Not Just Ballots: Tennessee Hack Shows Election Websites Are Vulnerable, Too

May 17, 2018
Originally published on May 17, 2018 11:49 am

When a WWE wrestler, especially one known for his demonic antics and a move called the "tombstone piledriver," runs for mayor of your county, you know your election is going to get more attention than usual.

But in Knox County, Tenn., it wasn't the fact that Glenn Jacobs, also known to wrestling fans as Kane, was running for mayor that gained national attention on the county primary day, May 1.

It was that the county's election website, at the time the site was supposed to begin posting election results, came under attack.

Malicious cyber actors shut down the county website and broke into the web server, according to county officials and a report done by the cyber security firm Sword and Shield.

The episode didn't have an effect on the outcome of the election, but it shut down the website for an hour and illustrated how malicious actors in the cyber-sphere can have an impact on democracy without actually affecting vote tallies.

The Senate Intelligence Committee said earlier this month that at least six states had their elections websites attacked by Russian operatives leading up to the 2016 election.

While a lot of attention is given to ballot security, the issue of election websites, which many voters rely on to find out results, is also a key voter security concern heading towards the 2018 midterms. Public-facing sites are naturally more vulnerable targets.

Experts say affecting election result pages, and even social media accounts that report results, could sow chaos and discord among a public — if it creates doubt about who actually won an election.

"Any web server by definition, is connected to the internet, so it's directly vulnerable to attacks from the internet," said Doug Jones, an elections cyber security expert at the University of Iowa.

It's unclear who conducted the attack in Tennessee, or why. IP addresses related to the attack were mapped back to computers in the United Kingdom and Ukraine, but Jones says attackers are adept at masking the actual location they're attacking from by breaking into remote computers and using them nefariously.

Elections websites can be especially vulnerable targets in voting districts that are more rural than Knox County, Jones says, because those counties often don't have the resources to adequately monitor and secure their sites.

"It's really unlikely that there isn't some vulnerable county out there and the first thing an attacker would do would be start probing all the county election offices and finding the ones that are weak," Jones said, before adding that elections are often far down the priority list for governments.

"If you're a county administrator and you have a county-run public health program, and a county election office and you have a choice between funding a homeless shelter and funding an election office, which are you going to do?" Jones said.

In cases like Knox County, a breach of the website does not have an effect on who actually wins the election. Tennessee's coordinator of elections, Mark Goins, said if he had to pick an area to be attacked, he'd prefer it be on a website than on a registration system or ballot-tabulating system, since the website is in no way connected to the system that actually determines who wins or loses the election.

Votes are tabulated separately and then input to the server for the public to view.

"There's really nothing on that server that's not public information anyway, it's quite isolated from anything else we have," said Dave Ball, the deputy IT director for Knox County. "But the bad guys don't necessarily know that."

Chris Davis, the assistant administrator of elections in Knox County, says maintaining a secure website is more an issue of maintaining voters' trust that the entire elections system is safe.

"It's from a public perception standpoint as much as anything," Davis said. "We want to make sure all of this data is secure and that if someone logs onto our website that they can trust that that data, that information is correct."

The race for the U.S. senate seat in Tennessee held now by Republican Sen. Bob Corker looks, at this point, to be competitive. The campaign for former Gov. Phil Bredesen, the Democratic nominee for seat, said earlier this year that it also feared it was hacked.

"If something happens in Nebraska, it's one thing, but if it happens in your backyard, then it's like — this can happen," Davis said. "If this can happen in little old Knox County, Tennessee, then it can happen anywhere."

Copyright 2018 NPR. To see more, visit


House Speaker Paul Ryan has called every member of the House of Representatives to an important meeting next week on election security. Top intelligence and law enforcement officials will brief Congress on the risks and threats to this year's midterm elections. Local election websites are particularly under threat, and one of them was breached this month on election day in Tennessee. NPR's Miles Parks has more.

MILES PARKS, BYLINE: Officials in Knox County, Tenn., knew their county primary would get more attention than normal. Here's Chris Davis, the county's assistant administrator of elections.

CHRIS DAVIS: One of the candidates in this election who actually ended up winning the Republican primary for county mayor was a gentleman by the name of Glenn Jacobs, who - I'm not sure if NPR listeners are pro wrestling aficionados. Maybe, maybe not, but - was a pro wrestler by the name of Kane.


UNIDENTIFIED PERSON #1: Get down. Get down.

UNIDENTIFIED PERSON #2: It's Kane. Kane is back.


UNIDENTIFIED PERSON #2: The Big Red Machine is here.

PARKS: But right as election results started coming in, an incident even scarier than Cain's tombstone piledriver took officials and voters by surprise.

DAVE BALL: Around 8 o'clock, we suddenly started experiencing a very high load of traffic.

PARKS: That's Dave Ball, the deputy IT director for Knox County.

BALL: Shortly thereafter, the Web server hit as much capacity as it could take, and it went down.

PARKS: The website, which was supposed to be showing election results, stayed down for about an hour. The server wasn't connected to the system that records or counts votes, but it's the way many voters learn about the outcome. The Senate Intelligence Committee says six states had their election websites attacked by Russian operatives in 2016. Doug Jones is an election cybersecurity expert at the University of Iowa. He says local election websites are more vulnerable to attacks than, say, a voting machine because the sites are connected to the Internet.

DOUG JONES: The diversity, the huge number of counties, means it's expensive to do a broad attack because there are so many of them. But it also means it's really unlikely that there isn't some vulnerable county out there. And the first thing an attacker would do would be to start probing all the county election offices and finding the ones that are weak.

PARKS: Knox County took care of the vulnerability that the attackers exploited, and, again, the website was only down for an hour. No votes were in any way affected. But Chris Davis says it's just as much about a voter's confidence in the entire election system.

DAVIS: It's from a public perception standpoint as much as anything. We want to make sure that all of this data is secure, and if somebody logs on to our website to look at something that they can trust that that information is correct.

PARKS: He said county officials will be extra alert heading into this year's midterm elections. Tennessee may have a competitive Senate race this year.

DAVIS: Something happens in Nebraska, it's like, OK. That's one thing. But if it happens in your backyard, it's, well, this can happen. Well, you know, if this can happen in little old Knox County, Tenn., it can happen anywhere.

PARKS: On August 2, voters in Knox County will go to the polls again to decide whether Glenn Jacobs, Kane, will be their next mayor. Miles Parks, NPR News, Washington. Transcript provided by NPR, Copyright NPR.