In the run-up to the November general election, the District Attorney’s Cyber Investigation Response Team (CIRT) lent a hand in protecting the county’s election information systems against online attacks.
Operation Election Overwatch was a 10-day effort to detect, prevent and investigate illegal attempts to access the Registrar-Recorder/County Clerk’s website, LAvote.net and other county computer networks. The five-member CIRT worked closely with the county’s Internal Services Department (ISD), which provides computer security countywide.
“The county’s network security personnel are very effective at defending the network and blocking malicious internet traffic,” said Deputy District Attorney Donn Hoffman, pictured above, of the Cyber Crime Division and CIRT. “Our mission is to identify and prosecute the perpetrators.”
Senior District Attorney Investigator Clint Dragoo said the team dedicated additional resources given the heightened concerns nationally about the integrity of election systems.
“In the past, we would respond if ISD security had something,” Dragoo said. “We thought this year we would take a little more of a proactive approach.”
The operation reviewed more than 400,000 suspicious access attempts that were blocked by network defense measures over one week, including 281,339 attempts on Election Day. This was an expected uptick from the usual traffic of mostly automated attacks.
Hoffman said ISD vigorously monitors online traffic between county networks and outside entities by using a variety of measures to guard against hacking, denial-of-service attacks and data theft.
During the operation, CIRT intensified its review of suspicious network activity and was able to quickly investigate to determine where questionable IP addresses were located and to whom they belonged.
In some instances, investigators suspect that computer networks owned by unwitting third parties had been used by cybercriminals to cover their tracks when attempting to attack the county election information site, Hoffman said. CIRT contacted these parties to alert them to the potential compromise.
“We want to be good internet neighbors,” Hoffman said. “It’s the cybersecurity equivalent of telling a neighbor that you saw someone take a package off their porch.”
Investigators also forwarded details of attempted hacks to the FBI.