As recently as Monday, computer servers that powered Kentucky’s online voter registration and Wisconsin’s reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password.
The insecure service run by Wisconsin could be reached from Internet addresses based in Russia, which has become notorious for seeking to influence US elections. Kentucky’s was accessible from other Eastern European countries.
The service, known as FTP, provides public access to files—sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server’s operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives.