But Motherboard has learned that connected to the firewalls are even more critical backend systems—the election-reporting module that tabulates the unofficial votes as well as the official ones, and the election-management system that is used in some counties to program voting machines before elections. The researchers said that gaining access through the firewall to these systems could potentially allow a hacker to alter official election results or subvert the election-management system to distribute malware to voting machines through the USB flash drives that pass between this system and the voting machines.*Online, the researchers can only see the firewalls configured in front of these systems and cannot see anything behind them—a federal law makes it illegal for them to probe beyond the firewall. But ES&S documents posted online in various counties show that these critical backend systems are connected to the firewall, and ES&S also confirmed to Motherboard that this is the correct architecture in counties that want to transmit results electronically.ES&S has long insisted that election-management systems are air-gapped—that is, not connected to the internet or connected to any other system that is connected to the internet—and the company insists to Motherboard that the diagram it provided isn’t showing them connected to the internet."These are all secure technologies that if [configured] correctly work just fine. It’s just that we have no faith that they are done correctly."

While no one is suggesting that any of these systems have been manipulated or hacked, the findings highlight how little local and federal election officials understand how these critical election systems are really configured and connected, and the extent to which they are beholden to what the vendors tell them.Senator Ron Wyden (D-Oregon) said the findings are “yet another damning indictment of the profiteering election vendors, who care more about the bottom line than protecting our democracy.” It’s also an indictment, he said, “of the notion that important cybersecurity decisions should be left entirely to county election offices, many of whom do not employ a single cybersecurity specialist.”“Not only should ballot tallying systems not be connected to the internet, they shouldn’t be anywhere near the internet,” he added.“Not only should ballot tallying systems not be connected to the internet, they shouldn’t be anywhere near the internet.”
Ron Wyden (D-OR) speaks at a press conference alongside Speaker of the House Nancy Pelosi (D-CA) on passing the America's Elections Act on June 26, 2019 in Washington, DC. The SAFE Act bill includes reforms to safeguard voting systems and modernize election infrastructure in an effort to lower the likelihood of hacking. Image: Tasos Katopodis/Getty Images
ES&S diagram the company submitted last year to Travis County, Texas, as part of a contract proposal shows the reporting system and election-management system directly connected to the SFTP server through the switch, and all of them are connected to the firewall.
Hunting Election Systems
An ES&S document supplied to Rhode Island and dated 2015, which clearly shows the modem transmission of votes from the company's DS200 optical scan voting machines going over the internet.
Wisconsin’s recount was completed, but some counties that used optical scan machines didn’t do a true recount—they simply ran the paper ballots through the optical-scan machines a second time, instead of manually comparing them against the digital tallies to uncover discrepancies. If any problems existed in the scanner software to produce incorrect results during the first scan, they would reproduce the same incorrect results in the re-scan.The researchers repeated their searches of the Censys database periodically to see when systems dropped out of visibility or new ones popped up online. This allowed them to see the systems connected for long periods of time, contrary to assertions by election officials that the systems for transmitting results only remain connected for a few minutes after elections. Some of the systems do pop up online only around election times, but they tend to remain online about a month before disappearing, not a few minutes.“Rhode Island is one that kind of comes on and goes off,” Skoglund said. “They don’t stay on year round. But others do.”Motherboard asked Errata Security CEO Graham, who created an internet-scanning tool called Masscan, to independently verify the methodology the researchers used to find the systems, and he confirmed that the method was sound, using the search parameters the researchers provided. Like the researchers, though, he was unable to explore further without breaking the law, so he could only see the firewalls and not what is behind them. An independent election security expert named Harri Hursti, who consults with election districts and helps run the annual Voting Machine Hacking Village at the Def Con security conference, also verified the methodology for Motherboard without being told how to find the systems. Hursti in fact told Motherboard that many other election systems are online that the researchers’ particular search parameters missed."What you are describing is a bad behavior amplified by sloppiness and complete negligence of security."
Image: Scott McIntyre/Bloomberg via Getty Images