Thomas Brewster Forbes Staff Cybersecurity
Dec 4, 2020,12:53pm EST
Associate editor at Forbes, covering cybercrime, privacy, security and surveillance.
On the morning of November 5, as the 2020 election hung in the balance, Arizona federal agents raided a two-story house in Fountain Hills, Maricopa County, a county that had become a key battleground in the presidential race. The agents were looking for evidence of a cyberattack on an unnamed organization and stolen voter data. They left with eight hard drives, three computers and a bag of USB sticks. The resident of the property, a 56-year-old IT expert named Elliot Kerwin, was served the warrant. He is not yet facing charges and was unreachable for comment at the time of publication. There is no indication that anything other than voters’ information, which can be acquired for a few hundred dollars in Arizona counties, was taken from the affected office.
The warrant, discovered by Forbes this week, reveals investigators have been looking into a computer intrusion at an unnamed “victim office,” which occurred from October 21 to November 4. At the Kerwin residence, they were looking for any evidence within the seized computers that showed they’d been used to access the IT network at the office, as well as “protected voters’ information” and any indication that it had been disseminated to other people.
Of the 15 county recorder’s offices contacted by Forbes about the investigation, only one, Maricopa County, confirmed voter data had been stolen, noting that a federal investigation was under way. The Maricopa County Recorder’s office, which is just 30 minutes’ drive south from Kerwin’s home, did not confirm whether or not the investigation was the same as that referred to in the search warrant.
“Analysis by the Maricopa County Recorder’s Office IT Security indicates an unauthorized individual gathered publicly accessible voter information from our website,” a spokesperson said. They didn’t specify what voter information and declined to comment any further on the nature of the attack. The data trove could be significant; there were more than 2.5 million registered voters in the county for the 2020 election.
“Additional security controls were put in place to mitigate against this activity occurring in the future. The Maricopa County Recorder’s Office has reported this to proper authorities and law enforcement personnel, and there is an ongoing investigation by the FBI at this time. The FBI informed our office today they served a warrant,” the spokesperson added.
The Justice Department in Arizona told Forbes it couldn’t comment. An FBI spokesperson said they could neither confirm nor deny any investigation. The full scope of the investigation and the breach of Maricopa County’s website remains under seal.