August 30, 2016 by

FBI Warns State Election Databases Breached by Foreign Hackers


The Federal Bureau of Investigation has issued an alert this month, urging US state election officials to increase cybersecurity measures after finding evidence that two state election databases were breached in recent weeks.

The FBI’s cyber division issued a flash alert warning on August 18, urging US election officials to improve their cybersecurity framework, according to a report by Yahoo News.

Citing unnamed law enforcement officials, the publication revealed that foreign hackers are believed to be behind the cyber-intrusions.

While the FBI warning did not specify the two targeted states in its alert, sources close to the investigation pointed to Arizona and Illinois as the states whose voter registration systems were compromised.

Related read: Security Researcher Arrested after Revealing Flaws in Election Website

One state election board official told the publication that the Illinois voter registration system was shut down for over 10 days in late July, with hackers stealing personal data of some 200,000 voters.

The official also revealed that the cyberattack targeting Arizona saw malware introduced into the voter registration system. However, no data was stolen, according to the official.

The alert was issued in the wake of increased concerns among U.S. intelligence officials about the possibility of cyberattacks during the upcoming presidential elections in November, potentially by state-sponsored Russian hackers.

Yahoo News Reported:

Those concerns prompted Homeland Security Secretary Jeh Johnson to convene a conference call with state election officials on Aug. 15, in which he offered his department’s help to make state voting systems more secure, including providing federal cybersecurity experts to scan for vulnerabilities, according to a “readout” of the call released by the department.

Three days after that conference call, the alert was issued. An FBI bulletin detailing the investigation listed eight separate IP addresses, pinpointed as sources of the two attacks. One of the IP addresses were used in both intrusions. Among the IP addresses, one of them has previous surfaced in Russian criminal underground hacker forums. Cybersecurity experts have further determined that the tools used by the hackers to scan for and exploit vulnerabilities resemble the techniques used by suspected Russian state-sponsored cyberattacks, such as the one on the World Anti-Doping Agency this month.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

US Govt Warns Energy, Aviation Companies of Cybersecurity Threats

The US government has reportedly issued a rare public warning about targeted hacking campaigns...

Read more arrow_forward

The FBI’s Cyber Action Team is Investigating the WannaCry Ransomware

The sweeping global ransomware menace led by WannaCry and its many variants is being investigated by...

Read more arrow_forward

Russian Hackers Behind Ransomware Targeting U.S. Police, Says Acronis

According to data-protection specialist Acronis International, Russian hackers are likely to be...

Read more arrow_forward