A Blog by Jonathan Low

 

Aug 31, 2016

FBI Reports Russians Hacked Two US State Election Systems

The two states hacked - Illinois and Arizona  - are important, but not expected to be swing states in the upcoming US presidential election. Which leads to speculation that this could be a test or diversion from attempts already underway on those states likely to make a difference. JL

Michael Isikoff reports in Yahoo News:

One of the IP addresses listed in the FBI alert surfaced before in Russian criminal underground hacker forums. The method of attack on one of the state election systems — including the types of tools used by the hackers to scan for vulnerabilities and exploit them — appears to resemble methods used in other suspected Russian state-sponsored cyberattacks, including one just this month on the World Anti-Doping Agency.
The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.
The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections.
Those concerns prompted Homeland Security Secretary Jeh Johnson to convene a conference call with state election officials on Aug. 15, in which he offered his department’s help to make state voting systems more secure, including providing federal cybersecurity experts to scan for vulnerabilities, according to a “readout” of the call released by the department.
Johnson emphasized in the call that Homeland Security was not aware of “specific or credible cybersecurity threats” to the election, officials said. But three days after that call, the FBI Cyber Division issued a potentially more disturbing warning, titled “Targeting Activity Against State Board of Election Systems.” The alert, labeled as restricted for “NEED TO KNOW recipients,” disclosed that the bureau was investigating cyberintrusions against two state election websites this summer, including one that resulted in the “exfiltration,” or theft, of voter registration data. “It was an eye opener,” a senior law enforcement official said of the bureau’s discovery of the intrusions. “We believe it’s kind of serious, and we’re investigating.”
The bulletin does not identify the states in question, but sources familiar with the document say it refers to the targeting by suspected foreign hackers of voter registration databases in Arizona and Illinois. In the Illinois case, officials were forced to shut down the state’s voter registration system for 10 days in late July, after the hackers managed to download personal data on up to 200,000 state voters, Ken Menzel, the general counsel of the Illinois Board of Elections, said in an interview. The Arizona attack was more limited, involving malicious software that was introduced into its voter registration system but no successful exfiltration of data, a state official said.
The FBI bulletin listed eight separate IP addresses that were the sources of the two attacks and suggested that the attacks may have been linked, noting that one of the IP addresses was used in both intrusions. The bulletin implied that the bureau was looking for any signs that the attacks may have attempted to target even more than the two states. “The FBI is requesting that states contact their Board of Elections and determine if any similar activity to their logs, both inbound and outbound, has been detected,” the alert reads. “Attempts should not be made to touch or ping the IP addresses directly.”
“This is a big deal,” said Rich Barger, chief intelligence officer for ThreatConnect, a cybersecurity firm, who reviewed the FBI alert at the request of Yahoo News. “Two state election boards have been popped, and data has been taken. This certainly should be concerning to the common American voter.”
Barger noted that one of the IP addresses listed in the FBI alert has surfaced before in Russian criminal underground hacker forums. He also said the method of attack on one of the state election systems — including the types of tools used by the hackers to scan for vulnerabilities and exploit them — appears to resemble methods used in other suspected Russian state-sponsored cyberattacks, including one just this month on the World Anti-Doping Agency.
The FBI did not respond to detailed questions about the alert, saying in a statement only that such bulletins are provided “to help systems administrators guard against the actions of persistent cyber criminals.” Menzel, the Illinois election official, said that in a recent briefing, FBI agents confirmed to him that the perpetrators were believed to be foreign hackers, although they were not identified by country. He said he was told that the bureau was looking at a “possible link” to the recent highly publicized attack on the Democratic National Committee and other political organizations, which U.S. officials suspect was perpetrated by Russian government hackers. But he said agents told him they had reached no conclusions, and other experts say the hackers could also have been common cybercriminals hoping to steal personal data on state voters for fraudulent purposes, such as obtaining bogus tax refunds.

0 comments:

Post a Comment