FBI alert sparks fears that state voting systems are under digital assault – Politico
The FBIâs decision to issue a nationwide alert about the possible hacking of state election offices after breaches in Illinois and Arizona is raising concerns that a nationwide attack could be afoot, with the potential for creating havoc on Election Day.
Itâs possible that the motivation behind the two state hacks was less about the political system and more about cash. Voter registration data sets include valuable information â such as names, birth dates, phone numbers and physical and email addresses â that criminal hackers can bundle and flip on the black-market âdark webâ for thousands of dollars.
Story Continued Below
But some cyber experts said the FBIâs alert, first revealed by Yahoo News on Monday, could be a sign that investigators are worried that foreign actors are attempting a wide-scale digital onslaught.
A former lead agent in the FBIâs Cyber Division said the hackersâ use of a particular attack tool and the level of the FBIâs alert âmore than likely means nation-state attackers.â The alert was coded âAmber,â designating messages with sensitive information that âshould not be widely distributed and should not be made public,â the ex-official said.
One person who works with state election officials called the FBIâs memo âcompletely unprecedented.â
âThereâs never been an alert like that before that we know of,â said the person, who requested anonymity to discuss sensitive intergovernmental conversations.
Multiple former officials and security researchers said the cyberattacks on Arizonaâs and Illinoisâ voter databases could be part of a suspected Russian attempt to meddle in the U.S. election, a campaign that has already included successful intrusions at major Democratic Party organizations and the selective leaking of documents embarrassing to Democrats. Hillary Clintonâs campaign has alleged that the digital attacks on her party are an effort by Russian President Vladimir Putinâs regime to sway the election to GOP nominee Donald Trump. Moscow has denied any involvement.
Hacking state election offices could offer new tools for affecting the outcome of the vote.
Having access to voter rolls, for example, could allow hackers to digitally alter or delete registration information, potentially denying people a chance to vote on Election Day. Or news of the attack could simply fuel further distrust in the U.S. election system, which Trump has repeatedly alleged is ârigged.â
âI think heâs just unleashed the hounds,â said Tom Kellermann, head of Strategic Cyber Ventures, referring to Putin. Kellermann said the intrusions fit the âmodus operandi and the ultimate goalâ of a long-standing Russian digital intelligence campaign targeting foreign government officials in Europe, the U.S. and elsewhere that Kellermann has been tracking for years, which researchers believe has turned its sights on the American electoral process.
The FBIâs investigations of the Arizona and Illinois attacks have been public knowledge since July, when both states took their voter registration databases offline following detection of the intrusions. But the bureauâs Cyber Division broadened its sweep in an Aug. 18 âflashâ alert that warned top election officials in every state about potential foreign intrusions of their election systems. The alert advised officials to look for a series of specific hallmarks of cyberattacks.
In Illinois, officials told Yahoo News that hackers pilfered personal data on up to 200,000 voters. The Arizona digital intruders did not make off with any information, said the news service.
Some cyber experts are skeptical that the attacks on the elections offices had any political motive, noting that hackers often rifle through government databases looking for personal information they can sell.
âItâs got the hallmark signs of any criminal actors, whether it be Russia or Eastern Europe,â said Milan Patel, a former chief technology officer of the FBIâs Cyber Division who is now at the security firm K2 Intelligence. However, he added, âthe question of getting into these databases and what it means is certainly not outside the purview of state-sponsored activity.â
Still, little public digital forensic evidence has come to light so far that would link the Illinois and Arizona hackers to a Russian-backed group that researchers say broke into the Democratic National Committee and the Democratic Congressional Campaign Committee.
âNo robust evidence as of yet,â respected cybersecurity consultant Matt Tait said on Twitter.
The FBIâs alert asked state officials to check whether their networks had seen any activity coming from eight specific Internet Protocol addresses, at least one of which was tied to a Russian cyber gang, according to Yahoo News.
The FBI sent the alert to the Election Assistance Commission, the federal agency that offers help to states in improving the management of their elections. The commission then sent it to state officials, spokesman Bryan Whitener told POLITICO.
The FBI declined to comment on the alert but said in a statement that it âroutinely advises private industry of various cyberthreat indicators observed during the course of our investigations.â
Leo Taddeo, a former head of the cyber division in the FBIâs New York office, said such a widespread alert âindicates that this could be a systematic attack, rather than an isolated targeting of a particular database.â
Sending out the memo is the only way for officials to do a complete review of all state election systems and determine whether a âdedicated attackâ is taking place on multiple networks, Taddeo added. Elections have always been run at the state and local level, and few if any federal laws govern how local officials manage and secure voter data.
At most, several federal agencies provide voluntary guidelines for local officials. In some states, voter registration information is a public record, meaning data security rules governing the handling of personal information â such as names and home addresses â donât apply.
The FBIâs alert reflects growing government awareness of the cyberthreat to election systems.
The Department of Homeland Security had held no conversations with states about election cybersecurity until a conference call that Secretary Jeh Johnson held with state officials on Aug. 15, a person involved in state election work said.
That call came together after Johnson publicly floated the idea of classifying elections as âcritical infrastructure,â a designation that grants special security assistance to vital facilities such as banks and the power grid. âWe hastily reached out to DHS to try to organize a call that would at least give state officials some information on what was going on with DHS,â the person said.
On the call, DHS officials urged states to coordinate with their local FBI offices if they werenât already doing so. The department also agreed to provide resources to states, including vulnerability-detection software. But the DHS has not provided those resources yet, and some states, such as Georgia, have balked at the offers of assistance, fearful of federal meddling.
DHS plans to announce an election cybersecurity awareness campaign soon, the person said.
A DHS spokesman declined to comment on the FBI alert.
In the meantime, digital voter registration systems appear to be functioning â mostly. Of 42 state databases that POLITICO accessed on Monday, 41 were available, although the entire website of Californiaâs secretary of state was down.
“It is down right now,” said Sam Maood, spokesman for the California secretary of state. “Thereâs no evidence that itâs due to hacking or any kind of data breach.”
All but one of the other states either required more extensive measures to check registration or had no evident online system. The one exception, North Dakota, is the only state that doesnât require voters to register, according to its secretary of state.
But devastating consequences could ensue if these databases fell into the hands of motivated digital attackers, election security specialists said.
âAn attacker could potentially remove registered voters from the registration list in areas that are expected to vote against the attackerâs preferred candidate, creating challenges and delays when the voters show up and the polls to vote,â said Jason Straight, chief privacy officer for UnitedLex, which advises corporations on cybersecurity practices.
Straight called such manipulation a âmuch greater threatâ than the possibility of hackers tampering with electronic voting machines, which election watchdog groups and researchers say are insecure and often lack proper auditing mechanisms.
Tilting elections through voting machines hacks âwould require extensive use of on-the-ground operatives with social engineering and technical skills to pull off,â Straight said.
In recent years, voter rolls have become an increasingly attractive target for both cyber gangs, as well as government-backed digital spies, appearing for sale on underground web forums, or simply being found sitting unprotected online.
Hundreds of millions of voters in the U.S., the Philippines, Turkey, Kazakhstan and Mexico have been affected.
The big windfall came last October, when hackers â âprobably based in Russiaâ â started selling a set of Americans’ voter data âcontaining personal information on approximately 190 million persons,â said Christopher Porter, manager of FireEye iSIGHT Intelligence, a leading cybersecurity firm that examined the leak. The information exposed included full names, genders, dates of birth, physical addresses, email address and phone numbers.
The presence of the Russian cyber gang-linked IP address in the FBI alert is a possible indication that these digital thieves were at it again in Illinois and Arizona, said several researchers and a former FBI official.
While such thefts could be the work of ordinary criminals, these same experts explained that Russian cyber gangs often act at the behest of the Kremlin, either directly or indirectly. In exchange, these groups receive immunity from prosecution and âmaintain their untouchable status,â said Kellermann, of Cybersecurity Strategic Ventures.
If this is indeed the case with the recent intrusions of state voter registration databases, Kellermann believes the suspected campaign to undermine the U.S. election process is âreaching a tipping point.â
âItâs high time that the U.S. government took off its own gloves,â he said.
Tim Starks contributed to this report.