Security Experts:

FBI Warns of Attacks on State Election Systems

A flash alert issued by the FBI earlier this month warns that unknown threat actors targeted the board of election systems of two U.S. states using widely available security testing tools.

According to the alert, which is addressed to “need to know” recipients, one attack was detected in July and the second in August. In the first attack, the threat actor scanned the website of a state’s board of election using the Acunetix vulnerability scanner, which helped them identify an SQL injection flaw.

The attackers exploited the vulnerability in mid-July using SQLmap, an open-source SQL injection and database takeover tool, in order to exfiltrate data. The attackers also leveraged DirBuster, a Java application designed to brute force directories and filenames on web and application servers.

The FBI has provided indicators of compromise, including IP addresses and log entries, and instructed each state to contact their board of elections and determine if they have been targeted in similar attacks. The agency has advised organizations to refrain from directly contacting the IP addresses used by the attackers.

Yahoo! News, which broke the story, learned that the two attacks were aimed at the Board of Election systems in Illinois and Arizona. The attackers reportedly exfiltrated the details of 200,000 voters in Illinois, but there is no evidence of data theft in Arizona.

Both the Illinois and Arizona incidents made the news after authorities decided to temporarily shut down voter registration systems.

The FBI alert was issued shortly after Secretary of Homeland Security Jeh Johnson offered to help state officials protect voting systems against cyberattacks.

Although unconfirmed, some reports link the recent election board attacks to the Russian state-sponsored threat group that recently targeted the World Anti-Doping Agency (WADA) and the Democratic Party.

“The attack on two election systems could be the final straw in the debate over whether or not the election process should be classified as critical infrastructure,” Vishal Gupta, CEO of Seclore, told SecurityWeek. ”The data breaches at the DNC and DCCC clearly held the potential to impact the election, but when hackers begin targeting the physical systems involved in choosing the next leader of the free world, the stakes are higher than ever.

“In all these instances, intelligence gathering seems to be the prime motivation for whoever is behind this cyber campaign (all signs point to a nation-state actor) which is a stark reminder that defending data being stored in our systems is often times more critical than historically unreliable network defenses,” Gupta added.

U.S. election websites have been known to be vulnerable to cyberattacks. A security researcher was arrested and charged earlier this year after finding and exploiting flaws in a couple of Florida election websites.

Voter information has also been exposed by third parties. Last year, an expert discovered misconfigured databases that stored the details of hundreds of millions of U.S. voters.

Related: Hacking of DNC Raises Fears of Cyber Attack on U.S. Election

Related: US Election - Official Probe Slams Clinton's Private Email Use

Related: 55 Million Exposed After Hack of Philippine Election Site

Related: 93 Million Mexican Voter Records Leaked Online

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.