Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

FBI Warns of Attacks on State Election Systems

A flash alert issued by the FBI earlier this month warns that unknown threat actors targeted the board of election systems of two U.S. states using widely available security testing tools.

A flash alert issued by the FBI earlier this month warns that unknown threat actors targeted the board of election systems of two U.S. states using widely available security testing tools.

According to the alert, which is addressed to “need to know” recipients, one attack was detected in July and the second in August. In the first attack, the threat actor scanned the website of a state’s board of election using the Acunetix vulnerability scanner, which helped them identify an SQL injection flaw.

The attackers exploited the vulnerability in mid-July using SQLmap, an open-source SQL injection and database takeover tool, in order to exfiltrate data. The attackers also leveraged DirBuster, a Java application designed to brute force directories and filenames on web and application servers.

The FBI has provided indicators of compromise, including IP addresses and log entries, and instructed each state to contact their board of elections and determine if they have been targeted in similar attacks. The agency has advised organizations to refrain from directly contacting the IP addresses used by the attackers.

Yahoo! News, which broke the story, learned that the two attacks were aimed at the Board of Election systems in Illinois and Arizona. The attackers reportedly exfiltrated the details of 200,000 voters in Illinois, but there is no evidence of data theft in Arizona.

Both the Illinois and Arizona incidents made the news after authorities decided to temporarily shut down voter registration systems.

The FBI alert was issued shortly after Secretary of Homeland Security Jeh Johnson offered to help state officials protect voting systems against cyberattacks.

Although unconfirmed, some reports link the recent election board attacks to the Russian state-sponsored threat group that recently targeted the World Anti-Doping Agency (WADA) and the Democratic Party.

“The attack on two election systems could be the final straw in the debate over whether or not the election process should be classified as critical infrastructure,” Vishal Gupta, CEO of Seclore, told SecurityWeek. ”The data breaches at the DNC and DCCC clearly held the potential to impact the election, but when hackers begin targeting the physical systems involved in choosing the next leader of the free world, the stakes are higher than ever.

“In all these instances, intelligence gathering seems to be the prime motivation for whoever is behind this cyber campaign (all signs point to a nation-state actor) which is a stark reminder that defending data being stored in our systems is often times more critical than historically unreliable network defenses,” Gupta added.

U.S. election websites have been known to be vulnerable to cyberattacks. A security researcher was arrested and charged earlier this year after finding and exploiting flaws in a couple of Florida election websites.

Voter information has also been exposed by third parties. Last year, an expert discovered misconfigured databases that stored the details of hundreds of millions of U.S. voters.

Related: Hacking of DNC Raises Fears of Cyber Attack on U.S. Election

Related: US Election – Official Probe Slams Clinton’s Private Email Use

Related: 55 Million Exposed After Hack of Philippine Election Site

Related: 93 Million Mexican Voter Records Leaked Online

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...