The alert was removed many months before the voter database project went live across New Hampshire last April, he said.
Scanlan said a story in Politico last week was false that the state ever was told about the use of an open-source code in Russia, freely available online, that was overseen by a Russian computer engineer convicted of manslaughter.
The story incorrectly reported that New Hampshire had used this popular open-source code — core-js — that was administered by Denis Pushkarev, the Russian nationalist with a criminal past, Scanlan said.
"The first I heard about that (Russian) individual was when I read it in the story," Scanlan said of Politico's six-month investigation into how secure state election databases were to cyber threats.
"We never used core-js; that's absolutely false."
For this Russian programmer connection, Politico cited a source anonymously because the person was not authorized to speak about it.
Scanlan insisted at no point was the voter registration database at risk of being hacked or compromised.
"The bottom line is New Hampshire really is probably state of the art in terms of protecting its election database with the code review and the monitoring systems we have in place to make sure we aren't subject to intrusions," Scanlan said.
The anthem alert, known as a protest ware, was found and removed by the forensic expert, ReversingLabs of Cambridge, Mass., while the application was in development, he said.
"We've had good responses from local elected officials about the database since we went live with it. There are always issues that come up and ways we can make the application better," Scanlan said.
David Lang, Scanlan's chief of staff, said the state hired the expert after learning the developer of its voter registration database, WSD Digital LLC, had been using offshore resources to assemble it without informing the state ahead of time.
The alert was placed into one of the "libraries" that major software firms such as Microsoft use to construct the app.
"We were reducing the risk of any vulnerabilities," Scanlan said. "Anything we found was removed or mitigated."
WSD Digital LLC, CEO Anand Balasubramanian said his firm used resources in India to pull together some of the "libraries" for the app.
All handling of the New Hampshire data was done by employees in the U.S, he stressed.
"There is no risk at all to access New Hampshire information, 100 percent," Balasubramanian said during a telephone interview Wednesday.
"I am confident, 100 percent, about the safety and security of the application."
WSD was kept on board to complete the project because there were no other "red flags," Lang said.
Scanlan said he never put out a press release revealing this anthem alert incident, but he made reference to it during speeches he gave at conferences about cybersecurity threats to state elections.
New Hampshire was on the national forefront of those threats when a consultant used artificial intelligence to deploy President Biden's voice and urge Democrats not to vote in last January's first-in-the-nation primary.
Since the anthem alert was found, Scanlan said the state adopted the recommendation of a White House executive order on this topic.
The office is now requiring all vendors of their information technology systems to produce a list of the software ingredients used for any application.
Both Scanlan and Lang said it's a balancing act for government officials to be as transparent as possible without alerting those with bad intent to potential ways they hack the system.
"We don't want to release information that bad actors can then use to come against us," Lang said.
"If you had a security system in your house, you wouldn't tell people which windows were the most vulnerable."
Given the Russian reference and the role Russian hackers have had during the 2020 election in America and since then, Scanlan said it was critical to assure voters here that the state's system is well protected.
The office released three new videos earlier this week advising voters how to spot misinformation and to avoid threats such as phishing attacks and fraudulent use of AI to mislead voters.
©2024 The New Hampshire Union Leader, Distributed by Tribune Content Agency, LLC.
