After a distributed denial-of-service attack knocked some servers offline during a local election in Tennessee this week, Knox County is working with an outside security contractor to investigate the cause. The attack took the Knox County Election Commission site displaying results of the county mayoral primary offline during Tuesday night voting. The county resorted to distributing printed results during the outage.
“Tonight, Our web servers suffered a successful denial of service attack,” Knox County wrote on Twitter on Tuesday night. “Election results were not affected, as our election machines are never connected to the Internet.”
The day after the incident, Knox County Mayor Tim Burchett reassured voters that the attack did not compromise the vote. Election systems that can go online are far less secure than systems that are not able to connect to the internet.
“Although the crash did not affect the vote tallies or the integrity of the election, this is not something that should happen,” Burchett said in a statement. “I want to know what happened, and I think an independent review will help to determine that so we can move forward and work to prevent similar issues in the future.”
Burchett disputed outside claims that his office had acted “prematurely” in dismissing any risk to the integrity of the Knox County vote, reiterating that the county’s voting system “is never connected to internet, never at risk.”
In a report from Knox County’s IT Department, Director Dick Moran noted “extremely heavy and abnormal network traffic” consistent with a DDoS attack and observed that the IP addresses involved originated from both domestic locations and international ones. Moran drew a distinction between a DDoS attack that can knock servers offline and a hack intended to infiltrate systems or servers.
Sword & Shield Enterprise Security, a Knoxville-based security firm, has been contracted to conduct an analysis of the attack and “determine the exact nature” of the server’s time offline.
The county site that was affected by the attack only displayed results to the public, it did not receive or tabulate them. Still, DDoS attacks are sometimes used as a diversionary tactic to create chaos. TechCrunch has reached out to Sword & Shield with additional questions about the sophistication and extent of the attack.
Given its enhanced coordination with states as part of recent initiatives to secure national election systems, TechCrunch has also been in touch with Homeland Security about its role in providing support to Knox County and will update this story when we have more information.