Mississippi election websites knocked out by DDoS attack
Mississippi State Capitol in Jackson. Image: Ken Lund
Martin Matishak November 8, 2022

Mississippi election websites knocked out by DDoS attack

Martin Matishak

November 8, 2022

Mississippi election websites knocked out by DDoS attack

Updated Nov. 9 at 1:50 pm EST.

Several Mississippi state websites were knocked offline during Tuesday’s midterm election in what was the most significant digital disruption of the day, though a federal official warned that more could be on the way as ballots are counted.

“An abnormally large increase in traffic volume due to [distributed denial-of-service] activity caused the public facing side of our websites to be periodically inaccessible this afternoon,” the Mississippi secretary of state’s office said in a statement Tuesday night.

“We want to be extremely clear and reassure Mississippians our election system is secure and has not been compromised.”

A senior Cybersecurity and Infrastructure Security Agency (CISA) official confirmed the attack hours before the statement was released.

“We have been chatting with them for the last several hours working with some of the vendors to put the mitigations in place,” the official told reporters during the organization’s third press briefing of the day.

A pro-Russian hacking group took credit for the attack — which did not interfere with voting or counting processes — in a Telegram post.

A second senior CISA official said the agency was “aware” of the claim by Russian hackers, but refrained from pinning the outage on a specific actor.

“While attribution is inherently difficult, we’ve not seen any evidence to suggest that these are part of a widespread coordinated campaign,” the first official said, adding CISA is tracking a “handful” of similar incidents.

“I suspect we’re going to see more of this activity,” the official speculated, noting CISA had no evidence of any DDoS attacks on election night result reporting websites.

The Mississippi Secretary of State’s office said Wednesday that it was not able to attribute the attack. “At this time, we do not have confirmation as to where the DDoS activity originated and more evidence would be required to attribute to any person or group.”

The official also swatted down conspiratorial allegations that were made throughout the day by Republicans, including former President Donald Trump, about ballot scanner issues in Maricopa County, Arizona.

“To be very clear, we have no indication of malfeasance or malicious activity,” the official said. “They’ve been working on the issue. It is a technical issue and they have resolved it.”

Earlier in the day, the clerk’s office in Champaign County, Illinois, said its voter registration database was attacked.

However, the second senior CISA official said “we understand the technical issues with a vendor have now been resolved” with zero impact on the voting process.

The first official stressed that tonight’s vote counts will be unofficial and that it would take additional time to certify the election results.

The process “may take days to weeks, depending on state law, and that is completely normal.”

Martin is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.