Read the 4 page report here: Russia hacks Voter Databases
NextGov: The FBI warned election officials to enhance the security of systems after it found evidence foreign hackers penetrated databases in two state systems, Yahoo reports.
An Aug. 18 bulletin from the FBI’s Cyber Division stated hackers were able to exploit a Structured Query Language injection vulnerability to exfiltrate data from one state’s Board of Election website in July and attempted intrusions on another’s in August. The FBI alert lists eight IP addresses for the perpetrators and one used in both incidents, indicating the attacks could be linked.
The methods, tools and a previously flagged IP address resemble other suspect Russian state-sponsored attacks, an expert told Yahoo News.
Election security has been a hot-button issue a series of suspected Russian-sponsored attacks compromised the Democratic Party and media organizations allegedly to sway voter opinion. Earlier this month, Homeland Security Secretary Jeh Johnson suggested the federal government label elections systems as critical infrastructure.
The FBI issued the bulletin three days after Johnson had a call with representatives from National Association of Secretaries of State and U.S. Election Assistance Commission to offer DHS assistance addressing cybersecurity risks within each state’s election systems.
At the time of the call, per Johnson, DHS was not aware of any credible cyberthreats related to 2016 general election systems. Some swing states declined DHS’ assistance, including Georgia and Pennsylvania, stating they will rely on in-house security crews.
The FBI bulletin asks states and election boards to review activity logs for similar tools and techniques, and report them to local FBI field offices.
****
Homeland Security Secretary Jeh Johnson has promised state election officials his department’s assistance addressing cybersecurity risks within each state’s election systems.
Johnson made the remarks in a conference call with representatives from National Association of Secretaries of State, U.S. Election Assistance Commission and representatives from various federal agencies, including the Justice Department and the National Institute of Standards and Technology.
In an Aug. 15 readout of the call published by DHS, Johnson encouraged state election officials to implement recommendations from NIST and other bodies, such as ensuring electronic voting machines are disconnected from the internet during voting. Johnson said DHS has been exploring whether to designate electoral systems as critical infrastructure—and thus elevating its priority for protecting—in its discussions.
