A variety of press reports indicate that the Federal Bureau of Investigation is looking into intrusions at the voter registration offices of two states during July and August. The two states are Illinois, where the voter registration system was taken offline for two weeks in July, and Arizona, where the voter registration network was down only briefly. The reports indicate that approximately 200,000 records were taken in the Illinois breach but that the hackers failed in their attempt to take data from Arizona.
While federal investigators have not said specifically that the same groups were involved in both attacks, an alert sent to state election officials lists common IP addresses that were used in both attacks. Several third-party sources have identified the attackers as Russians, but U.S. law enforcement sources have not confirmed that.
However, the U.S. government is taking the threat seriously enough that Secretary of Homeland Security Jeh Johnson held a conference call with state election officials on Aug. 15 to discuss the need for increased security of election sites and to encourage state election officials to follow the recommendations of the National Institute of Standards and Technology and the Department of Justice in securing their systems.
“As part of the ongoing effort, the secretary also announced that DHS is convening a Voting Infrastructure Cyber-security Action Campaign with experts from all levels of government and the private sector to raise awareness of cyber-security risks potentially affecting voting infrastructure and promote the security and resilience of the electoral process,” a spokesperson for DHS said as part of the announcement of the call.
For its part, the FBI isn’t providing much detail, which is no surprise since this is still an ongoing investigation. “While we cannot comment on specific alerts, what we can say is that in furtherance of public/private partnerships, the FBI routinely advises private industry of various cyber-threat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cyber-criminals,” an FBI spokesperson told eWEEK in an email.
The next question now becomes one of why the hackers were trying to break into voter registration databases. The most likely answer is that it was a routine attack aimed at identity theft. Voter registration databases may contain a significant amount of personal information that can be used in conjunction with other information that’s already been taken from other compromised systems, or it may provide enough information on its own. Depending on the state, the database may contain driver’s license information, social security numbers, full names and addresses, and the like.
But there’s another possibility that’s much more unsettling. Suppose the voter registration breach is just one part of an attempt to influence the upcoming election in the United States? The information in voter registration data, combined with information taken in the breach of the Democratic Party, and in breaches of other political organizations may be enough to form the baseline data for a sophisticated attack on the election itself.
Foreign Hackers Allegedly Breach 2 State Election Databases
According to a study by the Institute for Critical Infrastructure Technology, the voting system in the United States is highly vulnerable. According to James Scott, a senior fellow at the institute, the shift to electronic voting machines following the contested Bush/Gore election resulted in broad reliance on voting machines with little security. Some of these machines are so insecure that they can be attacked through known vulnerabilities using WiFi operated by an attacker in the parking lot near the polling station.
Tyler Cohen Wood, former Defense Intelligence Agency deputy division chief, said that a more significant threat probably exists in the areas where votes are consolidated by county and state election offices. Vulnerabilities exist through insider threats, the supply chain (including where voting machines are serviced and updated) and through the networks where poll results are tallied.
“We’ve gone from the hanging chad to where, for the most part, everything is electronic,” said Wood, who is currently cyber-security advisor at Inspired eLearning. “If devices are connected and if there are vulnerabilities, it’s possible for hackers to get in and change the voting.”
An additional threat pointed out by Scott is that a series of persistent attacks and data exfiltration can undermine the faith in the voting process. While that might not actually change any votes, it can give rise to credibility among those who claim that the voting system is rigged. An increase in such credibility can cause delays through recounts, investigations, legal action and other challenges that could bring chaos to the voting in important elections.
Unfortunately, a great deal boils down to the motives of the alleged Russian hackers who broke into the voter registration database in Illinois. Was it just a poorly executed attempt at identity theft, or something much more sinister? Until more is known about the attackers, it’s impossible to say.
But what it does mean is that in this age of state budget shortfalls, it’s still necessary to find the money to improve voting security. While voting security has been a key part of elections in the United States, that doesn’t mean that those elections are necessarily secure. But the states need to find a way to make voting as secure as it can be.