Another Click2Gov data breach hits Indio, California
October 15, 2018
The online bill payment software used by hundreds of local governments continues to be a frequent source of cybersecurity incidents.
The FBI briefed state leaders about the vendor's ownership on Thursday, one day before federal prosecutors charged 12 Russian intelligence officers with hacking during the 2016 election.
Benjamin Freed is the technology editor for StateScoop, covering how states and cities make decisions about the technology that powers government s...
Maryland will investigate a company that operates part of its statewide voter registration system after learning that it is owned by a Russian billionaire known to be close to Russian President Vladimir Putin. The state's leaders learned Thursday that the vendor, ByteGrid LLC, was purchased in 2015 by an investment firm controlled Vladimir Potanin, the sixth wealthiest person in Russia.
State Senate President Thomas V. Mike Miller and House Speaker Michael Busch went public on Friday, the same day the U.S. Justice Department charged 12 Russian military intelligence officers with hacking Democratic Party organizations and state- and county-level elections boards during the 2016 presidential election. Miller and Busch had been briefed, along with Gov. Larry Hogan, by the FBI on Thursday, they said in a statement published Friday afternoon.
"While the FBI did not indicate that there was a breach, we were concerned enough to ask Attorney General [Brian] Frosh to review the existing contractual obligation of the State, as well as asked for a review of the system to ensure there have been no breaches," the statement reads. "We have also instructed the State Board of Elections to complete all due diligence to give the voters of Maryland confidence in the integrity of the election system. We are also asking the federal Department of Homeland Security Election Task Force to assist the State Board of Elections for any corrective action deemed necessary."
Maryland signed a contract in 2013 with a local company to manage the state voter file, according to the Capital Gazette. That company was purchased in 2015 by ByteGrid, which also hosts other election-related systems, including the candidate-management system and unofficial results websites. ByteGrid's leading funder is a firm called AltPoint Capital, of which Potanin is the lead investor.
The federal indictment filed Friday describes extensive attempts to breach voter registration databases and other election-related systems in several states, including Florida, Iowa and Georgia, along with an unnamed state believed to be Illinois. Maryland is not mentioned in the court document, though it was one of 21 states where the Department of Homeland Security believes there were intrusion attempts against the systems in 2016. State election officials have said there were no breaches.
That didn't stop the state's U.S. senators, Ben Cardin and Chris Van Hollen, from putting out statements of their own blasting the discovery.
"Six months ago, I released a Foreign Relations Committee report that documented Putin’s pattern of asymmetric warfare against democratic institutions, universal values, and the rule of law in Russia and across Europe over the last twenty years," Cardin said. "The playbook clearly carried over to Maryland and elsewhere across the U.S."
Hogan also said Friday he wanted to know more about ByteGrid.
"It was with concern that I learned that information provided to the Maryland State Board of Elections by federal law enforcement this week indicates that a vendor contracted by the Board to provide a number of services, including voter registration infrastructure, had been acquired by a parent company with financial ties to a Russian national," he said in a statement released by his office.
Hogan, Miller, Busch also on Friday sent a letter to Homeland Security Secretary Kirstjen Nielsen asking the department for assistance in reviewing the state elections board's network integrity and security.
"The mere fact that we have had discussions with the Federal Bureau of Investigation, and Department of Homeland Security Office of Cybersecurity and Communications should provide evidence of our grave concern regarding this matter," the letter reads. "We are resolved to ensure that this matter is fully examined to ensure Marylanders can have faith in the integrity of their election system."
The Maryland leaders asked Nielsen to complete a review "within the shortest time possible" before November's elections, which are 104 days away.