Feds Warn States to Batten Down Hatches Following Election System Attacks


The FBI has launched investigations into malicious cyberattacks on the electronic election infrastructures in Illinois and Arizona, and federal officials last month warned states to take steps to protect their systems as the presidential campaign heats up, according to reports that surfaced this week.

The attacks, dating back to June, led to the illegal download of information on more than 200,000 Illinois voters, leading to a 10-day shutdown of the state's voter registration system.

Hackers also penetrated systems in Arizona but apparently failed to download specific voter information.

A timeline issued by the Illinois Board of Elections confirmed that it contacted the Illinois Attorney General's office, was contacted by the FBI, and has been cooperating with the agency.

The attack on the Illinois voter registration database began on June 23 and was discovered on July 12, according to the timeline. The voter registration database apparently was the victim of an SQL injection attack, resulting from repeatedly entering an authorized database query into a data field on a website. The Illinois AG was notified on July 19.

The attackers reportedly were hitting the database five times per second, 24 hours a day from June 23 to Aug. 12. The site was taken down as a precaution on July 13, and firewall protection prevented further data from being compromised.

Passwords of election authorities and their staffs reportedly were compromised. Personal information of voters also was compromised, but their voting signatures and histories apparently were not exposed.

State voting systems have been dealing with hacking attempts for 10 years, noted Ken Menzel, general counsel of the Illinois State Board of Elections.

However, why hackers targeted Illinois and not other states in this instance is unknown, he told the E-Commerce Times.

"Until law enforcement catches the who, I don't think we're going to have a sense of exactly why," Menzel said.

There are about 7.5 million active voters in Illinois, he noted, and 200,000 is the upper end of the number of records compromised.

The Illinois Attorney General's office is working with the board to notify voters about the breach, said AG spokesperson Eileen Boyce.

The exploitation of vulnerabilities in electronic voting systems has been a nagging worry for years.

"I think we can safely say that it's a unanimous and universal concern that electoral systems are appropriately protected," said Christopher Budd, global threat communication manager at Trend Micro.

Voting data can be exploited in a number of ways, he told the E-Commerce Times, including extortion, phishing schemes, and identity theft -- particularly involving the deceased.

Department of Homeland Security Secretary Jeh Johnson last month hosted a conference call with top state election officials to discuss the cybersecurity issue and the need to protect voting infrastructures. The call participants included members of the U.S. Election Assistance Commission, the Department of Commerce's National Institute for Standards and Technology, and the Department of Justice.

DHS planned to launch a Voting Infrastructure Cybersecurity Action Campaign, Johnson said during the call, enlisting experts of all levels from the government and private sector.

State officials should implement NIST and EAC recommendations on securing voting infrastructure, he advised, which include making sure voting machines are not connected to the Internet while voting is taking place.

Meanwhile, Arizona took its voter registration system offline in June, due to what the FBI characterized as a credible threat, according to Matt Roberts, spokesperson for Arizona Secretary of State Michele Reagan.

"As you might have seen, a credential used by a county user to access the Arizona Statewide Voter Registration System was compromised by malware inadvertently installed on a county computer and subsequently leaked by a known Russian hacker," he told the E-Commerce Times.

"Our office immediately took steps to perform an exhaustive security review of the statewide voter registration system with the help of the Arizona Department of Administration and our voter registration software vendor," Roberts said.

"We found no evidence that anyone was able to penetrate the our security to gain access to the information within the registration database," he noted. "We have implemented enhanced measures to ensure access the system is secure, restored the system and continued its use."

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Tech Industry Lambasts New FCC Privacy Rules

    The new rules are consistent with the Federal Trade Commission's privacy framework and the administration's Consumer Privacy Bill of Rights, the FCC said.The rules establish three approaches to information use and sharing: The FCC "did the right thing in distinguishing between sensitive and non-sensitive information," said John Simpson, Consumer Watchdog's privacy project director.
  • 5300c769af79e

    Samsung Galaxy Note 7 Review

    This is our Galaxy Note 7 review.This whole battle to replace itself as number 1 started some years ago and hasn’t stopped here with the Galaxy Note 7.
  • 5300c769af79e

    Malwarebytes 3.0 Premium

    Compare Similar ProductsCompare Bitdefender Antivirus Plus 2017 %displayPrice% Kaspersky Anti-Virus (2017) %displayPrice% Symantec Norton AntiVirus Basic %displayPrice% Webroot SecureAnywhere AntiVirus %displayPrice% McAfee AntiVirus Plus (2017) %displayPrice% Avast Pro Antivirus 2016 %displayPrice% Emsisoft Anti-Malware 11.0 %displayPrice% ESET NOD32 Antivirus 10 %displayPrice% F-Secure Anti-Virus (2017) %displayPrice% Trend Micro Antivirus+ Security (2017) %displayPrice% Panda Antivirus Pro 2016 %displayPrice% Check Point ZoneAlarm PRO Antivirus + Firewall 2017 %displayPrice% Daily Safety Check Home Edition %displayPrice% VoodooSoft VoodooShield %displayPrice% Malwarebytes 3.
  • 5300c769af79e

    Hungry? Foursquare Bot Texts Food Recommendations

    So Foursquare invented Marsbot—a new way to discover the best places around you.Download the iOS app to start receiving contextually aware, proactive recommendations for food and nightlife spots.