(Politico) When election officials in New Hampshire decided to replace the state’s aging voter registration database before the 2024 election, they knew that the smallest glitch in Election Day technology could become fodder for conspiracy theorists.
So they turned to one of the best — and only — choices on the market: A small, Connecticut-based IT firm that was just getting into election software.
But last fall, as the new company, WSD Digital, raced to complete the project, New Hampshire officials made an unsettling discovery: The firm had offshored part of the work. That meant unknown coders outside the U.S. had access to the software that would determine which New Hampshirites would be welcome at the polls this November.
The revelation prompted the state to take a precaution that is rare among election officials: It hired a forensic firm to scour the technology for signs that hackers had hidden malware deep inside the coding supply chain.
The probe unearthed some unwelcome surprises: software misconfigured to connect to servers in Russia and the use of open-source code — which is freely available online — overseen by a Russian computer engineer convicted of manslaughter, according to a person familiar with the examination and granted anonymity because they were not authorized to speak about it.
The company that conducted the scan, ReversingLabs, has also warned about those issues in a blog post and a talk at a hacking conference last year, though it did not specify the state and the vendor where the issues were found.
New Hampshire officials say the scan revealed another issue: A programmer had hard-coded the Ukrainian national anthem into the database, in an apparent gesture of solidarity with Kyiv.
None of the findings amounted to evidence of wrongdoing, the officials said, and the company resolved the issues before the new database came into use ahead of the presidential vote this spring.
This was “a disaster averted,” said the person familiar with the probe, citing the risk that hackers could have exploited the first two issues to surreptitiously edit the state’s voter rolls, or use them and the presence of the Ukrainian national anthem to stoke election conspiracies.
The supply-chain scare in New Hampshire — which has not been reported before — underscores a broader vulnerability in the U.S. election system, POLITICO found during a six-month-long investigation: There is little oversight of the supply chain that produces crucial election software, leaving financially strapped state and county offices to do the best they can with scant resources and expertise.