There has been a number of high profile hacks in the past few months which have raised some eyebrows and clearly cost some notable people their jobs. One of the biggest scalps was that of the Democratic Party, Debbie Schulzman. In any other year, the number of hacks would not be as alarming but their consistency in this election year clearly raises some eyebrows.
On Monday, the FBI sent out warning messages to the various state boards of election to take precautionary measures against hackers after news of two state election websites being hacked was reported. Reports also noted that the two states involved included Arizona and Illinois board of election sites. The two sites both admitted they had been hacked earlier this summer. The the finger has been pointed at Russian hackers by cyber security researchers, who also pointed out Russian influence in the DNC and Clinton campaign hacks.
Thomas Rid, a cyber security professor at King’s College of London, said that clearly someone has been attempting to hack these websites, and they have clearly succeeded in taking data from the websites. Mr. Rid, who is also author of the book ‘The Rise of Machines’, said that in a more wider context, the attempts to interfere with the elections made the issue a big deal.
In its warning to other state boards of elections, the FBI said that the two victim states had been attacked via an SQL injection. This is one of the most used methods and it works by entering a code onto a website that’s meant to receive data inputs only. This then triggers a command on a backend, and in some scenarios gives the attacker unauthorized access to the server of the site. In the two cases of the election boards that were hacked, the hackers stole close to 200,000 voter records from the Illinois board of elections, and it prompted the Illinois board to close registration for ten days.
Use of the SQL injection is not something that can be done by sophisticated state-sponsored hackers such as financially backed Russian hackers. However, ThreatConnect, which investigated the IP addresses that were given by the FBI, said that they had found some shadowy links to the Russian government. Rich Barger, ThreatConnect’s director of threat intelligence, said that the company had certainly found some elements which linked to the Russian government. He also noted that the research of the company was however a bit nascent, and that they were going to continue researching.
However, many analysts are saying that these kind of attacks were expected to happen because cyber security researchers have always claimed that the American election system has been at risk of digital attacks. The recent breaches of the state’s election boards clearly reaffirms the idea that there are still some elements of the US elections which are still not ready for any digital attacks. A foreign government trying to destabilize the election by injecting doubt into the election result would definitely be an issue to deal with.