* Illinois was featured on 60 Minutes last night…
The U.S. intelligence community has concluded there is no doubt the Russians meddled in the 2016 U.S. presidential election, leaking stolen e-mails and inflaming tensions on social media. While Congress and special counsel Robert Mueller investigate Russian interference, including whether the campaign of Donald Trump colluded with Russia, we have been looking into another vector of the attack on American democracy: a sweeping cyber assault on state voting systems that U.S. intelligence tied to the Russian government. Tonight, you’ll find out what happened from the frontline soldiers of a cyberwar that was fought largely out of public view, on digital battlegrounds in states throughout the country.
The first shots were fired here in Illinois, not far from downtown Springfield, in a nondescript shopping center, the kind you’ll find anywhere in the United States. There, in a repurposed supermarket, is the headquarters of the Illinois State Board of Elections.
Bill Whitaker: This doesn’t look like a war zone.
Steve Sandvoss: No, it doesn’t, actually.
Steve Sandvoss is the executive director. He told us, in his first television interview about the attack, that this office is on the front lines of a cyberwar.
Steve Sandvoss: We have– a good I.T. department. But –
Bill Whitaker: No match for the Russian government.
Steve Sandvoss: Bows and arrows against the lightning, hate to say it.
Bill Whitaker: Bows and arrows against the lightning? Is that what it felt like?
Steve Sandvoss: At– at first, yes.
* And here’s something I didn’t know…
The FBI and Department of Homeland Security say hackers from the GRU, the Russian intelligence service, successfully attacked the computers of the Illinois State Board of Elections. Of 7.9 million registered Illinois voters, the state Board of Elections told Fox News that a total of 76,000 Illinois voters may have had their information viewed, with the greatest number of them — 14,121 — being Galesburg residents.
Why Galesburg?…
There was no evidence that any vote was changed, officials said. The Illinois State Department of Elections told Fox News the hackers were not trying to target Galesburg specifically, but that the city’s voting code happened to match the numbers the hackers used to breach the system.
* Meanwhile…
Machine malfunction during the March 20 primary election was among the top reported issues to a hotline set up by the Lawyers’ Committee for Civil Rights, a national nonpartisan voter-protection group.
“Many old voting machines across Illinois jurisdictions caused delays, which resulted in voters losing confidence in the system and some leaving the polls without voting,” said Ami Gandhi, director of Voting Rights and Civic Empowerment for the committee’s Chicago branch. She added that some polling places opened late, sometimes because of malfunctioning equipment. […]
Illinois would get more than $13 million from the congressional plan, provided it puts up a 5 percent match. The State Board of Elections said it is adding $600,000 to its budget request for the spending year that begins July 1.
But that’s a fraction of the $147 million it got more than a decade ago from the federal Help America Vote Act, which allowed states to overhaul their voting systems. Compounding the fiscal problem: about $4 million a year in grants for voter-registration system security wasn’t available from the State Board of Elections for two years during a historic state budget stalemate.
Illinois’ lack of election infrastructure investment has put the state in a tough spot, particularly given the federal government’s warning that another Russian attempt at interfering with the November election is likely.
Even if the state had enough funds, there wouldn’t be enough time to completely overhaul its voting infrastructure before November. Under the Help America Vote Act, the last effort took years.
A key question in Illinois, then, is the best way to spend limited funds during a narrow window. State elections officials are moving cautiously.
* Related…
* Mark Brown: Russian threat or not, Congress funds security upgrade for voting systems
- @misterjayem - Monday, Apr 9, 18 @ 9:39 am:
“Another Russian attempt at interfering with the November election is likely.”
It’s worth remembering that a foreign power need not affect the outcome to have a successful cyber attack on our elections, they need only undermine the public’s confidence in the outcome of our elections.
– MrJM
- TP - Monday, Apr 9, 18 @ 10:02 am:
Actually, a senate committee held hearing on this last May in Springfield that covered the same ground. It got some media coverage, but when 60 Minutes comes to town, everyone pays attention.
- Chicago_Downstater - Monday, Apr 9, 18 @ 10:08 am:
Fivethirtyeight just put out an interesting article about the vulnerabilities of our voting infrastructure. It has a fictional worst case scenario that is fun (some NSFW language), but the most interesting bit is the highlighted stories and sources peppered throughout. Also, the Illinois hack features prominently. Very interesting stuff with a conclusion similar to @misterjayem’s comment.
https://fivethirtyeight.com/features/how-russia-could-steal-the-midterms/
- wordslinger - Monday, Apr 9, 18 @ 10:09 am:
–Of 7.9 million registered Illinois voters, the state Board of Elections told Fox News that a total of 76,000 Illinois voters may have had their information viewed…–
They should have just gone to Facebook. Those guys will do anything if the price is right.
- Put the fun in unfunded - Monday, Apr 9, 18 @ 10:36 am:
Almost all of this data can be obtained through FOIA. Name. Address. Phone. Date of birth. Date of registration. Voting history. In Excel electronic form no less. Any campaign worth its salt does so for mail, walk, GOTV. Unless there is evidence that information was CHANGED, ADDED, or DELETED, how is “viewed” threatening anyone?
- brooker - Monday, Apr 9, 18 @ 10:38 am:
== TP - Monday, Apr 9, 18 @ 10:02 am:
Actually, a senate committee held hearing on this last May in Springfield that covered the same ground. It got some media coverage, but when 60 Minutes comes to town, everyone pays attention.=
The House held one last year and again last week.
- brooker - Monday, Apr 9, 18 @ 10:43 am:
A part of the problem is we have more than 100 election authorities and they have control over their own voting systems. Each jurisdiction buys their own machines, hardware, software, equipment, paper, etc. Each operates 2 elections a year - primary and general election in odd years, and the consolidated primary and general in even years. County boards have targeted election authority budgets for savings because people aren’t consistently focused on those services. As a result, there isn’t funding to make sure the systems are secure and running properly.
- Not a Billionaire - Monday, Apr 9, 18 @ 10:51 am:
Galesburg is probably one of the bluest towns of its size.Perhaps they did target to compare with their Facebook data.
- titan - Monday, Apr 9, 18 @ 10:58 am:
Previous media appearances by SBE staff have indicated that Galesburg did not appear to be targeted as such. Rather, because of the somewhat odd way the search for records was structured Galesburg voters just happened to be in the sweet spot for getting hit.
- TinyDancer(FKASue) - Monday, Apr 9, 18 @ 11:17 am:
DEF CON Hacking Report
Vulnerabilities of voting machines and other election equipment used throughout the U.S.:
https://www.c-span.org/video/?435437-1/def-con-hacking-report-warns-voting-machines-vulnerability
- DuPage - Monday, Apr 9, 18 @ 11:42 am:
Might be a good idea to take them offline. A closed intra-net system would be more secure.
- OneMan - Monday, Apr 9, 18 @ 12:19 pm:
So does voter registration information generally get pushed down from the state or pushed up.
That is if someone registers in let’s say Will County, does the county send the info to the state then get a record from the state the county uses or does the voter data just go up to the state.
- Amalia - Monday, Apr 9, 18 @ 12:23 pm:
where’s the independent election process watchdog not for profit? ah, old days….
- NeverPoliticallyCorrect - Monday, Apr 9, 18 @ 12:31 pm:
“in a repurposed supermarket”, that says all you need to know about Illinois government!
- titan - Monday, Apr 9, 18 @ 12:53 pm:
+++ - OneMan - Monday, Apr 9, 18 @ 12:19 pm:
So does voter registration information generally get pushed down from the state or pushed up. +++
The data goes from the local to the state. The state database is a secondary back up to the locals.
+++ - NeverPoliticallyCorrect - Monday, Apr 9, 18 @ 12:31 pm: “in a repurposed supermarket”, that says all you need to know about Illinois government! +++
They left out that after being a supermarket, it was converted to an insurance claims processing office (with very nice office space and full computer network wiring throughout). It was actually a very nice find for rental space.
- bored now - Monday, Apr 9, 18 @ 1:05 pm:
OneMan: data gets pushed up (for the most part). however, it can go the other way.
DuPage: we already don’t spend sufficient funds on election infrastructure, so making it more complicated or complex isn’t an answer. (and an intranet doesn’t address the greatest vulnerability).
before we get too carried away, penetration doesn’t necessarily lead to alteration. we know from what russia did to the ukraine in 2014 (and 2004), it began a series of faints (or reconnaissance) before inserting malware into its election database. russia added new registrants to voting areas close to its border, and people did walk across the border to vote in ukraine’s elections. obviously, no one is going to walk across the water to vote in ours.
but the ability to plant malware or take control of our electoral databases could be put to use beyond the actual changing of votes. russia did hack ukraine’s central election commission website in 2014 to falsely report that an ultra-right presidential candidate was the winner. it could delete voter registrations or alter addresses causing confusion on election day. it could alter mailing addresses for VBM and absentee ballots. a very simple line of code could suffiently alter mailing addresses to cause them to be undeliverable. and though brooker infers that our decentralized voter infrastructure is a weakness, it is actually a strength for a distant cyber adversary. in cook county, they would have to penetrate both the cook county and chicago elections databases. chicago’s very archaic computer system for its election database could be a major obstacle for a distant adversary (this is not a defense for old computer systems hosting anything).
illinois’ transparency in acknowledging penetration has been extraordinarily helpful at a time where it is virtually universal to deny penetration of any kind. what is needed in money, training, greater cooperation and upgrades, but money is the most scarce political resource nowadays…
- Curious23 - Monday, Apr 9, 18 @ 2:57 pm:
60 minutes reports the hackers accessed the database through a security vulnerability on the boards website. SQL injection, doesn’t seem sophisticated. Or did I miss something?
- Leatherneck - Monday, Apr 9, 18 @ 3:32 pm:
- NeverPoliticallyCorrect - Monday, Apr 9, 18 @ 12:31 pm:
“in a repurposed supermarket”, that says all you need to know about Illinois government!
- titan - Monday, Apr 9, 18 @ 12:53 pm:
They left out that after being a supermarket, it was converted to an insurance claims processing office (with very nice office space and full computer network wiring throughout). It was actually a very nice find for rental space.
More like a “repurposed supermarket converted to a nice office space in an otherwise deteriorating shopping center.” Which may be losing its last anchor store (Burlington Coat Factory) soon when their new Springfield store opens in the repurposed former KMart store near Wabash/Veterans. Unless Springfield gets two BCFs and the Town and Country store down from the State Board of Elections survives.
- bored now - Monday, Apr 9, 18 @ 3:39 pm:
Curious23: while the answer to your question is classified, that is a safe assumption…
- I Miss Bentohs - Monday, Apr 9, 18 @ 4:14 pm:
A national news story that involved that part of Macarthur Blvd and they said it DOESN’T look like a war zone. I call that a win for Springfield.