Feds Warn States to Batten Down Hatches Following Election System Attacks


The FBI has launched investigations into malicious cyberattacks on the electronic election infrastructures in Illinois and Arizona, and federal officials last month warned states to take steps to protect their systems as the presidential campaign heats up, according to reports that surfaced this week.

The attacks, dating back to June, led to the illegal download of information on more than 200,000 Illinois voters, leading to a 10-day shutdown of the state's voter registration system.

Hackers also penetrated systems in Arizona but apparently failed to download specific voter information.

A timeline issued by the Illinois Board of Elections confirmed that it contacted the Illinois Attorney General's office, was contacted by the FBI, and has been cooperating with the agency.

The attack on the Illinois voter registration database began on June 23 and was discovered on July 12, according to the timeline. The voter registration database apparently was the victim of an SQL injection attack, resulting from repeatedly entering an authorized database query into a data field on a website. The Illinois AG was notified on July 19.

The attackers reportedly were hitting the database five times per second, 24 hours a day from June 23 to Aug. 12. The site was taken down as a precaution on July 13, and firewall protection prevented further data from being compromised.

Passwords of election authorities and their staffs reportedly were compromised. Personal information of voters also was compromised, but their voting signatures and histories apparently were not exposed.

State voting systems have been dealing with hacking attempts for 10 years, noted Ken Menzel, general counsel of the Illinois State Board of Elections.

However, why hackers targeted Illinois and not other states in this instance is unknown, he told the E-Commerce Times.

"Until law enforcement catches the who, I don't think we're going to have a sense of exactly why," Menzel said.

There are about 7.5 million active voters in Illinois, he noted, and 200,000 is the upper end of the number of records compromised.

The Illinois Attorney General's office is working with the board to notify voters about the breach, said AG spokesperson Eileen Boyce.

The exploitation of vulnerabilities in electronic voting systems has been a nagging worry for years.

"I think we can safely say that it's a unanimous and universal concern that electoral systems are appropriately protected," said Christopher Budd, global threat communication manager at Trend Micro.

Voting data can be exploited in a number of ways, he told the E-Commerce Times, including extortion, phishing schemes, and identity theft -- particularly involving the deceased.

Department of Homeland Security Secretary Jeh Johnson last month hosted a conference call with top state election officials to discuss the cybersecurity issue and the need to protect voting infrastructures. The call participants included members of the U.S. Election Assistance Commission, the Department of Commerce's National Institute for Standards and Technology, and the Department of Justice.

DHS planned to launch a Voting Infrastructure Cybersecurity Action Campaign, Johnson said during the call, enlisting experts of all levels from the government and private sector.

State officials should implement NIST and EAC recommendations on securing voting infrastructure, he advised, which include making sure voting machines are not connected to the Internet while voting is taking place.

Meanwhile, Arizona took its voter registration system offline in June, due to what the FBI characterized as a credible threat, according to Matt Roberts, spokesperson for Arizona Secretary of State Michele Reagan.

"As you might have seen, a credential used by a county user to access the Arizona Statewide Voter Registration System was compromised by malware inadvertently installed on a county computer and subsequently leaked by a known Russian hacker," he told the E-Commerce Times.

"Our office immediately took steps to perform an exhaustive security review of the statewide voter registration system with the help of the Arizona Department of Administration and our voter registration software vendor," Roberts said.

"We found no evidence that anyone was able to penetrate the our security to gain access to the information within the registration database," he noted. "We have implemented enhanced measures to ensure access the system is secure, restored the system and continued its use."

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    And Here is the Galaxy Note 7 in Three Fun Colors

    Moments after the long, 3-day weekend kicked off here (that’s code for: we peaced out and never looked back), we welcomed in a first set of press images of the upcoming Samsung Galaxy Note 7.We have front and back cameras, along with what appears to be an additional front camera (or two?
  • 5300c769af79e

    HTC Confirms Android N Update for One A9, M9, and 10

    No shock here, HTC confirmed on Twitter today that Android N will be made available to owners of the One A9, One M9, and HTC 10.According to HTC, delivery date of the Android N update will depend on when Google actually delivers Android N to manufacturers, and of course, carriers go through their testing/certification phase.
  • 5300c769af79e

    Here is the Google Home Super Bowl Commercial

    Yesterday’s Super Bowl LI was one for the ages, especially those last few minutes.It was everything a football fan can hope for, as long as you aren’t the ultimate Patriots hater.
  • 5300c769af79e

    President Donald Trump Still Uses an "Old, Unsecured Android Phone"

    According to the New York Times, President Donald Trump still uses an “old, unsecured Android phone” regularly.While we don’t necessarily have on-the-record proof of this happening, we do know that all of the Tweets you’ve seen from him since being sworn into office all appear to have come from the official Android Twitter app, hence the “Twitter for Android” we see attached to those pictured below.