U.S. cyber agency says no credible threat to midterm vote despite websites going down

By Zeba Siddiqui

SAN FRANCISCO (Reuters) -The top American cybersecurity agency said on Tuesday it was helping to fix problems with some state websites that were hit by cyberattacks during the U.S. midterm election, but it saw no credible threats aimed at disrupting the voting infrastructure.

“There is no specific or credible threat that is disrupting election infrastructure,” a senior official at the Cybersecurity and Infrastructure Security Agency (CISA) told reporters.

Election security has emerged as a key issue in the United States ever since officials found Russia interfered in the 2016 U.S. presidential election with a campaign of hacking and propaganda intended to hurt Hillary Clinton’s chances of winning against Donald Trump.

The “D-DOS” attacks that hit multiple state websites on Tuesday render a website temporarily inaccessible by flooding it with inauthentic internet traffic. Such attacks, however, do not affect the casting or counting of ballots, the senior federal official said in a briefing to journalists on condition of anonymity.

“We are aware of possible D-DOS attacks affecting a number of websites for state election offices, campaigns, and partisan organizations,” said the official.

“It’s critical to remember that even a successful D-DOS attack does not affect a user’s ability to cast a ballot or have it counted. It only affects the website, so any potential D-DOS attacks should not cast doubt on the security and resilience of the election.”

The official said a “handful” of states had been impacted and their websites were restored “relatively quickly.”

“While attribution is inherently difficult, we have not seen any evidence to suggest that these are part of a widespread coordinated campaign,” the official said.

The office of the county clerk of Champaign, Illinois, said earlier in the day their website had been the target of such attacks for a month, although none had been successful. “No data or information has been compromised and the election is secure,” the office told Reuters in a statement.

Mississippi state websites sustained outages due to similar attacks, and the CISA official said the agency was working with local officials there to mitigate the impact.

In Arizona’s Maricopa county, local officials were working on fixing malfunctioning electronic voting machines that Trump and his followers falsely claimed was proof of election fraud.

The CISA official said the agency had not seen any evidence of malicious activity in Maricopa.

“To be very clear we have no indication of malfeasance or malicious activity. It is a technical issue and they have resolved it,” the official said.

Responding to a question about delays in reporting of election results, the CISA official said: “It’s not a delay. It is really just the normal verification process that can take from days to weeks.”

(Reporting by Zeba Siddiqui in San Francisco and Raphael Satter in Washington; Editing by Jonathan Oatis and Tom Hogue)