Hackers based outside the United States have broken into two State Election databases in recent weeks, according to a report from Yahoo News, which on Monday revealed a "flash" alert sent earlier this month by the FBI's Cyber Division.
The bulletin reported that the FBI had received information about separate IP addresses attempting to hack into two different States' Board of Election websites. The document itself does not disclose which states were affected, although Yahoo News' Michael Isikoff cited "sources familiar with the document" as saying they are Arizona and Illinois.
Yahoo News reported that the Illinois hacking was more serious, forcing officials to shut down the Voter Registration system for 10 days in late July after hackers downloaded personal data on up to 200,000 voters.
The Arizona attack was more limited and involved introducing malicious software into the Voter Registration system, Yahoo News quoted a State official as saying "no data was removed in that attack," the official said.
"The FBI is requesting that states contact their Board of Elections and determine if any similar activity to their logs, both inbound and outbound, has been detected. Attempts should not be made to touch or ping the IP addresses directly," the bulletin recommended.
The news comes amid increased concerns about the potential for cyberintrusion into the General Election, as well as Republican nominee Donald Trump's warning that the process could be "rigged" against him.
Homeland Security Secretary Jeh Johnson briefed State Officials earlier this month, offering Federal resources to help State officials scan their systems for vulnerabilities.
The FBI bulletin listed eight separate IP addresses that were the sources of the two attacks and suggested that the attacks may have been linked, noting that one of the IP addresses was used in both intrusions. The bulletin implied that the bureau was looking for any signs that the attacks may have attempted to target even more than the two states. “The FBI is requesting that states contact their Board of Elections and determine if any similar activity to their logs, both inbound and outbound, has been detected,” the alert reads. “Attempts should not be made to touch or ping the IP addresses directly.”
“This is a big deal,” said Rich Barger, Chief Intelligence Officer for ThreatConnect, a cybersecurity firm, who reviewed the FBI alert at the request of Yahoo News. “Two state election boards have been popped, and data has been taken. This certainly should be concerning to the common American voter.”
Barger noted that one of the IP addresses listed in the FBI alert has surfaced before in Russian criminal underground hacker forums. He also said the method of attack on one of the State Election systems, including the types of tools used by the hackers to scan for vulnerabilities and exploit them, appears to resemble methods used in other suspected Russian state-sponsored cyberattacks, including one just this month on the World Anti-Doping Agency.
The FBI did not respond to detailed questions about the alert, saying in a statement only that such bulletins are provided “to help systems administrators guard against the actions of persistent cyber criminals.” Menzel, the Illinois Election Official, said that in a recent briefing, FBI agents confirmed to him that the perpetrators were believed to be foreign hackers, although they were not identified by country. He said he was told that the bureau was looking at a “possible link” to the recent highly publicized attack on the Democratic National Committee and other political organizations, which U.S. officials suspect was perpetrated by Russian Government hackers. But he said agents told him they had reached no conclusions, and other experts say the hackers could also have been common cybercriminals hoping to steal personal data on State Voters for fraudulent purposes, such as obtaining bogus tax refunds.
NYC Wins When Everyone Can Vote! Michael H. Drucker