The FBI believes hackers tried to get data from the State Board of Elections in at least two states in July and August, according to a notice sent to elections officials around the country and published by Yahoo News Monday morning. It’s unclear what data the hackers were able to get, but the information suggests they scanned the state elections boards’ websites looking for vulnerabilities. They found several and attempted to enter the systems, and some “exfiltration”—which refers to theft of data—occurred.
On August 18, state elections officials received a “Flash,” a notice sent by the FBI to various relevant parties, titled “Targeting Activity Against State Board of Election Systems.” The FBI reported that it had received reports of an additional IP address—a unique series of numbers that identifies every device that connects to the internet—within the logs of one state’s board of election’s system in July, and then another attempt at breaking into a separate state’s system in August. The IP address numbers can be easily masked to hide an attacker’s true origin, but the flash included detailed information about the methods used by the hackers. The FBI asked state election officials to scan their own network logs for similar activities.
The FBI didn’t identify the states involved, but Yahoo News, citing “sources familiar with” the FBI flash, reports that the attacks likely targeted voter registration databases in Arizona and Illinois. In Illinois, state election officials shut down the state’s voter registration system for 10 days in late July, Yahoo News reports, while the attack in Arizona was more limited.
The FBI flash does not attribute the attacks to anyone specifically, but the revelation comes following recent hacks of the Democratic National Committee and other major Democratic Party organizations and officials that, the US government says, implicated hackers working with or on behalf of Russia. The hacker who has claimed responsibility for the DNC hacks, Guccifer 2.0, has told Mother Jones and others that he was born in Eastern Europe and is not at all connected to Russia, a claim doubted by outside security officials. Russian officials have repeatedly denied that the Russian government had anything to do with the hacks.
The IP addresses provided by the FBI in the flash point to computer systems in the Netherlands and Delaware, according to online IP tracking tools, but Wired says further analysis shows at least one of the IP addresses appears to be linked to a website linked with the Turkish AKP political party. The Yahoo News report cites a cybersecurity expert saying one of the IP addresses has “surfaced before in Russian criminal underground hacker forums,” and the attack methods resemble a hack of the World Anti-Doping Agency earlier this month. Others have blamed that hack on Russia as well. But the types of attacks, methods, and tools detailed by the FBI flash are quite common in the hacking world. That means blaming Russia or anybody else at this point is only speculative.
The hack, combined with other vulnerabilities in the American election infrastructure, including voting machines that produce no verifiable paper audit trail, reinforces the notion that the US election system is vulnerable to disruption.
“This is a big deal,” Rich Barger, the head of cybersecurity firm ThreatConnect, told Yahoo News. “Two state election boards have been popped and data has been taken. This certainly should be concerning to the common American voter.”