Someone tried to hack into the state's blockchain-enabled mobile voting system during the 2018 election cycle.
Someone tried to hack into West Virginia's blockchain-enabled mobile voting system during the 2018 election cycle.
The attack happened during the pilot rollout of West Virginia’s mobile voting pilot that uses a smartphone application developed by Boston-based Voatz to enable eligible overseas voters to receive and return their ballot securely using a mobile device.
The app lets military and overseas voters who qualify under the Uniformed and Overseas Citizens Act verify their identities by providing biometric proof in the form of a photo of their driver’s license, state ID or passport that is matched to a selfie. Once voters' identities are confirmed, they receive a mobile ballot based on the one that they would receive in their local precinct. A confirmation message is sent to the voter’s smartphone when the vote is uploaded to the blockchain's series of secure, redundant, geographically dispersed servers , which ensures the votes cannot be tampered with once they've been recorded.
The app has also been tested in Colorado and Utah.
Several security audits were conducted before and after the election, according to officials in the West Virginia Secretary of State's office, but Voatz identified activity that could have been an attempt to access to the system.
"A certain group of people from a certain part of the country tried to access the system. We stopped them, caught them and reported them to the authorities," Voatz co-founder and CEO Nimit Sawhney told CNN.
Although neither the election system nor the integrity of the votes were compromised, the FBI is heading up an investigation determine exactly what happened and if any federal laws were broken, U.S. Attorney Mike Stuart said in an Oct. 1 statement.
The app was first tested in two counties during the May 2018 primary and was available to military personnel and overseas voters from 24 of the state’s 55 counties in the November 2018 general election.
"Whether in the name of an academic exercise, a mere challenge or thrill, or to actually cause harm, we will treat every risk extremely seriously and as a threat to 'Critical Infrastructure,'" Stuart said. "Even a mere attempt is unacceptable."
NEXT STORY: Would a cyber playbook reduce risk?