Capitol - Your Illinois News Radar » Timeline released of Russian hack of Illinois State Board of Elections
SUBSCRIBE to Capitol Fax      Advertise Here      Mobile Version     Exclusive Subscriber Content     Updated Posts    Contact
To subscribe to Capitol Fax, click here.
Timeline released of Russian hack of Illinois State Board of Elections

Thursday, Jul 25, 2019

* From the US Senate’s Select Committee on Intelligence report on Russian interference in the 2016 election

DHS assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying. Based on the Committee’s review of the ICA, the Committee concurs with this assessment. The Committee found that Russian-affiliated cyber actors gained access to election infrastructure systems across two states, including successful extraction of voter data. However, none of these systems were involved in vote tallying.

Russian Access to Election Infrastructure: Illinois

In June 2016, Illinois experienced the first known breach by Russian actors of state election infrastructure during the 2016 election. As of the end of2018, the Russian cyber actors had successfully penetrated Illinois’s voter registration database, viewed multiple database tables, and accessed up to 200,000 voter registration records. The compromise resulted in the exfiltration of an unknown quantity of voter registration data.

Russian cyber actors were in a position to delete or change voter data, but the Committee is not aware of any evidence that they did so.

[Redacted] DHS assesses with high confidence that the penetration was carried out by Russian actors.

The compromised voter registration database held records relating to 14 million registered voters, [redacted]. The records exfiltrated included information on each voter’s name, address, partial social security number, date of birth, and either a driver’s license number or state identification number.

[Redacted] DHS staff further recounted to the Committee that “Russia would have had the ability to potentially manipulate some ofthat data, but we didn’t see that.”

Further, DHS staff noted that “the level of access that they gained, they almost certainly could have done more. Why they didn’t… is sort of an open-ended question. I think it fits under the larger umbrella of undermining confidence in the election by tipping their hand that they had this level of access or showing that they were capable of getting it.”

• According to a Cyber Threat Intelligence Integration Center (CTIIC) product, Illinois officials “disclosed that the database has been targeted frequently by hackers, but this was the first instance known to state officials of success in accessing it.”

* Much of that was already known, but I don’t recall seeing this timeline before

In June 2017, the Executive Director of the Illinois State Board of Elections(SEE), Steve Sandvoss, testified before the Committee about Illinois’s experience in the 2016 elections.

He laid out the following timeline:

• On June 23, 2016, a foreign actor successfully penetrated Illinois’s databases through an SQL attack on the online voter registration website. “Because of the initial low-volume nature of the attack, the State Board of Election staff did not become aware of it at first.”

• Three weeks later, on July 12, 2016, the IT staff discovered spikes in data flow across the voter registration database server. “Analysis of the server logs revealed that the heavy load was a result of rapidly repeated database queries on the application status page of our paperless online voter application website.”

• On July 13, 2016, IT staff took the website and database offline, but continued to see activity from the malicious IP address.

• “Firewall monitoring indicated that the attackers were hitting SEE IP addresses five times per second, 24 hours a day. These attacks continued until August 12 [2016], when they abruptly ceased.”

• On July 19, 2016, the election staff notified the Illinois General Assembly and the
Attorney General’s office.

• Approximately a week later, the FBI contacted Illinois.

• On July 28, 2016, both the registration system and the online voter registration became fully functional again.

Hindsight is 20/20, but you think maybe they shoulda called the FBI when they realized what was happening?

…Adding… OK, my memory is faulty. Most of the timeline was released a while ago.

* Hacking isn’t limited to election data, however

A computer server of a vendor with city and state contracts to sell Illinois license plate stickers and Chicago vehicle stickers at currency exchanges was exposed to the Internet in May — although city and state officials insist there was no security breach.

But that’s not enough for one Cook County watchdog, who says officials need to conduct a thorough investigation to determine what exactly was exposed and how the mishap occurred before they can give the all clear sign.

“It sounds like they’re making a guarantee, which always worries me,” Cook County Inspector General Patrick Blanchard said.

Despite provisions in Electronic License Service LLC’s contracts with both the Illinois secretary of state and the Chicago city clerk’s office that outline the steps to take after a potential security breach — including a secretary of state guideline to hire a “forensics expert” to conduct an investigation — both offices say there’s nothing to worry about.

- Posted by Rich Miller        

  1. - Honeybear - Thursday, Jul 25, 19 @ 4:20 pm:

    Cripes that’s scary.

  2. - Steve - Thursday, Jul 25, 19 @ 4:43 pm:

    Paper ballots really are beginning to look good. Bring them back.

  3. - Not a Billionaire - Thursday, Jul 25, 19 @ 4:47 pm:

    The optical scanners do have the paper sheets.Any questioned face should get a hand count.

  4. - Not a Billionaire - Thursday, Jul 25, 19 @ 4:56 pm:

    They had the polling data from Manafort. Why bother with us? Unless it’s a simple because they could.
    PA has no paper trail and MI has strange recount laws but Wisconsin ran theirs through the optical scanners again.

  5. - TinyDancer(FKASue) - Thursday, Jul 25, 19 @ 5:30 pm:

    Paper ballots are good, but they don’t fix everything.
    They can delete names from voter registration databases and create chaos on election day.

  6. - Dotnonymous - Thursday, Jul 25, 19 @ 5:38 pm:

    “How do I know who I voted for…is a question that must have a rock solid answer in a Democracy…that wants to survive.

  7. - Generic Drone - Thursday, Jul 25, 19 @ 5:47 pm:

    NBC is reporting Mitch McConnel is blocking attempts to strengthen voting safety measures. Wow

  8. - DIstant watcher - Thursday, Jul 25, 19 @ 5:57 pm:

    Hindsight is 20/20, but the timeline doesn’t say when they determined it was Russians. There are a bunch of outside groups, NGO types that regularly ping the site for data, and the Board could well have thought this was just a new one of those.

    Deleting registrations at the state level wouldn’t effect local election authorities’ records, so voters likely wouldn’t notice on election day. But it could complicate cross-LEA comparisons intended to catch duplicate registrations. Whatever the risk, it’s good they shut it down.

  9. - Lester Holt’s Mustache - Thursday, Jul 25, 19 @ 6:08 pm:

    Sen. Cindy Hyde-Smith (R-MS) said to tell you all “nothing to worry about, this is fine”

  10. - ITEngineer - Thursday, Jul 25, 19 @ 6:43 pm:

    I got money the threat actors have a little foothold on a nice out of the way system or service just waiting for 2020 to drop C&C software. Also, could make a comment about lack of cyber security investment but wouldn’t be fair to them considering what I know of the rest of the state’s security posture.

  11. - Not a Billionaire - Thursday, Jul 25, 19 @ 6:55 pm:

    I was looking at pew . We do have some all electronic . Most of the country is optical scan . One swing state is all electronic PA. Mueller suggested ending that and something that was redacted.

  12. - Law Man - Thursday, Jul 25, 19 @ 7:04 pm:

    Two points to be made: (1) Yes, the ISBE should have notified the FBI immediately but if you’ve ever dealt with these guys you realize that they don’t have the greatest thought process and (2) they don’t have the actual voting data. It is held at the county level and what ISBE has couldn’t change an election. Perhaps identity information was compromised but not votes.

  13. - Out Here In The Middle - Thursday, Jul 25, 19 @ 7:58 pm:

    Keep in mind that they do not have to alter enough data to change the election results to have their desired impact. All they have to do is make people doubt the results. The goal is for the US to become ungovernable. Current events suggest they are making progress.

  14. - Not a Billionaire - Thursday, Jul 25, 19 @ 8:42 pm:

    Yes true enough. They are trying to invite violence. Btw. Various Russian sites have been obsessing over our Pension. They find fissures and then they exploit them. Notice any of that.

  15. - ArchPundit - Thursday, Jul 25, 19 @ 10:22 pm:

    ==The optical scanners do have the paper sheets.Any questioned face should get a hand count.

    Optical scan ballots also have the fewest errors whether due to machine or user. If you have a choice use the optical scan and if you don’t advocate to have optical scan.

    —The goal is for the US to become ungovernable. Current events suggest they are making progress.

    This is exactly correct. Chaos is the goal and it’s working.

    — Unless it’s a simple because they could.

    That’s part of it, but it is also to look for future weaknesses. This is a long term effort to create chaos in elections in the United States and the European Union and more bad actors are likely to follow.

  16. - Dan Johnson - Friday, Jul 26, 19 @ 8:15 am:

    I hope some of the Republicans here who have reach into DC can put some internal pressure on Leader McConnell to stop blocking bipartisan legislation to protect our elections.

  17. - Neveranonymous - Friday, Jul 26, 19 @ 12:33 pm:

    I know I have received multiple voter regiistration cards for people I have never heard of in the mail in the last year. I always return them and tell them there is no one by that name at my address. I am original owner of my home, and I have been there 20 years. I hadn’t thought much about it until now.

Sorry, comments for this post are now closed.

* 1,287 new cases, 73 additional deaths
* Pritzker says one of his office employees has tested positive - Largest single-day death toll so far - 3680 hospital patients yesterday - " 43% of our total hospital beds are available and 35% of our ICU beds are available" - Non-COVID hospital visits drop due to stay at home order - Usage trend up 8 percentage points for ICU beds and 5 points for ventilators in a week - Some Chicago-area ICU units "near max capacity" - Peoria and Edwardsville see available ICU beds dropping - New cases in 23 more counties in last week alone
* Where does Illinois rank in comparison?
* Question of the day
* Credit Unions Throughout Illinois Offering Modifications To Existing Loans
* Dr. Pliura goes to court
* NRCC escalates rhetoric against Casten, calling him "an asset for China’s Communist Party"
* What's up with this new EO?
* *** UPDATED x1 *** Playing a belated game of catch-up
* ACLU urges police restraint
* Rep. Wilhour wants "discussion" about herd immunity
* To Flowbee or not to Flowbee
* The numbers behind the bickering
* Good news, bad news
* Open thread
* Yesterday's stories

Visit our advertisers...










Main Menu
Pundit rankings
Subscriber Content
Blagojevich Trial
Updated Posts

April 2020
March 2020
February 2020
January 2020
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004

Blog*Spot Archives
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005


RSS Feed 2.0
Comments RSS 2.0

Hosted by MCS SUBSCRIBE to Capitol Fax Advertise Here Mobile Version Contact Rich Miller