A cyber attack on computers at the Knox County Election Commission delayed results of the county primary election on May 1. Here's what you need to know about it:
What is a widespread denial of service attack?
It's a fairly common way to disrupt a computer system by overloading it with requests, typically by using multiple computers to repeatedly make requests that tie up the site and prevent it from responding to requests from legitimate users.
Knox County has been targeted before, but never on election night, according to Richard Moran, Knox County's IT manager. The FBI, the White House, and Department of Defense have also been targeted in the past.
"There was an abnormal amount of traffic that occurred right around the time that the polls closed last night that far exceeded anything that we’ve ever experienced in any election before," said Moran. "Usually it doesn’t happen when it’s tied to a significant event that everyone is watching for."
There's really not a good way to prepare or defend against it.
It is not a hack, which accesses the actual data within the computers. This type of attack essentially just slows or shuts the computers down so it can't be used.
It did NOT impact the results
Most importantly, this cyber attack did not impact the actual results of the election.
The computers that tally the votes are not connected to the internet. When the results are complete, the computer issues both a hard copy and a digital copy on a USB drive. The USB drive is usually taken to another computer so that the results can quickly be available to the public on the county website and app.
"Everyone can rest assured that every vote that needed to be counted was counted and we had a fair and free election in Knox County," said Bob Bowman, the Knox County Election Commissioner. "The computer which counts the ballots and votes is a stand alone computer not connected to the internet."
The attack only delayed getting the results to the public. It did not change them.
Election workers were able to give the hard copies of the results to WBIR and other members of the media, so we were able to get that information to the public.
If they didn't change the results, what was the point?
We don't have any way to know what the motive behind the attack was, but it was most likely disruption.
"The traffic was directed directly at the Knox County election commission website," said Moran. "There are bad people who do bad things. Why do they do that? They’re making life painful for other people."
The attack happened as polls closed for a local county election, so the people behind it had to know it would be a time where a lot of people would be interested in accessing the information on those computers they were targeting.
How did the cyber attack impact the election commission
There were many people working very hard on election night, as always, to tally the votes and let the public know the results as soon as possible.
When a website or computer system goes down or becomes unresponsive, it's frustrating and distressing to those who need those computers to work. For the people whose job it is to maintain those computer systems and their integrity, it's even worse, because they have to figure out what is going on and how to fix it.
It took just over an hour for Knox County IT specialists to get the system running again.
In the meantime, workers passed hard copies of the results to reporters at the election commission, who called the information into their newsrooms to be passed on to the public. They said they were doing it the "old-fashioned way" last night.
Who did it?
Again, we don't know who was behind the cyber attack, but there was evidence Tuesday night that the IP addresses of the computers were coming from both inside and outside the United States. Experts will likely be able to narrow down exactly where those computers were located, but there's not guarantee they will be able to identify the person or persons behind it.
"This is just an opportunity to have an outside set of eyes look at it to make sure that the public trusts and knows that we are doing everything we can to hopefully prevent this in the future," said Knox County Mayor Tim Burchett, who called for the analysis.
The Knox County mayor has attacked a local cyber-security firm, Sword and Shield, to conduct an independent analysis. Knox County will also work with the appropriate law enforcement agencies.