Maryland election systems hosted by a vendor with financial ties to a close ally of Russian President Vladimir Putin were not compromised, according to a report published Thursday by the U.S. Department of Homeland Security.
The investigation, conducted by the Hunt and Incident Response Team from DHS’s National Cybersecurity and Communications Integration Center, found no unauthorized access or statistical anomalies in network activity that would suggest malicious behavior.
Maryland officials had learned in July that the vendor, ByteGrid LLC, had been purchased in 2015 by an investment firm controlled by Vladimir Potanin, the sixth-wealthiest person in Russia. They requested the investigation soon after.
Over the course of a seven-day investigation at both the Maryland State Board of Elections and ByteGrid, DHS staff inspected networks for any signs of disruption consistent with malicious activities known to be associated with the government of Russia — including the well-documented hacker groups known as APT28 and APT 29 — and North Korea.
“DHS did not find any evidence that our main network or the systems hosted by ByteGrid have been compromised,” the state Board of Elections wrote in a statement.
Despite the clean report, Maryland still plans to move its election files to a new data center. “We are taking this decisive action out of an abundance of caution and have started the process to transition to a new data center and have a contract with a cybersecurity and technology firm to help us transition to a new data center,” the board’s statement said. “This plan will alleviate our concerns with the current ownership of our hosting vendor and demonstrates our commitment to having the most secure election systems possible.”
The operator of the new data center was not revealed.
Just learning that one of their election vendors was financially linked to a Russian oligarch was enough to spook Maryland leaders into requesting a thorough federal investigation. News of Potanin’s connection to ByteGrid came just as the Justice Department charged 12 Russian military intelligence officers with attempting to hack voter files in 21 states, including Maryland, during the 2016 election.
Under its contract with Maryland, ByteGrid provides hosting services for several of the state’s election-related systems voter registration database, candidate-management platform and the website that reports unofficial results on election days. The contract was initially signed in 2013 with a locally owned company, which was purchased by ByteGrid in 2015. But it wasn’t until July 12 that state leaders learned from the FBI that ByteGrid was financed by AltPoint Capital, a New York venture-capital firm of which Potanin is the lead investor.
While the DHS report — the public version of which is partly redacted — did not find any signs of hacking, it offers several recommendations to make Maryland’s election infrastructure more secure, including greater restrictions on who can access the voter file and other systems, more frequent vulnerability scans and software updates, and the use of virtual private networks to authenticate user identities.
“Properly implemented defensive techniques and programs make it more difficult for a threat actor to gain access to a network and remain persistent yet undetected,” the report reads. “Attacker activity should also trigger detection and prevention mechanisms that enable organizations to contain — and respond to — the intrusion.”