News / Utah / 

Kristin Murphy, KSL

‘Intrusion attempts’ to Utah gov websites skyrocket during Romney senate campaign

By Liesl Nielsen, KSL.com | Posted - Jul. 13, 2018 at 3:59 p.m.



Show 1 more video

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

SALT LAKE CITY — Nearly a year after reality star and real estate mogul Donald Trump became the leader of the free world, the federal government informed 21 states that their election systems had been targeted by hackers during the 2016 election.

Utah was not one of them, perhaps in part because of its low profile and consistent, conservative voting patterns. The Beehive State flew under the radar.

That changed, however, when former presidential candidate Mitt Romney ran for senator in the Utah primary elections in June.

During the 2017 primary election season, Utah’s information security team blocked about 500,000 to 700,000 attempts to scan or intrude into state websites and databases each day, said Utah’s chief information security officer Phil Bates.

During the 2018 primary elections, that number reached 1 billion — 2,000 times what it was the year before.

While correlation does not equal causation, Lt. Gov. Spencer Cox and his elections team believe Romney’s campaign had something to do with the enormous increase.

“My team and I sat down the day that Mitt Romney announced he was running. … We realized that this was different, that this was a game changer because you had a former presidential candidate who was very outspoken when it came directly to Russia,” Cox said during an interview on Utah Policy’s podcast.

Twelve Russians were accused Friday of hacking into the Clinton presidential campaign and Democratic Party after a months-long investigation into Russian attempts to meddle in the 2016 U.S. election. Romney’s hawkish stance against Russia and his relationship with President Trump pushed Utah’s elections into the public eye and prompted a surge of nefarious activity, Cox said.

However, though both Cox and Utah’s elections director Justin Lee called these scans or intrusions “hacking attempts,” Bates wants to make it clear that’s not exactly what they are.

When someone attempts to hack, they’re trying to enter the system. While the state’s IT team may be blocking some hacking attempts, they’re mainly blocking reconnaissance and surveillance traffic, Bates said.

That kind of traffic can come from bad actors doing automated scans while attempting to find vulnerabilities or weaknesses in a system but isn’t a constant onslaught of hacking attempts, said Richard Hickman, manager of the computer forensics and incident response department for business consulting firm Eide Bailly.

“Most of the time, they're looking for some sort of a vulnerability, a hole in the fence or something like that,” Hickman said.

The state’s IT team also occasionally blocks traffic from locations like Russia, China and Iran as a precaution, though hackers are often adept at concealing their true location, said Utah Department of Technology public information officer Stephanie Weteling.

While the team blocks about 80 percent of the total traffic attempting to access Utah’s online systems, Hickman isn’t entirely surprised at the number of intrusion attempts the state faces — even at its new rate of 1 billion per day.


Cybersecurity is always going to be something that companies should have on the forefront of their mind. You shouldn't be sweeping anything under the rug.

–Richard Hickman, incident response manager at Eide Bailly


Programs that allow hackers and security professionals alike to scan and search for vulnerabilities have been available to anyone who wants them for a while now. And while Utah hasn’t suffered any successful hacking attempt, the state knows it’s time to secure the processes.

“Whether (the intrusion attempts) affect anything or change anything is one thing, but then there’s sort of just eroding the trust in the democratic process,” state elections director Lee said. “That’s what we’re concerned about. We want to make sure the vote is secure, but we also want to make sure the public’s trust is secure in what we do.”

Lee says voting machines aren’t connected to the internet, however, a group at Salt Lake’s HackWest cybersecurity conference in March was able to find a vulnerability that allowed someone in a voting booth to access the system setup of a voting machine.

“It just creates doubt in the integrity of the system, and if that doubt is there, you could (hack a voting machine) in a district you may not be in favor of, and those votes get thrown out,” HackWest volunteer Jake Blaney said.

Utah knows the state will need more cyber protection than it has had in the past and recently called in some federal help.

“We had to be prepared for this one very early on, so we contacted Homeland Security very, very early in this process many months ago and we've been working with them,” Cox said during the Utah Policy podcast. “We're (also) able to get some additional funding from the Legislature to do that.“

Utah submitted a request for about $4.1 million in response to an appropriation awarded to the Helping America Vote Act. The funding will help Utah protect its election systems and upgrade election equipment.

“Cybersecurity is always going to be something that companies should have on the forefront of their mind,” Hickman said. “You shouldn't be sweeping anything under the rug.”

Contributing: Ladd Egan, KSL TV

Related Stories

SIGN UP FOR THE KSL.COM NEWSLETTER

Catch up on the top news and features from KSL.com, sent weekly.
By subscribing, you acknowledge and agree to KSL.com's Terms of Use and Privacy Policy.

KSL Weather Forecast