Feds Warn States to Batten Down Hatches Following Election System Attacks


The FBI has launched investigations into malicious cyberattacks on the electronic election infrastructures in Illinois and Arizona, and federal officials last month warned states to take steps to protect their systems as the presidential campaign heats up, according to reports that surfaced this week.

The attacks, dating back to June, led to the illegal download of information on more than 200,000 Illinois voters, leading to a 10-day shutdown of the state's voter registration system.

Hackers also penetrated systems in Arizona but apparently failed to download specific voter information.

A timeline issued by the Illinois Board of Elections confirmed that it contacted the Illinois Attorney General's office, was contacted by the FBI, and has been cooperating with the agency.

The attack on the Illinois voter registration database began on June 23 and was discovered on July 12, according to the timeline. The voter registration database apparently was the victim of an SQL injection attack, resulting from repeatedly entering an authorized database query into a data field on a website. The Illinois AG was notified on July 19.

The attackers reportedly were hitting the database five times per second, 24 hours a day from June 23 to Aug. 12. The site was taken down as a precaution on July 13, and firewall protection prevented further data from being compromised.

Passwords of election authorities and their staffs reportedly were compromised. Personal information of voters also was compromised, but their voting signatures and histories apparently were not exposed.

State voting systems have been dealing with hacking attempts for 10 years, noted Ken Menzel, general counsel of the Illinois State Board of Elections.

However, why hackers targeted Illinois and not other states in this instance is unknown, he told the E-Commerce Times.

"Until law enforcement catches the who, I don't think we're going to have a sense of exactly why," Menzel said.

There are about 7.5 million active voters in Illinois, he noted, and 200,000 is the upper end of the number of records compromised.

The Illinois Attorney General's office is working with the board to notify voters about the breach, said AG spokesperson Eileen Boyce.

The exploitation of vulnerabilities in electronic voting systems has been a nagging worry for years.

"I think we can safely say that it's a unanimous and universal concern that electoral systems are appropriately protected," said Christopher Budd, global threat communication manager at Trend Micro.

Voting data can be exploited in a number of ways, he told the E-Commerce Times, including extortion, phishing schemes, and identity theft -- particularly involving the deceased.

Department of Homeland Security Secretary Jeh Johnson last month hosted a conference call with top state election officials to discuss the cybersecurity issue and the need to protect voting infrastructures. The call participants included members of the U.S. Election Assistance Commission, the Department of Commerce's National Institute for Standards and Technology, and the Department of Justice.

DHS planned to launch a Voting Infrastructure Cybersecurity Action Campaign, Johnson said during the call, enlisting experts of all levels from the government and private sector.

State officials should implement NIST and EAC recommendations on securing voting infrastructure, he advised, which include making sure voting machines are not connected to the Internet while voting is taking place.

Meanwhile, Arizona took its voter registration system offline in June, due to what the FBI characterized as a credible threat, according to Matt Roberts, spokesperson for Arizona Secretary of State Michele Reagan.

"As you might have seen, a credential used by a county user to access the Arizona Statewide Voter Registration System was compromised by malware inadvertently installed on a county computer and subsequently leaked by a known Russian hacker," he told the E-Commerce Times.

"Our office immediately took steps to perform an exhaustive security review of the statewide voter registration system with the help of the Arizona Department of Administration and our voter registration software vendor," Roberts said.

"We found no evidence that anyone was able to penetrate the our security to gain access to the information within the registration database," he noted. "We have implemented enhanced measures to ensure access the system is secure, restored the system and continued its use."

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    BI Self-Service Analytics: IT's Next Top Priority

    The drive to enable more self-service analytics for business intelligence users is certainly not news.These are reasons that organizations are still talking about bringing self-service queries and analytics to business users.
  • 5300c769af79e

    Microsoft (Finally) Beefs Up Translator App for Android

    It's taken a bit of time to get there, but Android fans who use Microsoft's Translator app to help them out on their international trips (or language studies) can now partake in a few of the features their peers received months (if not years) ago.This Deep Neural Network technology provides the highest-quality offline translation available on the market," reads Microsoft's description.
  • 5300c769af79e

    T-Mobile Uncarrier 11 Includes T-Mobile Tuesdays and Stock Up

    If you are a T-Mobile customer, prepare for free pizza and a Wendy’s Frosty dessert.Tirelessly stressed by T-Mobile, T-Mobile Tuesday is not like other reward or loyalty programs.
  • 5300c769af79e

    Senate Committee Hears Litany of IRS Cybersecurity Failings

    Internal Revenue Service's cybersecurity measures are woefully inadequate, according to testimony presented this week to the Senate Finance Committee.Cybercriminals are becoming increasingly sophisticated, and attacks and privacy breaches "are increasing across the country in all areas of government and industry," said IRS Commissioner John Koskinen.