A variety of press reports indicate that the Federal Bureau of Investigation is looking into intrusions at the voter registration offices of two states during July and August. The two states are Illinois, where the voter registration system was taken offline for two weeks in July, and Arizona, where the voter registration network was down only briefly. The reports indicate that approximately 200,000 records were taken in the Illinois breach but that the hackers failed in their attempt to take data from Arizona.
While federal investigators have not said specifically that the same groups were involved in both attacks, an alert sent to state election officials lists common IP addresses that were used in both attacks. Several third-party sources have identified the attackers as Russians, but U.S. law enforcement sources have not confirmed that.
However, the U.S. government is taking the threat seriously enough that Secretary of Homeland Security Jeh Johnson held a conference call with state election officials on Aug. 15 to discuss the need for increased security of election sites and to encourage state election officials to follow the recommendations of the National Institute of Standards and Technology and the Department of Justice in securing their systems.
"As part of the ongoing effort, the secretary also announced that DHS is convening a Voting Infrastructure Cyber-security Action Campaign with experts from all levels of government and the private sector to raise awareness of cyber-security risks potentially affecting voting infrastructure and promote the security and resilience of the electoral process," a spokesperson for DHS said as part of the announcement of the call.
For its part, the FBI isn't providing much detail, which is no surprise since this is still an ongoing investigation. "While we cannot comment on specific alerts, what we can say is that in furtherance of public/private partnerships, the FBI routinely advises private industry of various cyber-threat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cyber-criminals," an FBI spokesperson told eWEEK in an email.
The next question now becomes one of why the hackers were trying to break into voter registration databases. The most likely answer is that it was a routine attack aimed at identity theft. Voter registration databases may contain a significant amount of personal information that can be used in conjunction with other information that's already been taken from other compromised systems, or it may provide enough information on its own. Depending on the state, the database may contain driver's license information, social security numbers, full names and addresses, and the like.
But there's another possibility that's much more unsettling. Suppose the voter registration breach is just one part of an attempt to influence the upcoming election in the United States? The information in voter registration data, combined with information taken in the breach of the Democratic Party, and in breaches of other political organizations may be enough to form the baseline data for a sophisticated attack on the election itself.