FBI Evidence Shows Two State Election Systems Penetrated by Hackers
The FBI has uncovered evidence that foreign hackers have gained access to two states’ election systems in the past few weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems.
The alert comes just days after Homeland Security Secretary Jeh Johnson convened with state election officials and offered them his department’s help to make state voting systems more secure against cyber threats. During the conference call, Johnson said there were not “specific or credible threats” to the election.
Only three days later, the FBI Cyber Division issued a disturbing warning, “Targeting Activity Against State Board of Election Systems.” The disturbing warning disclosed that the bureau was investigating cyberintrusions against two state election websites during the summer, including one that resulted in the “exfiltration,” or theft, of voter registration data, according to Yahoo! News who obtained a copy of the alert.
While the bulletin does not release the names of the states in question, it has been widely reported that sources close to the investigation believe the registration databases that were left vulnerable belong to Arizona and Illinois.
Yahoo! News reported that in the Illinois case, officials shut down the state’s voter registration system for 10 days in July after hacker managed to download personal data on up to 200,000 state voters.
The Arizona attack wasn’t as expansive, but it did involve malicious software that was introduced to its voter registration system. There was not successful download of personal data, a state official said.
The FBI bulletin implied that the hackers were attempting to target more than just Arizona and Illinois.
“The FBI is requesting that states contact their Board of Elections and determine if any similar activity to their logs, both inbound and outbound, has been detected,” the alert reads. “Attempts should not be made to touch or ping the IP addresses directly.”