Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

FBI Warns of Attacks on State Election Systems

A flash alert issued by the FBI earlier this month warns that unknown threat actors targeted the board of election systems of two U.S. states using widely available security testing tools.

A flash alert issued by the FBI earlier this month warns that unknown threat actors targeted the board of election systems of two U.S. states using widely available security testing tools.

According to the alert, which is addressed to “need to know” recipients, one attack was detected in July and the second in August. In the first attack, the threat actor scanned the website of a state’s board of election using the Acunetix vulnerability scanner, which helped them identify an SQL injection flaw.

The attackers exploited the vulnerability in mid-July using SQLmap, an open-source SQL injection and database takeover tool, in order to exfiltrate data. The attackers also leveraged DirBuster, a Java application designed to brute force directories and filenames on web and application servers.

The FBI has provided indicators of compromise, including IP addresses and log entries, and instructed each state to contact their board of elections and determine if they have been targeted in similar attacks. The agency has advised organizations to refrain from directly contacting the IP addresses used by the attackers.

Yahoo! News, which broke the story, learned that the two attacks were aimed at the Board of Election systems in Illinois and Arizona. The attackers reportedly exfiltrated the details of 200,000 voters in Illinois, but there is no evidence of data theft in Arizona.

Both the Illinois and Arizona incidents made the news after authorities decided to temporarily shut down voter registration systems.

The FBI alert was issued shortly after Secretary of Homeland Security Jeh Johnson offered to help state officials protect voting systems against cyberattacks.

Although unconfirmed, some reports link the recent election board attacks to the Russian state-sponsored threat group that recently targeted the World Anti-Doping Agency (WADA) and the Democratic Party.

Advertisement. Scroll to continue reading.

“The attack on two election systems could be the final straw in the debate over whether or not the election process should be classified as critical infrastructure,” Vishal Gupta, CEO of Seclore, told SecurityWeek. ”The data breaches at the DNC and DCCC clearly held the potential to impact the election, but when hackers begin targeting the physical systems involved in choosing the next leader of the free world, the stakes are higher than ever.

“In all these instances, intelligence gathering seems to be the prime motivation for whoever is behind this cyber campaign (all signs point to a nation-state actor) which is a stark reminder that defending data being stored in our systems is often times more critical than historically unreliable network defenses,” Gupta added.

U.S. election websites have been known to be vulnerable to cyberattacks. A security researcher was arrested and charged earlier this year after finding and exploiting flaws in a couple of Florida election websites.

Voter information has also been exposed by third parties. Last year, an expert discovered misconfigured databases that stored the details of hundreds of millions of U.S. voters.

Related: Hacking of DNC Raises Fears of Cyber Attack on U.S. Election

Related: US Election – Official Probe Slams Clinton’s Private Email Use

Related: 55 Million Exposed After Hack of Philippine Election Site

Related: 93 Million Mexican Voter Records Leaked Online

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...