Late one night in May, after surveillance cameras had inexplicably been turned off, three people entered the secure area of a warehouse in Mesa County, Colo., where crucial election equipment was stored. They copied hard drives and election-management software from voting machines, the authorities said, and then fled.
The identity of one of the people dismayed state election officials: It was Tina Peters, the Republican county clerk responsible for overseeing Mesa County’s elections.
How the incident came to public light was stranger still. Last month in South Dakota, Ms. Peters spoke at a disinformation-drenched gathering of people determined to show that the 2020 election had been stolen from Donald J. Trump. And another of the presenters, a leading proponent of QAnon conspiracy theories, projected a portion of the Colorado software — a tool meant to be restricted to election officials only — onto a big screen for all the attendees to see.
The security of American elections has been the focus of enormous concern and scrutiny for several years, first over possible interference or mischief-making by foreign adversaries like Russia or Iran, and later, as Mr. Trump stoked baseless fears of fraud in last year’s election, over possible domestic attempts to tamper with the democratic process.
But as Republican state and county officials and their allies mount a relentless effort to discredit the result of the 2020 contest, the torrent of election falsehoods has led to unusual episodes like the one in Mesa County, as well as to a wave of G.O.P.-driven reviews of the vote count conducted by uncredentialed and partisan companies or people. Roughly half a dozen reviews are underway or completed, and more are being proposed.
These reviews — carried out under the banner of making elections more secure, and misleadingly labeled audits to lend an air of official sanction — have given rise to their own new set of threats to the integrity of the voting machines, software and other equipment that make up the nation’s election infrastructure….
Security experts say that election hardware and software should be subjected to transparency and rigorous testing, but only by credentialed professionals. Yet nearly all of the partisan reviews have flouted such protocols and focused on the 2020 results rather than hunting for security flaws….
Christopher Krebs, the former head of the federal Cybersecurity and Infrastructure Security Agency, said such reviews could easily compromise voting machines. “The main concern is having someone unqualified come in and introduce risk, introduce something or some malware into a system,” he said. “You have someone that accesses these things, has no idea what to do, and once you’ve reached that point, it’s incredibly difficult to kind of roll back the certification of the machine.”…
Pulling compromised machines out of service and replacing them is not a foolproof solution, however.
The equipment could have as-yet-undiscovered security weaknesses, Mr. Halderman said. “And this is what really keeps me up at night,” he said. “That the knowledge that comes from direct access to it could be misused to attack the same equipment wherever else it’s used.”