FBI investigates hacking of Arizona and Illinois voting systems

Federal officials said Monday that investigators were also seeking evidence of whether other states may have been targeted. Are the hackers Russians? 

A voter casts his ballot behind a ballot booth during the U.S. presidential election at a polling station in the Staten Island Borough of New York, U.S. on November 6, 2012.

REUTERS/Keith Bedford/File

August 29, 2016

The Federal Bureau of Investigation has found breaches in Illinois and Arizona's voter registration databases and is urging states to increase computer security ahead of the November presidential election, according to a U.S. official familiar with the probe.

The official, speaking on condition of anonymity, said on Monday that investigators were also seeking evidence of whether other states may have been targeted.

The FBI warning in an Aug. 18 flash alert from the agency's Cyber Division did not identify the intruders or the two states targeted.

Tracing fentanyl’s path into the US starts at this port. It doesn’t end there.

Reuters obtained a copy of the document after Yahoo News first reported the story Monday.

The bulletin does not identify the states in question, but sources familiar with the document say it refers to the targeting by suspected foreign hackers of voter registration databases in Arizona and Illinois. In the Illinois case, officials were forced to shut down the state’s voter registration system for 10 days in late July, after the hackers managed to download personal data on up to 200,000 state voters, Ken Menzel, the general counsel of the Illinois Board of Elections, said in an interview. The Arizona attack was more limited, involving malicious software that was introduced into its voter registration system but no successful exfiltration of data, a state official said.

Accessing information in a voter database, much of which is publicly accessible, does not necessarily suggest an effort to manipulate the votes themselves. When registering, voters typically provide their names, home addresses, driver's license or identification numbers, and party affiliations.

But U.S. intelligence officials have become increasingly worried that hackers sponsored by Russia or other countries may attempt to disrupt the presidential election.

Officials and cyber security experts say recent breaches at the Democratic National Committee and elsewhere in the Democratic Party were likely carried out by people within the Russian government. Kremlin officials have denied allegations of Moscow's involvement.

An FBI spokeswoman would not comment on the alerts but said the agency "routinely advises" on "various cyber threat indicators observed during the course of our investigations."

The intrusions come amid repeated unsubstantiated claims by Republican presidential candidate Donald Trump that the U.S. election system is "rigged."

Trump has cited emails leaked from the Democratic National Committee that indicated the party favored Hillary Clinton over Bernie Sanders as reason to cast doubt on the electoral process in general.

Concerns about election computer security prompted Homeland Security Secretary Jeh Johnson earlier this month to offer state election officials the department's help in making their voting systems more secure.

David Kennedy, chief executive officer of information security consulting company TrustedSec, said the attacks referenced in the FBI alert appeared to be largely exploratory and not especially sophisticated.

"It could be a precursor to a larger attack," he added.

Citing a state election board official, Yahoo News said the Illinois voter registration system was shut down for 10 days in late July after hackers downloaded personal data on up to 200,000 voters.

The Arizona attack was more limited and involved introducing malicious software into the voter registration system, Yahoo News quoted a state official as saying. No data was removed in that attack, the official said.

Voting watchdog organizations say states have generally improved their security practices over the last several presidential election cycles.

Only five states - New Jersey, Delaware, Georgia, South Carolina and Louisiana - use electronic voting machines without a paper trail, according to a database maintained by Verified Voting, a non-profit organization that aims to improve vote accuracy and transparency.

But several state election boards have rejected assistance from the Department of Homeland Security to secure their voting systems, citing fears of a federal takeover of a state-run system, said Susannah Goodman, director of the voting integrity program at Common Cause, a progressive advocacy organization.

"We can simultaneously have confidence in our system and prepare appropriately for possible attacks," said Goodman. (Reporting by Dustin Volz and Jim Finkle; Additional reporting by John Walcott; Editing by Julia Edwards and Lisa Von Ahn)