FBI detects breaches against two state voter systems

The FBI found breaches in Illinois and Arizona's voter registration databases.

AP Photo/Manuel Balce Ceneta, File
FILE - This Feb. 3, 2012, file photo shows FBI headquarters in Washington. The FBI is warning state officials to boost their election security in light of evidence that hackers breached the election systems of a pair of states. The Aug. 18, 2016, warning came just days after Homeland Security Secretary Jeh Johnson hosted a call with secretaries of state and other state elections officials to talk about cybersecurity and the election infrastructure. (AP Photo/Manuel Balce Ceneta, File)

The Federal Bureau of Investigation has found breaches in Illinois and Arizona's voter registration databases and is urging states to increase computer security ahead of the Nov. 8 presidential election, according to a U.S. official familiar with the probe.

The official, speaking on condition of anonymity, said on Monday that investigators were also seeking evidence of whether other states may have been targeted.

The FBI warning in an Aug. 18 flash alert from the agency's Cyber Division did not identify the intruders or the two states targeted.

Reuters obtained a copy of the document after Yahoo News first reported the story Monday.

Accessing information in a voter database, much of which is publicly accessible, does not necessarily suggest an effort to manipulate the votes themselves. When registering, voters typically provide their names, home addresses, driver's license or identification numbers, and party affiliations.

But U.S. intelligence officials have become increasingly worried that hackers sponsored by Russia or other countries may attempt to disrupt the presidential election.

Officials and cyber security experts say recent breaches at the Democratic National Committee and elsewhere in the Democratic Party were likely carried out by people within the Russian government. Kremlin officials have denied that.

An FBI spokeswoman would not comment on the alerts but said the agency "routinely advises" on "various cyber threat indicators observed during the course of our investigations."

The intrusions come amid repeated unsubstantiated claims by Republican presidential candidate Donald Trump that the U.S. election system is "rigged."

Trump has cited emails leaked from the DNC that indicated the party leadership favored Hillary Clinton over rival candidate Bernie Sanders as reason to cast doubt on the electoral process in general.

'LARGER ATTACK'?

David Kennedy, chief executive officer of information security consulting company TrustedSec, said the attacks referenced in the FBI alert appeared to be largely exploratory and not especially sophisticated.

"It could be a precursor to a larger attack," he added.

Citing a state election board official, Yahoo News said the Illinois voter registration system was shut down for 10 days in late July after hackers downloaded personal data on up to 200,000 voters.

State voter systems are often targeted by hackers, and 200,000 is a relatively small number compared to other recent incidents. An independent computer security researcher uncovered in December of last year a database on 191 million voters that was exposed on the open Internet due to an incorrect configuration.

The Arizona attack was more limited and involved introducing malicious software into one state employee's computer, said Matt Roberts, communications director for the Arizona secretary of state's office.

That office publicly reported a cyber incident in June after being contacted by the FBI, which led to it temporarily shutting down its election site to deal with the potential threat.

Roberts said he was uncertain if the FBI advisory was in reference to that same June incident, during which investigators found no evidence of any data exfiltration. In that episode, the FBI told Arizona officials the hackers were believed to be Russian and described it as an "eight out of 10" on a threat severity scale, Roberts said.

Arizona will hold Republican and Democratic primaries for congressional races on Tuesday. 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.