Hackers targeting elections databases
FBI warns states after Ill. breach, attempt in Ariz; Maryland says it’s prepared
The FBI is warning state elections officials in Maryland and around the country to be on their guard against hackers after the breach of a voter information database in Illinois and an attempted attack in Arizona.
Maryland officials said they are already prepared to fight off the type of attack the FBI warned about.
The hack in Illinois marked the first confirmation that such a breach could be executed successfully, said Nikki Baines Charlson, deputy administrator of the Maryland Board of Elections.
“This is the type of activity we watch for,” she said. She said the state has deployed the type of cybersecurity needed to fend off such threats.
Federal officials have been taking steps to help states ensure the security of their elections systems, amid growing concern about the vulnerability of the American political system to foreign hackers. The FBI is investigating a hack of the Democratic National Committee that resulted in the unauthorized release of tens of thousands of emails.
Maryland has three large systems of voter information to protect: the election machines themselves, the voter registration database and the online voter service system through which residents may request ballots or register online.
Charlson said the elections board has multiple lines of defense to keep hackers out, and to detect and root them out if they penetrate the system.
Michael Greenberger, the director of the Center for Health and Homeland Security at the University of Maryland, wrote to the board last week warning that the online system for obtaining absentee ballots is vulnerable to manipulation.
Greenberger, who said he was writing in a personal capacity, said the system “is far too vulnerable to hacking by bad actors who An election judge assists a voter in Chicago. The Illinois State Board of Elections suffered a data breach this year. seek to compromise the integrity of American elections.”
Greenberger said he worried “about the ability of the board’s professional staff to take guidance from the FBI.”
Elections officials in Illinois said Monday that the personal information of almost 200,000 voters was hacked in a cyberattack that began in June and was halted a month later.
Ken Menzel, general counsel for the Illinois State Board of Elections, said no files of registered voters were erased or modified and that no voting history information or voter signature images were captured. But he said it’s possible that some voter personal information, including driver’s license numbers and the last four digits of Social Security numbers, could have been accessed.
The FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state.
The bureau described the threat as “credible” and significant, “an eight on a scale of one to 10,” Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan, said Monday. Reagan shut down the state’s voter registration system for nearly a week.
It turned out that the hackers had not compromised the state system or even any county system. They had, however, stolen the user name and password of a single elections official in Gila County.
Roberts said FBI investigators did not specify whether the hackers were criminals or employed by the Russian government.
In Illinois, board staff became aware of a security breach July 12. Programmers used code changes to stop the malicious database queries.
The board stopped outside access to its website, including its online voter registration application process, to prevent further intrusions, and notified the Illinois attorney general’s office and the General Assembly under the state’s Personal Information Protection Act, Menzel said.