Cyberattack could ‘sow mistrust’


The cyber-attack which leveled the Chatham County government computer network three weeks ago — disconnecting phone lines and email services and prohibiting access to county records — could have been launched to sow doubt in the integrity of the elections process, according to a local cyber security expert.

Chatham County has still not disclosed details of the security breach, including whether or not it involved demands for a ransom. But county officials have confirmed the severity of what they describe as “an incident,” rather than an attack — and which County Manager Dan LaMontagne called “really, really bad,” and has yet to be resolved — acknowledging in a press release last week that federal agencies are involved in the recovering effort and admitting it could not estimate when county services would be restored.

“The cyber incident discovered on October 28th that affected Chatham County government’s network is still under investigation,” the press release said. “Chatham County’s Management and Information Systems (MIS) Department, along with federal, state, and local partners continue working to restore the affected systems. A timeline has not been established for full-service restoration, but we continue to make progress in our efforts.”

The county declined to answer News + Record inquiries as to which federal agencies might be involved in the investigation.

A number of theories have emerged in the weeks following the attack to explain its purpose. Perhaps the most troubling hypothesis was that the security breach, which came six days before the election on Nov. 3, may have compromised the integrity of the county’s elections process. Chatham officials quickly ruled out the possibility of such interference, however, emphasizing that voter registration data was housed separately from the county’s main computer network and that polling machines and tabulators are kept offline and secure.

“None of them are connected to the internet,” Chatham County Board of Elections member Frank Dunphy previously told the News + Record. “They’re electronic, but they’ve got a little chip inside with all the tabulated votes for the candidates. So, they can’t be tampered with by some Chinaman, or Russian, or Romanian — some high-tech expert in some foreign country. They’re totally separate from the internet.”

But the intention may not have been to corrupt the elections system — just to promote distrust among the electorate, according to a local cyber security expert and former senior Homeland Security employee who spoke to the News + Record on the condition of anonymity to discuss potentially sensitive information.

“If the attacker is capable enough and knowledgeable enough to get into Chatham County’s front door,” the source said, “then they absolutely know that the election system is separate (from the main network).”

But introducing voter wariness in a historically divided county with the state’s number one voter-turnout rate may have been enough to indirectly upset election results.

“If any foreign actor wanted to sow mistrust and concern about the integrity of the election system,” the source said, “carrying out this kind of attack is something that they might do simply to create the impression that it affects the elections, even if there’s no possible way, technically, that it could affect the election outcomes, or even gain access to voter data.”

When asked if a “foreign actor” was necessarily involved in the incident, the source confirmed there was a strong likelihood based on its severity.

“Folks who have the ability to do that, in some significant way, are likely to be criminal groups,” the source said, “most of whom are operating not in the United States, but outside of the United States. That gives them a level of protection and anonymity that they can’t get from operating within the United States … Nation states have been capable of this kind of thing for a long time.”

The notion of elections interference from foreign entities is not unprecedented in the United States or even in North Carolina.

In 2016, two days before the Nov. 8 election, Durham County appeared to have been hacked, according to a Politico report. Laptops to be used as electronic poll books exhibited severe lag times before crashing or freezing. Then, some indicated voters had already voted when they had not.

State officials ordered the county to abandon the laptops in favor of traditional paper printouts.

“And so, in Chatham now we print them all out,” said Mark Barosso, another member of Chatham County’s board of elections, “because of that very scenario. After Durham was attacked, we decided to have a printed backup.”

Chatham County’s election was not compromised in this election season, nor was Durham’s four years ago. But both incidents contribute to the increasing prevalence of voter suspicion surrounding elections.

“Everyone should be concerned about the integrity of elections,” said Terry Schmidt, chairman of the Chatham County GOP. “I have several issues this year … Everyone’s vote should count, but only legitimate votes should count.”

Many second Schmidt’s sentiment, often spurred on by President Donald Trump’s own claims of election insecurity. Despite projections of Joe Biden’s victory in the presidential election, Trump has declined to concede, citing unproven allegations of voter fraud and elections tampering.

The cyber-attack — the exact motivation for which may never be uncovered — may therefore have played into a larger, nationwide rhetoric which is successfully dividing the population.

“We have seen that the trend in North Carolina and across the country is for government systems to be attacked in some way, or to be brought down in some way and then to create the appearance of some type of negligence with significant effect,” the former Homeland Security employee said, “whether it’s on an elections system, or a budgeting process or any hot topic of debate in the community. Anybody who has an interest in disrupting those things, and in sowing uncertainty, can use cyber capabilities to try and affect that outcome.”

Reporter D. Lars Dolder can be reached at and on Twitter @dldolder.