Elec­tions board ‘very likely’ named in Mueller in­dict­ment

Illi­nois of­fi­cials say charges help put to rest some un­cer­tainty about 2016 breach

Chicago Tribune - - NEWS - Pa­trick O’Connell re­ported from Chicago. By Monique Gar­cia and Pa­trick M. O’Connell mc­gar­cia@chicagotri­bune.com pocon­nell@chicagotri­bune.com

SPRING­FIELD — The state’s voter reg­is­tra­tion data­base was “very likely” tar­geted by Rus­sian hack­ers charged by spe­cial coun­sel Robert Mueller with in­ter­fer­ing in the 2016 pres­i­den­tial cam­paign, the Illi­nois State Board of Elec­tions an­nounced Fri­day.

A spokesman said the agency had not re­ceived con­fir­ma­tion from the U.S. Depart­ment of Jus­tice but be­lieves Illi­nois’ elec­tions board is ref­er­enced in the in­dict­ment re­leased Fri­day as hav­ing the data of 500,000 vot­ers stolen.

Though the Mueller probe con­tin­ues to make na­tional waves, Illi­nois vot­ers have known about the cy­ber­at­tack for nearly two years. It was dis­cov­ered in July 2016, and the FBI is­sued an alert the fol­low­ing month. The time­line listed in the in­dict­ment matches up with what the state pub­licly ac­knowl­edged about a data breach in 2016.

Still, state of­fi­cials said Fri­day’s charges help put to rest some un­cer­tainty.

“We are grate­ful that DOJ has iden­ti­fied who the per­pe­tra­tors are,” state elec­tion board spokesman Matt Di­et­rich said at a hastily ar­ranged news con­fer­ence at the Illi­nois Capi­tol. “We never had any­thing on pa­per un­til to­day, and even then we don’t have a firm state­ment say­ing, ‘Yes, it’s you,’ al­though we think it’s more than likely ‘yes.’ ”

While the in­dict­ment al­leges that the names, ad­dresses, dates of birth, driver’s li­cense num­bers and par­tial So­cial Se­cu­rity num­bers of about 500,000 Illi­nois vot­ers were com­pro­mised, Di­et­rich said state of­fi­cials be­lieve that fig­ure is closer to 76,000 vot­ers. Di­et­rich said it’s pos­si­ble the higher fig­ure used in the in­dict­ment was “ar­rived at us­ing a dif­fer­ent method­ol­ogy pre­scribed un­der fed­eral crim­i­nal code.”

Of the 76,000 vot­ers who were no­ti­fied by the state that their in­for­ma­tion was at risk, Di­et­rich said none have re­ported sus­pi­cious ac­tiv­ity to the at­tor­ney gen­eral’s of­fice.

Illi­nois elec­tions of­fi­cials said they have taken steps to try to en­sure such a breach does not hap­pen again, not­ing plans to in­vest in cy­ber­se­cu­rity ef­forts.

“You should reg­is­ter to vote with con­fi­dence that your in­for­ma­tion is safe,” Di­et­rich said.

The bulk of Mueller’s in­dict­ment fo­cuses on an al­leged con­spir­acy to hack the Demo­cratic Na­tional Com­mit­tee and Hil­lary Clin­ton’s pres­i­den­tial cam­paign, but it also ac­cuses Rus­sian of­fi­cers of tar­get­ing state boards of elec­tions, sec­re­taries of state and U.S. com­pa­nies that sup­plied soft­ware and tech­nol­ogy re­lated to the ad­min­is­tra­tion of the 2016 U.S. elec­tions.

“The ob­ject of the con­spir­acy was to hack into pro­tected com­put­ers of per­sons and en­ti­ties charged with the ad­min­is­tra­tion of the 2016 U.S. elec­tions in or­der to ac­cess those com­put­ers and steal voter data and other in­for­ma­tion stored on those com­put­ers,” ac­cord­ing to the in­dict­ment.

Sev­eral Rus­sian of­fi­cers be­gan re­search­ing U.S. elec­tion-re­lated do­mains in June 2016, search­ing for vul­ner­a­bil­i­ties, the in­dict­ment says. In June and July 2016, the Rus­sian of­fi­cers “hacked the web­site of a state board of elec­tions and stole in­for­ma­tion re­lated to ap­prox­i­mately 500,000 vot­ers, in­clud­ing names, ad­dresses, par­tial so­cial se­cu­rity num­bers, dates of birth, and driver’s li­cense num­bers,” it says.

Af­ter the FBI is­sued an alert about the breach in Au­gust 2016, the Rus­sian of­fi­cers deleted records from their ac­counts, ac­cord­ing to the in­dict­ment. In Oc­to­ber that year, they in­ves­ti­gated the pos­si­ble vul­ner­a­bil­i­ties of elec­tion­re­lated web­sites in Iowa, Ge­or­gia and Florida. And in the days be­fore the Novem­ber 2016 elec­tion, ac­cord­ing to the in­dict­ment, the Rus­sians used phish­ing emails to tar­get elec­tion of­fi­cials in sev­eral Florida coun­ties.

The Rus­sian of­fi­cers, op­er­at­ing a mil­i­tary in­tel­li­gence agency called the Main In­tel­li­gence Direc­torate of the Gen­eral Staff, or GRU, also used a com­puter lo­cated in Illi­nois to help steal DNC doc­u­ments, the in­dict­ment says. In or­der to steal a large num­ber of doc­u­ments with­out de­tec­tion, the in­dict­ment says, the Rus­sians used a pub­licly avail­able tech­nol­ogy tool to gather and com­press files, in­clud­ing op­po­si­tion re­search, from DNC net­works.

They then used other mal­ware, known as X-Tun­nel, to move the DNC doc­u­ments to a GRU-leased com­puter in Illi­nois, ac­cord­ing to the in­dict­ment.

The Rus­sians moved dig­i­tal in­for­ma­tion from the DNC net­works to the com­puter in Illi­nois in April 2016, fed­eral of­fi­cials say. On April 22, 2016, the Rus­sians moved com­pressed DNC data us­ing X-Tun­nel to the com­puter, ac­cord­ing to the in­dict­ment. Six days later, they again con­nected to the com­puter in Illi­nois and used X-Tun­nel to steal ad­di­tional doc­u­ments.

Illi­nois vot­ers who sus­pect they are the vic­tim of iden­tity theft may con­tact the state at­tor­ney gen­eral’s Iden­tity Theft Hot­line at 1-866-999-5630.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.