Hack­ers tar­get­ing elec­tions data­bases

FBI warns states af­ter Ill. breach, at­tempt in Ariz; Mary­land says it’s pre­pared

Baltimore Sun - - NATION - By Rick Pear­son, Erin Cox and Ian Dun­can The Wash­ing­ton Post con­trib­uted to this ar­ti­cle. idun­can@balt­sun.com ecox@balt­sun.com

The FBI is warn­ing state elec­tions of­fi­cials in Mary­land and around the coun­try to be on their guard against hack­ers af­ter the breach of a voter in­for­ma­tion data­base in Illi­nois and an at­tempted at­tack in Ari­zona.

Mary­land of­fi­cials said they are al­ready pre­pared to fight off the type of at­tack the FBI warned about.

The hack in Illi­nois marked the first con­fir­ma­tion that such a breach could be ex­e­cuted suc­cess­fully, said Nikki Baines Charl­son, deputy ad­min­is­tra­tor of the Mary­land Board of Elec­tions.

“This is the type of ac­tiv­ity we watch for,” she said. She said the state has de­ployed the type of cy­ber­se­cu­rity needed to fend off such threats.

Fed­eral of­fi­cials have been tak­ing steps to help states en­sure the se­cu­rity of their elec­tions sys­tems, amid grow­ing con­cern about the vul­ner­a­bil­ity of the Amer­i­can po­lit­i­cal sys­tem to for­eign hack­ers. The FBI is in­ves­ti­gat­ing a hack of the Demo­cratic Na­tional Com­mit­tee that re­sulted in the unau­tho­rized re­lease of tens of thou­sands of emails.

Mary­land has three large sys­tems of voter in­for­ma­tion to pro­tect: the elec­tion ma­chines them­selves, the voter reg­is­tra­tion data­base and the on­line voter ser­vice sys­tem through which res­i­dents may re­quest bal­lots or reg­is­ter on­line.

Charl­son said the elec­tions board has mul­ti­ple lines of de­fense to keep hack­ers out, and to de­tect and root them out if they pen­e­trate the sys­tem.

Michael Green­berger, the di­rec­tor of the Cen­ter for Health and Home­land Se­cu­rity at the Univer­sity of Mary­land, wrote to the board last week warn­ing that the on­line sys­tem for ob­tain­ing ab­sen­tee bal­lots is vul­ner­a­ble to ma­nip­u­la­tion.

Green­berger, who said he was writ­ing in a per­sonal ca­pac­ity, said the sys­tem “is far too vul­ner­a­ble to hack­ing by bad ac­tors who An elec­tion judge as­sists a voter in Chicago. The Illi­nois State Board of Elec­tions suf­fered a data breach this year. seek to com­pro­mise the in­tegrity of Amer­i­can elec­tions.”

Green­berger said he wor­ried “about the abil­ity of the board’s pro­fes­sional staff to take guid­ance from the FBI.”

Elec­tions of­fi­cials in Illi­nois said Mon­day that the per­sonal in­for­ma­tion of al­most 200,000 vot­ers was hacked in a cy­ber­at­tack that be­gan in June and was halted a month later.

Ken Men­zel, gen­eral coun­sel for the Illi­nois State Board of Elec­tions, said no files of reg­is­tered vot­ers were erased or mod­i­fied and that no vot­ing his­tory in­for­ma­tion or voter sig­na­ture images were cap­tured. But he said it’s pos­si­ble that some voter per­sonal in­for­ma­tion, in­clud­ing driver’s li­cense num­bers and the last four dig­its of So­cial Se­cu­rity num­bers, could have been ac­cessed.

The FBI alerted Ari­zona of­fi­cials in June that Rus­sians were be­hind the as­sault on the elec­tion sys­tem in that state.

The bureau de­scribed the threat as “cred­i­ble” and sig­nif­i­cant, “an eight on a scale of one to 10,” Matt Roberts, a spokesman for Ari­zona Sec­re­tary of State Michele Rea­gan, said Mon­day. Rea­gan shut down the state’s voter reg­is­tra­tion sys­tem for nearly a week.

It turned out that the hack­ers had not com­pro­mised the state sys­tem or even any county sys­tem. They had, how­ever, stolen the user name and pass­word of a sin­gle elec­tions of­fi­cial in Gila County.

Roberts said FBI in­ves­ti­ga­tors did not spec­ify whether the hack­ers were crim­i­nals or em­ployed by the Rus­sian gov­ern­ment.

In Illi­nois, board staff be­came aware of a se­cu­rity breach July 12. Pro­gram­mers used code changes to stop the ma­li­cious data­base queries.

The board stopped out­side ac­cess to its web­site, in­clud­ing its on­line voter reg­is­tra­tion ap­pli­ca­tion process, to pre­vent fur­ther in­tru­sions, and no­ti­fied the Illi­nois at­tor­ney gen­eral’s of­fice and the Gen­eral Assem­bly un­der the state’s Per­sonal In­for­ma­tion Pro­tec­tion Act, Men­zel said.


Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.