Cyber Incident Victim: Voatz
Date:
Oct 2018
Location:
United States of America
Summary
An alleged hacking attempt targeted a mobile voting application used by West Virginia for military and overseas voters during midterm elections, prompting an FBI investigation. The app's developers detected unauthorized access attempts by a specific group, blocked the activity, and reported it to authorities; officials confirmed no system intrusion or vote compromise occurred. Security experts criticized the app's use of blockchain technology, highlighting inherent vulnerabilities compared to isolated voting machines, particularly risks from smartphone exploits. State authorities maintained the app's security protocols functioned as intended, preventing any penetration or alteration of votes while underscoring the seriousness of such attempts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In October 2018, during the U.S. midterm elections, unauthorized individuals attempted to access West Virginia’s experimental mobile voting application, Voatz, which was designed to enable military personnel and overseas voters to cast ballots via smartphones. The activity was detected and blocked by Voatz’s internal security systems before any intrusion occurred. Voatz co-founder and CEO Nimit Sawhney stated that the individuals downloaded the app, registered accounts, and subsequently attempted to tamper with the system. Sawhney characterized the activity as unsophisticated and unlikely to be the work of a nation-state actor. The company reported the incident to the FBI due to the classification of elections as critical infrastructure. West Virginia Secretary of State Mac Warner and U.S. Attorney Mike Stuart confirmed no penetration of the system occurred, no votes were altered, and election integrity remained intact. The FBI initiated an investigation, which was publicly disclosed nearly a year later on October 1, 2019. Stuart emphasized the investigation remained ongoing with no legal conclusions reached regarding potential violations of federal law.
The incident highlighted ongoing debates about mobile voting security, particularly Voatz’s use of blockchain technology for vote verification. Election security experts criticized the app’s internet connectivity as inherently riskier than isolated voting machines, noting smartphone vulnerabilities could expose voting apps to exploits. West Virginia officials defended the app’s deployment as a solution for military and overseas voters facing logistical ballot challenges. Secretary Warner publicly warned against election hacking attempts during the investigation’s announcement, reiterating that security protocols functioned as designed. The FBI’s involvement underscored the seriousness with which potential election interference was treated, though no further details about the suspects or their methods were disclosed. Voatz’s use expanded beyond West Virginia, with other jurisdictions considering or implementing the technology despite sustained criticism from cybersecurity researchers.