* From the US Senate’s Select Committee on Intelligence report on Russian interference in the 2016 election…
DHS assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying. Based on the Committee’s review of the ICA, the Committee concurs with this assessment. The Committee found that Russian-affiliated cyber actors gained access to election infrastructure systems across two states, including successful extraction of voter data. However, none of these systems were involved in vote tallying.
Russian Access to Election Infrastructure: Illinois
In June 2016, Illinois experienced the first known breach by Russian actors of state election infrastructure during the 2016 election. As of the end of2018, the Russian cyber actors had successfully penetrated Illinois’s voter registration database, viewed multiple database tables, and accessed up to 200,000 voter registration records. The compromise resulted in the exfiltration of an unknown quantity of voter registration data.
Russian cyber actors were in a position to delete or change voter data, but the Committee is not aware of any evidence that they did so.
[Redacted] DHS assesses with high confidence that the penetration was carried out by Russian actors.
The compromised voter registration database held records relating to 14 million registered voters, [redacted]. The records exfiltrated included information on each voter’s name, address, partial social security number, date of birth, and either a driver’s license number or state identification number.
[Redacted] DHS staff further recounted to the Committee that “Russia would have had the ability to potentially manipulate some ofthat data, but we didn’t see that.”
Further, DHS staff noted that “the level of access that they gained, they almost certainly could have done more. Why they didn’t… is sort of an open-ended question. I think it fits under the larger umbrella of undermining confidence in the election by tipping their hand that they had this level of access or showing that they were capable of getting it.”
• According to a Cyber Threat Intelligence Integration Center (CTIIC) product, Illinois officials “disclosed that the database has been targeted frequently by hackers, but this was the first instance known to state officials of success in accessing it.”
* Much of that was already known, but I don’t recall seeing this timeline before…
In June 2017, the Executive Director of the Illinois State Board of Elections(SEE), Steve Sandvoss, testified before the Committee about Illinois’s experience in the 2016 elections.
He laid out the following timeline:
• On June 23, 2016, a foreign actor successfully penetrated Illinois’s databases through an SQL attack on the online voter registration website. “Because of the initial low-volume nature of the attack, the State Board of Election staff did not become aware of it at first.”
• Three weeks later, on July 12, 2016, the IT staff discovered spikes in data flow across the voter registration database server. “Analysis of the server logs revealed that the heavy load was a result of rapidly repeated database queries on the application status page of our paperless online voter application website.”
• On July 13, 2016, IT staff took the website and database offline, but continued to see activity from the malicious IP address.
• “Firewall monitoring indicated that the attackers were hitting SEE IP addresses five times per second, 24 hours a day. These attacks continued until August 12 , when they abruptly ceased.”
• On July 19, 2016, the election staff notified the Illinois General Assembly and the
Attorney General’s office.
• Approximately a week later, the FBI contacted Illinois.
• On July 28, 2016, both the registration system and the online voter registration became fully functional again.
Hindsight is 20/20, but you think maybe they shoulda called the FBI when they realized what was happening?
…Adding… OK, my memory is faulty. Most of the timeline was released a while ago.
* Hacking isn’t limited to election data, however…
A computer server of a vendor with city and state contracts to sell Illinois license plate stickers and Chicago vehicle stickers at currency exchanges was exposed to the Internet in May — although city and state officials insist there was no security breach.
But that’s not enough for one Cook County watchdog, who says officials need to conduct a thorough investigation to determine what exactly was exposed and how the mishap occurred before they can give the all clear sign.
“It sounds like they’re making a guarantee, which always worries me,” Cook County Inspector General Patrick Blanchard said.
Despite provisions in Electronic License Service LLC’s contracts with both the Illinois secretary of state and the Chicago city clerk’s office that outline the steps to take after a potential security breach — including a secretary of state guideline to hire a “forensics expert” to conduct an investigation — both offices say there’s nothing to worry about.