FBI Warns State Election Databases Breached by Foreign Hackers



The Federal Bureau of Investigation has issued an alert this month, urging US state election officials to increase cybersecurity measures after finding evidence that two state election databases were breached in recent weeks.

The FBI’s cyber division issued a flash alert warning on August 18, urging US election officials to improve their cybersecurity framework, according to a report by Yahoo News.

Citing unnamed law enforcement officials, the publication revealed that foreign hackers are believed to be behind the cyber-intrusions.

While the FBI warning did not specify the two targeted states in its alert, sources close to the investigation pointed to Arizona and Illinois as the states whose voter registration systems were compromised.

Related read: Security Researcher Arrested after Revealing Flaws in Election Website

One state election board official told the publication that the Illinois voter registration system was shut down for over 10 days in late July, with hackers stealing personal data of some 200,000 voters.

The official also revealed that the cyberattack targeting Arizona saw malware introduced into the voter registration system. However, no data was stolen, according to the official.

The alert was issued in the wake of increased concerns among U.S. intelligence officials about the possibility of cyberattacks during the upcoming presidential elections in November, potentially by state-sponsored Russian hackers.

Yahoo News Reported:

Those concerns prompted Homeland Security Secretary Jeh Johnson to convene a conference call with state election officials on Aug. 15, in which he offered his department’s help to make state voting systems more secure, including providing federal cybersecurity experts to scan for vulnerabilities, according to a “readout” of the call released by the department.

Three days after that conference call, the alert was issued. An FBI bulletin detailing the investigation listed eight separate IP addresses, pinpointed as sources of the two attacks. One of the IP addresses were used in both intrusions. Among the IP addresses, one of them has previous surfaced in Russian criminal underground hacker forums. Cybersecurity experts have further determined that the tools used by the hackers to scan for and exploit vulnerabilities resemble the techniques used by suspected Russian state-sponsored cyberattacks, such as the one on the World Anti-Doping Agency this month.

Image credit: Wikimedia.