Colorado state officials said the government’s website was taken offline Wednesday, the result of an apparent cyberattack that came shortly after a known Russia-based hacker group posted on Telegram that it would be targeting U.S. state websites.
Colorado’s website was rendered inaccessible for much of the day Wednesday, and its portal page remained offline Thursday. The state temporarily redirected Colorado.gov to a replacement site for essential services, a spokesperson for the state said in an email to NBC News.
Some Kentucky state websites experienced a similar attack Wednesday, knocking some of them temporarily offline, said Carlos Luna, the general manager of Kentucky Interactive, the company that manages those sites. As of Thursday evening, those sites were all back online, he said.
The cyberattack, which overwhelmed the states' websites with web traffic, is a common and simple way to take down websites. There is no indication that any of the state’s internal systems were accessed or that its election systems were breached. But given the proximity to the U.S. midterms, experts say it is the type of low-effort cyberattack that could give the false impression that U.S. elections are vulnerable to foreign interference.
The U.S. election system is largely disconnected from the internet, and its operations vary widely across the country, making a widespread cyberattack that would change a large number of votes practically impossible.
While public-facing state websites are not connected to voting infrastructure, they are often used to communicate election results to the public. But because state websites report official election results, they are ripe targets for hackers who would seek to undermine confidence in the election.
The hacker group, called Killnet, is an overtly Russian-aligned group that claims to be made up of amateur hacktivists who support the Kremlin’s international interests. For at least some of the states on Killnet’s list, the state website hosts election night reporting results.
Killnet follows the same model as Ukraine’s IT Army, a Ukrainian government-affiliated movement that frequently posts a list of Russian websites on Telegram for supporters around the world to try to overwhelm with traffic, a tactic known as a distributed denial of service, or DDoS. On Wednesday, KillNet posted a list of 12 target states to its Telegram channel: Alabama, Alaska, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Indiana, Kansas, Kentucky and Mississippi.
It was unclear how many other states were affected. The Cybersecurity and Infrastructure Security Agency, which oversees federal cybersecurity support for election infrastructure, didn’t respond to requests for comment.
A spokesperson for Alabama’s state Office of Information Technology said it had “engaged with internal, external and federal resources in order to be as proactive as possible in addressing this issue.”
Eddie Perez, a board member at the OSET Institute, a nonpartisan nonprofit organization that advocates for election security and integrity, said attacks on state websites that host election night reporting wouldn’t affect actual U.S. election results.
“Election night reporting systems are not, strictly speaking, part of the voting system,” Perez said. “They’re not, strictly speaking, part of the election management system. They are visualization display tools.”
But such attacks could have damaging effects for the perception of election integrity, particularly after the recent rise in election conspiracy theories spread by former President Donald Trump and his allies who falsely claim he won the 2020 election, Perez said.
Federal officials have repeatedly claimed that they do not expect a cyberattack to affect the midterm elections. The FBI and CISA released a joint announcement Tuesday saying “any attempts by cyber actors to compromise election infrastructure are unlikely to result in large-scale disruptions or prevent voting.”
CISA Director Jen Easterly said in a call with reporters Thursday that “at this time we are not aware of any credible threat to the 2022 elections.” CISA has, however, recently begun updating its election misinformation “rumor control“ site for the midterms.
Because DDoS attacks are relatively easy to conduct and don’t do any lasting damage or give attackers access to hidden information, hackers and cybersecurity professionals generally regard them as unimpressive. But Killnet has recently started becoming more effective at knocking sites offline, said Stefan Soesanto, a senior cybersecurity researcher at the Center for Security Studies, a Swiss think tank.
“I would say that Killnet ought to be taken seriously to some degree. They can definitely conduct longer-lasting DDoS campaigns compared to other pro-Russian groups,” Soesanto told NBC News. “Currently, they are simply lacking the financial resources, fundamental desire and geopolitical buy-in to go bigger and heavier.”