally known by the public about ES&S election systems is that the company’s entire configuration for transmitting election results—from the modem to the SFTP server—is not certified by the Election Assistance Commission (EAC)..."
"...led them to 35 connected systems over the last yr, though Skoglund notes that there may actually be more ES&S systems connected to the internet that are not visible to Censys scans, since administrators can configure their connected devices to block automated scans."
"When examining the ownership records for the IP addresses of the connected systems, at least four of them were registered to county governments in Michigan and Florida."
"One of the most dense states for online election systems was Florida, where researchers found a number of connected systems that they believe belong to Bradford, Charlotte, Flagler, Wakulla, Miami-Dade & Pasco counties, & one other county they’re unable to identity..."
"Asked which states do security assessments, he cited WI, FL & MN. But someone familiar w/ Wisconsin’s certification testing, who spoke on condition of anonymity, said it doesn’t include a security assessment of the modem transmissions & configuration."
"The expansion by Amazon Web Services into state & local elections has quietly gathered pace since the 2016 US pres. vote. More than 40 states now use one or more of Amazon’s election offerings."
reut.rs/2R5RwYK