A suspicious email attachment forced a Kansas county to shut down its computer networks entirely twice in two weeks this July.
On Tuesday, Vice President Mike Pence used the government's response to the incident in Finney County, population 37,000, to tout the ability of the Department of Homeland Security to work with local governments to prevent tampering with election-related computer systems ahead of November's election.
Officials in Finney County, whose county seat is Garden City, don't believe their county was targeted in particular.
But it was the second of two counties known to the Department of Homeland Security this year to have been knocked offline by malware. Computers in Knox County, Tennessee, were rendered inaccessible in May.
Department of Homeland Security Under Secretary Chris Krebs told BuzzFeed News that his agency does not believe either attack was the work of a foreign government.
But speaking at a Department of Homeland Security cybersecurity event in New York City, Pence declared that DHS’s response was evidence that the federal government is able to respond effectively to cyberattacks that could hamper the US voting process.
“Less than two weeks ago, Finney County, Kansas, reached out to DHS for help after a malware attack forced them to shut down not just their election network, but the entire county’s network,” Pence said.
With November balloting just over three months away, US officials are on heightened alert for the kind of meddling that marred the 2016 presidential election, when Russian agents conducted a social media campaign intended to influence the outcome of the election, probed state election systems, and downloaded the personal information of 500,000 voters in Illinois.
A Microsoft executive told a security conference in Aspen that Russians appeared to have hacked into the computers of three US congressional candidates, and Tuesday, Facebook said it had disabled 32 pages that it said were coordinating their activities in suspicious ways, including at least one that had been linked to Russia's notorious Internet Research Agency.
It's unclear where the hacking of the Finney County computer systems fit into any of those concerns, if at all.
According to officials in the largely rural Kansas county, the problem began when a county employee downloaded an attachment from a suspicious email earlier this month. The attachment contained malware, which quickly infiltrated other computers. On July 12, the county took its entire network offline while its workers tried to repair the damage.
The next week, fearing they hadn’t eliminated the malware, the county's internet support staff shut things down again and checked to make sure each of the county’s roughly 500 computers were free of the malware.
With that second outage, the county contacted the Kansas Secretary of State’s Office, which in turn called DHS, which sent agents to advise. The DHS agents urged county employees to update all county operating systems to Windows 10.
According to the Garden City Telegram, during the computer shutdown county residents couldn’t visit the Department of Motor Vehicles site, the health department couldn’t process new patients, and county courts briefly closed.
County election systems were back online before early voting began July 25. Kansas holds its primaries on Tuesday.
“Federal officials worked earnestly, hand in hand, with county officials to identify and ultimately eliminate this dangerous intrusion. This action was a model of the collaboration that we need to ensure the security of our elections, and we commend the state and local and federal officials that made it happen,” Pence said.
Sara McClure, the county’s communications director, said she was grateful for federal help and attention, though she downplayed the idea that the county was hit by something more deliberate than an automated malware sent to random email addresses.
“It’s interesting to me that the vice president mentioned Finney County specifically,” McClure told BuzzFeed News. “It was not an attack on Finney County. It was a malicious email that was clicked on by a user.”