‘Oh my God, no’: Handing over computer hardware to GOP audit could expose county to cyberattacks, expert says

Sheriff Penzone is concerned about the risks to private public safety information. He says he would go to court to block the release of computer routers to audit team

PHOENIX – We are entering the third day of a legal standoff over the audit of the Arizona Senate Republicans’ election, with cybersecurity experts warning that your personal information could be at stake.

Maricopa County rejected an ultimatum that it would hand over the building blocks of its computer network to listeners.

But Senate Republicans have yet to follow through on subpoenas they threatened to issue on Monday.

The plan was to transport several county officials to a Senate committee to explain under oath their refusal to follow a previous subpoena.

“I find it unwise,” Maricopa County Sheriff Paul Penzone said in an interview Tuesday.

Penzone softened him. “Insensibly insane” is how he described the behavior of Republicans in the Senate on Friday, when the ultimatum was issued.

“If you are making decisions that affect law enforcement, at least have the courtesy to hear from us.”

If he has to go to court to protect the routers, Penzone said, he will.

The battle is over the computer routers used by the country’s fourth largest county.

Listeners want the equipment to test a conspiracy theory.

Penzone and the County Board warn that handing over the routers, which were requested during a Senate subpoena four months ago, would expose the personal information of countless people and put public safety at risk.

There would also be a financial blow. County board chairman Jack Sellers warned of a $ 6 million bill to replace routers auditors would have.

RELATED: Arizona Audit: Everything You Need To Know

“ Big security risk ”

“Ask any (IT) professional if they would be willing to give their router to anyone, and 10 out of 10 times they’ll say, ‘Oh my God, no,’ ‘ said Matt Bernhard, research engineer at VotingWorks, a non-profit, non-partisan voting technology company.

“It’s a big security risk.”

Bernhard describes the work of routers using the analogy of a postman’s route.

Computers send envelopes with an outside address to the router. The router reads the address and knows where to send it.

“Routers are very central. They see all of the communication that occurs between computers on networks,” Bernhard said.

“If the sheriff’s office talks to the attorney’s office over the network, those routers will see that traffic.”

RELATED: Bamboo Ballots, Death Threats, and Ultimatum: What’s Next for Arizona GOP Election Audit?

Private public security information

Penzone is concerned that private information about cases, detainees and detention officers, for example, could fall into the wrong hands.

Other law enforcement agencies might be reluctant to work with the MCSO, he said.

“Suddenly we allow (auditors) to be responsible for the critical information we need,” he said.

The greatest risk of handing over routers and the computer network roadmap they contain, Bernhard said, is to open the door to hackers or ransomware attacks.

“Once it becomes public, it makes their job a lot easier,” he said.

Testing a conspiracy theory

Senate Republicans have assigned the routers so listeners can test a conspiracy theory: whether the county’s ballot-counting machines are connected to the Internet.

“There are people who have always suspected something bad about elections connected to the Internet,” said Ken Bennett, Senate audit liaison.

An independent audit carried out for the county earlier this year found that the tabulation machines did not have an Internet connection.

“The general assumption is that someone broke into the election, they hacked the system,” Bernhard said.

“An attacker somehow enters the network, possibly through the router, and from there he can gain access to the voting equipment.”

Is this even plausible with electoral computers that are not on the network?

“It’s extremely rare,” said Bernhard, “and it would require resources and effort at the nation-state level.”

‘Unconventional listeners’

Bernhard, like other election security experts questioned about the audit, was wary of over-reading what the Senate Republicans team might do with the equipment.

“They are not conventional election auditors,” he said. “I use listeners very loosely.”

None of the audit team members hired by Senate Speaker Karen Fann have experience auditing an election.

The spokesperson and counsel for the Senate Republicans did not respond to a request for comment on the status of subpoenas for routers.

Late Tuesday, Jeremy Duda of the Arizona Mirror reported that Senate Republicans could target Dominion electoral systems with a subpoena.

Dominion, which leases its counting machine in Maricopa County, has the passwords the audit team wants.

Maricopa County Election Audit

Follow the latest developments in the Maricopa County election audit on the 12 News YouTube channel.

About Ethel Nester

Check Also

WA incentive scheme for councils to use more recycled road materials

The Western Australian government is offering local councils a share of $350,000 to use more …

Leave a Reply

Your email address will not be published.