In any other year, hackers breaking into a couple of state government websites through common web vulnerabilities would scarcely create a blip on the cybersecurity community's radar. But in this strange and digitally fraught election season, the breach of two country board of election websites not only merits an FBI warning–it might just rise to the level of an international incident.
On Monday, an FBI alert surfaced cautioning nation boards of election to take precautions against hackers after two election board websites were breached in recent months. According to Yahoo News, those violates likely targeted Arizona and Illinois board of election sites, both of which admitted earlier this summer that they'd been hacked. Cybersecurity researchers are already speculating that the attacks link to Russia, pointing to the string of recent, likely Russian attacks that have made the Democratic National Committee and the Clinton campaign.And according to NBC News, unnamed intelligence officials have already pinned the attack on Russia, with one of those officials going to in so far as to tie the hackers directly to Russian intelligence agencies. 1
” Someone is trying to hacker these databases, and they succeeded in exfiltrating data, which is significant in itself ,” tells Thomas Rid, a cybersecurity-focused prof in the War Studies department at King's College of London and author of Rise of the Machines .” In the context of all the other attempts to interfere with this election, it's a big deal .”
In its advising sent to state-level election boards, the FBI described an attack on at least one of those two election websites as using a technique called SQL injection. It's a common trick, which works by entering code into an entry field on a website that's only meant to receive data inputs, triggering commands on the site's backend and sometimes dedicating the attacker unintended access to the site's server. In this case, it seems to have allowed the hackers to steal 200,000 voter records from the Illinois board of elections, and to cause the Illinois board to close registration for ten days.
You cant patch this psychological vulnerability.Cybersecurity expert Thomas Rid
The use of that common SQL injection vulnerability barely signals the involvement of sophisticated state-sponsored hackers, much less specifically Russian ones. But the security firm ThreatConnect, which has been investigating IP addresses that the FBI told were associated with the two attacks, has discovered a few still-murky clues that point in Russia's direction. ThreatConnect found that one of the IP addresses named by the FBI mapped in 2015 to Rubro.biz, a Russian-language website it describes as a cybercriminal black market.( However, WIRED found that the IP address now points to a website appearing to be associated with the Turkish AKP political party. This, too, could be a red-herring, as neither WIRED nor ThreatConnect has yet confirmed the legitimacy of that apparently Turkish website .) And the VPN used by the attackers appears to have been King Servers, the firm tells, a service with a Russian language website.
” There are elements to suggest there are Russian fingerprints on this ,” tells Rich Barger, ThreatConnect's director of threat intelligence. But he cautions that the firm's research is” very nascent. Were still working on it .”
Neither the Illinois nor Arizona board of elections instantly responded to WIRED's request for remark. But if foreign hackers are indeed involved in the attack–still a major “if” — the 200,000 voter records reportedly breached in the attacks may represent the least of the American electoral system's frets. After all, US voter registration records have been practically public for years, often sold to data brokers who resell it to political campaigns and marketers.More serious is the notion, first raised by the public revelation of the Democratic National Committee hacker in July, that a foreign power like Russia might be trying to influence or disrupt American politics.
How Serious is This?
We knew this could happen. Security researchers have warned for years that American voting systems are disturbingly vulnerable to digital attacks. Thebreachesofstate board of election sites represent yet another reminder that elements of U.S. elections aren't ready to face determined hackers. But assaulting voter enrollment systems, or even paralyzing enrollment for weeks as in Illinois' occurrence, may not represent a practical menace to American elections so much as a psychological one, tells King's College's Thomas Rid. After all, even deleted voter records can be accounted for with provisional votes, as in recent primary mess in California and New York. But a foreign government employing digital attacks to inject doubt in the election's outcomes could help destabilize American politics well after November.
” The thing that Im worried about is not the technological disruption of the election itself. Thats still extremely unlikely ,” tells Rid.” The pattern we see is to call things into question, to sow doubt, to create uncertainty. This could be another way to create uncertainty in the minds of a lot of people…You cant patch this psychological vulnerability .”
And in an election year when the Republican candidate has repeatedly “ve called the” race rigged, that kind of psychological injury is more serious than any one hack.
1 Updated Tuesday 8/ 30/2016 9:55 am with news that U.S. intelligence officials have tied the hack to the Russian government .