Colorado state officials said the government website went offline Wednesday, the result of an apparent cyberattack that came shortly after a known Russia-based hacker group posted on Telegram that it would target U.S. state websites.
Colorado’s website was down for much of the day on Wednesday and the portal page remained offline on Thursday. The state has temporarily redirected Colorado.gov to a backup page for essential services, a state spokesman said in an email to NBC News.
Some Kentucky state websites experienced a similar attack on Wednesday, which took some of them temporarily offline, said Carlos Luna, the general manager of Kentucky Interactive, the company that manages those websites. As of Thursday evening, those sites were all back online, he said.
The cyberattack that flooded state websites with web traffic is a common and easy way to shut down websites. There is no evidence that the state’s internal systems were accessed or that its electoral systems were broken into. But given its proximity to the US midterm elections, experts say this is the type of low-effort cyberattack that could create the false impression that the US election is vulnerable to foreign interference.
The US electoral system is largely disconnected from the internet and its operations vary widely across the country, making a widespread cyberattack that would alter large numbers of votes virtually impossible.
While publicly available government websites are not connected to election infrastructure, they are often used to communicate election results to the public. However, because government websites report official election results, they are an ideal target for hackers who would try to undermine confidence in the elections.
The hacking group known as Killnet is an openly Russian-aligned group that claims to be made up of amateur hacktivists who support the Kremlin’s international interests. For at least some of the states on Killnet’s list, the state website hosts election night results.
Killnet follows the same model as the Ukrainian IT Army, a Ukrainian government-affiliated movement that frequently posts a list of Russian websites on Telegram for supporters around the world to try to overwhelm with traffic, a tactic that has been dubbed as Distributed Denial of Service or DDoS is known. On Wednesday, KillNet published a list of 12 target states on its Telegram channel: Alabama, Alaska, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Indiana, Kansas, Kentucky, and Mississippi.
It was unclear how many other states were affected. The Cybersecurity and Infrastructure Security Agency, which oversees federal cybersecurity support for election infrastructure, did not respond to requests for comment.
A spokesman for Alabama’s State Office of Information Technology said it has been “working with internal, external, and federal resources to address this issue as proactively as possible.”
Eddie Perez, a board member of the OSET Institute, a nonpartisan nonprofit that works to promote election security and integrity, said attacks on government websites that host election night coverage would not affect actual US election results.
“Election night reporting systems are not actually part of the voting system,” Perez said. “They are not strictly part of the election management system. They are visualization tools.”
But such attacks could have a damaging impact on perceptions of election integrity, especially after the recent surge in election conspiracy theories being pushed by former President Donald Trump and his allies falsely claiming he won the 2020 election, Perez said.
Federal officials have repeatedly claimed that they do not expect a cyberattack to affect the midterm elections. The FBI and CISA released a joint announcement Tuesday, stating, “Any attempts by cyber actors to compromise voting infrastructure are unlikely to result in widespread disruption or prevent voting.”
CISA Director Jen Easterly said in a call with reporters Thursday that “we are not aware of any credible threat to the 2022 election at this time.” However, CISA has recently begun updating its “rumour-control” website for mid-election misinformation.
Because DDoS attacks are relatively easy to carry out and do not cause lasting damage or give attackers access to hidden information, they are generally considered inconspicuous by hackers and cybersecurity professionals. But Killnet has recently started taking websites offline more effectively, said Stefan Soesanto, a senior cybersecurity researcher at the Center for Security Studies, a Swiss think tank.
“I would say Killnet should be taken seriously to a certain extent. They can definitely run longer-lasting DDoS campaigns compared to other pro-Russian groups,” Soesanto told NBC News. “Right now, they simply lack the financial resources, fundamental will and geopolitical buy-in to go bigger and heavier.”