WASHINGTON — In a little-noticed episode in 2016, an unusual number of voters in Riverside, California, complained that they were turned away at the polls during the primary because their voter registration information had been changed.
The Riverside County district attorney, Mike Hestrin, investigated and determined that the voter records of dozens of people had been tampered with by hackers. Hestrin said this week that federal officials confirmed his suspicions in a private conversation, saying the details were classified.
Last year, a cybersecurity company found a software flaw in Riverside County’s voter registration lookup system, which it believes could have been the source of the breach. The cybersecurity company, RiskIQ, said it was similar to the vulnerability that appears to have allowed hackers — Russian military hackers, U.S. officials have told NBC News — to breach the voter rolls in two Florida counties in 2016.
RiskIQ analysts said they assess that a vulnerability may still exist in Riverside and elsewhere. The only way to know for sure would be to attempt a hack, something they are not authorized to do. The office of the Riverside County Registrar of Voters did not respond to requests for comment.
“I’m very concerned,” Hestrin said. “I think that our current system has numerous vulnerabilities.”
Officials of the FBI and the Department of Homeland Security have said repeatedly that they have not observed a significant effort by Russian state actors to target election infrastructure this year, and Homeland Security’s top cybersecurity official said this will be the “most protected, most secure” election in American history.
Despite government efforts, however, America’s patchwork of state and county election computer networks remains vulnerable to cyberattacks that could cause chaos on Election Day and undermine confidence in a balloting process that is already under significant strain, election security experts