The FBI’s Cyber Division issued an alert to state elections systems after it uncovered evidence foreign hackers had penetrated systems in two states. Yahoo News reports:
The bulletin does not identify the states in question, but sources familiar with the document say it refers to the targeting by suspected foreign hackers of voter registration databases in Arizona and Illinois. In the Illinois case, officials were forced to shut down the state’s voter registration system for 10 days in late July, after the hackers managed to download personal data on up to 200,000 state voters, Ken Menzel, the general counsel of the Illinois Board of Elections, said in an interview. The Arizona attack was more limited, involving malicious software that was introduced into its voter registration system but no successful exfiltration of data, a state official said…
“This is a big deal,” said Rich Barger, chief intelligence officer for ThreatConnect, a cybersecurity firm, who reviewed the FBI alert at the request of Yahoo News. “Two state election boards have been popped, and data has been taken. This certainly should be concerning to the common American voter.”
Barger noted that one of the IP addresses listed in the FBI alert has surfaced before in Russian criminal underground hacker forums. He also said the method of attack on one of the state election systems — including the types of tools used by the hackers to scan for vulnerabilities and exploit them — appears to resemble methods used in other suspected Russian state-sponsored cyberattacks, including one just this month on the World Anti-Doping Agency.
No one is coming right out and saying this is Russia but, once again, there is some early evidence pointing that direction. However that doesn’t necessarily mean this was a state-sponsored attack about the election. Politico reports it could also be a hack aimed at selling personal information:
Some cyber experts are skeptical that the attacks on the elections offices had any political motive, noting that hackers often rifle through government databases looking for personal information they can sell.
“It’s got the hallmark signs of any criminal actors, whether it be Russia or Eastern Europe,” said Milan Patel, a former chief technology officer of the FBI’s Cyber Division who is now at the security firm K2 Intelligence. However, he added, “the question of getting into these databases and what it means is certainly not outside the purview of state-sponsored activity.”
The real concern here is not the two intrusions that have already been detected but the possibility that a full scale hack could create chaos on election day. Yahoo News notes, “six states and parts of four others,” use direct electronic voting for which there is no paper back up. A hacker who was able to access the data in those systems could potentially make the outcome of the election in those states suspect. Politico reports the FBI’s alert to state officials is unprecedented:
One person who works with state election officials called the FBI’s memo “completely unprecedented.”
“There’s never been an alert like that before that we know of,” said the person, who requested anonymity to discuss sensitive intergovernmental conversations.
So the picture isn’t very clear at this moment. Maybe it was Russia and, if so, maybe it was state sponsored. Given the intrusions at the DNC, DCCC, the Clinton Foundation and other politically connected organizations by Russia this year, it makes sense to be very cautious with state election systems.