* From the US Senate’s Select Committee on Intelligence report on Russian interference in the 2016 election…
DHS assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying. Based on the Committee’s review of the ICA, the Committee concurs with this assessment. The Committee found that Russian-affiliated cyber actors gained access to election infrastructure systems across two states, including successful extraction of voter data. However, none of these systems were involved in vote tallying.
Russian Access to Election Infrastructure: Illinois
In June 2016, Illinois experienced the first known breach by Russian actors of state election infrastructure during the 2016 election. As of the end of2018, the Russian cyber actors had successfully penetrated Illinois’s voter registration database, viewed multiple database tables, and accessed up to 200,000 voter registration records. The compromise resulted in the exfiltration of an unknown quantity of voter registration data.
Russian cyber actors were in a position to delete or change voter data, but the Committee is not aware of any evidence that they did so.
[Redacted] DHS assesses with high confidence that the penetration was carried out by Russian actors.
The compromised voter registration database held records relating to 14 million registered voters, [redacted]. The records exfiltrated included information on each voter’s name, address, partial social security number, date of birth, and either a driver’s license number or state identification number.
[Redacted] DHS staff further recounted to the Committee that “Russia would have had the ability to potentially manipulate some ofthat data, but we didn’t see that.”
Further, DHS staff noted that “the level of access that they gained, they almost certainly could have done more. Why they didn’t… is sort of an open-ended question. I think it fits under the larger umbrella of undermining confidence in the election by tipping their hand that they had this level of access or showing that they were capable of getting it.”
• According to a Cyber Threat Intelligence Integration Center (CTIIC) product, Illinois officials “disclosed that the database has been targeted frequently by hackers, but this was the first instance known to state officials of success in accessing it.”
* Much of that was already known, but I don’t recall seeing this timeline before…
In June 2017, the Executive Director of the Illinois State Board of Elections(SEE), Steve Sandvoss, testified before the Committee about Illinois’s experience in the 2016 elections.
He laid out the following timeline:
• On June 23, 2016, a foreign actor successfully penetrated Illinois’s databases through an SQL attack on the online voter registration website. “Because of the initial low-volume nature of the attack, the State Board of Election staff did not become aware of it at first.”
• Three weeks later, on July 12, 2016, the IT staff discovered spikes in data flow across the voter registration database server. “Analysis of the server logs revealed that the heavy load was a result of rapidly repeated database queries on the application status page of our paperless online voter application website.”
• On July 13, 2016, IT staff took the website and database offline, but continued to see activity from the malicious IP address.
• “Firewall monitoring indicated that the attackers were hitting SEE IP addresses five times per second, 24 hours a day. These attacks continued until August 12 [2016], when they abruptly ceased.”
• On July 19, 2016, the election staff notified the Illinois General Assembly and the
Attorney General’s office.
• Approximately a week later, the FBI contacted Illinois.
• On July 28, 2016, both the registration system and the online voter registration became fully functional again.
Hindsight is 20/20, but you think maybe they shoulda called the FBI when they realized what was happening?
…Adding… OK, my memory is faulty. Most of the timeline was released a while ago.
* Hacking isn’t limited to election data, however…
A computer server of a vendor with city and state contracts to sell Illinois license plate stickers and Chicago vehicle stickers at currency exchanges was exposed to the Internet in May — although city and state officials insist there was no security breach.
But that’s not enough for one Cook County watchdog, who says officials need to conduct a thorough investigation to determine what exactly was exposed and how the mishap occurred before they can give the all clear sign.
“It sounds like they’re making a guarantee, which always worries me,” Cook County Inspector General Patrick Blanchard said.
Despite provisions in Electronic License Service LLC’s contracts with both the Illinois secretary of state and the Chicago city clerk’s office that outline the steps to take after a potential security breach — including a secretary of state guideline to hire a “forensics expert” to conduct an investigation — both offices say there’s nothing to worry about.
- Honeybear - Thursday, Jul 25, 19 @ 4:20 pm:
Cripes that’s scary.
- Steve - Thursday, Jul 25, 19 @ 4:43 pm:
Paper ballots really are beginning to look good. Bring them back.
- Not a Billionaire - Thursday, Jul 25, 19 @ 4:47 pm:
The optical scanners do have the paper sheets.Any questioned face should get a hand count.
- Not a Billionaire - Thursday, Jul 25, 19 @ 4:56 pm:
They had the polling data from Manafort. Why bother with us? Unless it’s a simple because they could.
PA has no paper trail and MI has strange recount laws but Wisconsin ran theirs through the optical scanners again.
- TinyDancer(FKASue) - Thursday, Jul 25, 19 @ 5:30 pm:
Paper ballots are good, but they don’t fix everything.
They can delete names from voter registration databases and create chaos on election day.
- Dotnonymous - Thursday, Jul 25, 19 @ 5:38 pm:
“How do I know who I voted for…is a question that must have a rock solid answer in a Democracy…that wants to survive.
- Generic Drone - Thursday, Jul 25, 19 @ 5:47 pm:
NBC is reporting Mitch McConnel is blocking attempts to strengthen voting safety measures. Wow
- DIstant watcher - Thursday, Jul 25, 19 @ 5:57 pm:
Hindsight is 20/20, but the timeline doesn’t say when they determined it was Russians. There are a bunch of outside groups, NGO types that regularly ping the site for data, and the Board could well have thought this was just a new one of those.
Deleting registrations at the state level wouldn’t effect local election authorities’ records, so voters likely wouldn’t notice on election day. But it could complicate cross-LEA comparisons intended to catch duplicate registrations. Whatever the risk, it’s good they shut it down.
- Lester Holt’s Mustache - Thursday, Jul 25, 19 @ 6:08 pm:
Sen. Cindy Hyde-Smith (R-MS) said to tell you all “nothing to worry about, this is fine”
- ITEngineer - Thursday, Jul 25, 19 @ 6:43 pm:
I got money the threat actors have a little foothold on a nice out of the way system or service just waiting for 2020 to drop C&C software. Also, could make a comment about lack of cyber security investment but wouldn’t be fair to them considering what I know of the rest of the state’s security posture.
- Not a Billionaire - Thursday, Jul 25, 19 @ 6:55 pm:
I was looking at pew . We do have some all electronic . Most of the country is optical scan . One swing state is all electronic PA. Mueller suggested ending that and something that was redacted.
- Law Man - Thursday, Jul 25, 19 @ 7:04 pm:
Two points to be made: (1) Yes, the ISBE should have notified the FBI immediately but if you’ve ever dealt with these guys you realize that they don’t have the greatest thought process and (2) they don’t have the actual voting data. It is held at the county level and what ISBE has couldn’t change an election. Perhaps identity information was compromised but not votes.
- Out Here In The Middle - Thursday, Jul 25, 19 @ 7:58 pm:
Keep in mind that they do not have to alter enough data to change the election results to have their desired impact. All they have to do is make people doubt the results. The goal is for the US to become ungovernable. Current events suggest they are making progress.
- Not a Billionaire - Thursday, Jul 25, 19 @ 8:42 pm:
Yes true enough. They are trying to invite violence. Btw. Various Russian sites have been obsessing over our Pension. They find fissures and then they exploit them. Notice any of that.
- ArchPundit - Thursday, Jul 25, 19 @ 10:22 pm:
==The optical scanners do have the paper sheets.Any questioned face should get a hand count.
Optical scan ballots also have the fewest errors whether due to machine or user. If you have a choice use the optical scan and if you don’t advocate to have optical scan.
—The goal is for the US to become ungovernable. Current events suggest they are making progress.
This is exactly correct. Chaos is the goal and it’s working.
— Unless it’s a simple because they could.
That’s part of it, but it is also to look for future weaknesses. This is a long term effort to create chaos in elections in the United States and the European Union and more bad actors are likely to follow.
- Dan Johnson - Friday, Jul 26, 19 @ 8:15 am:
I hope some of the Republicans here who have reach into DC can put some internal pressure on Leader McConnell to stop blocking bipartisan legislation to protect our elections.
- Neveranonymous - Friday, Jul 26, 19 @ 12:33 pm:
I know I have received multiple voter regiistration cards for people I have never heard of in the mail in the last year. I always return them and tell them there is no one by that name at my address. I am original owner of my home, and I have been there 20 years. I hadn’t thought much about it until now.