FBI is investigating foreign hacks of state election systems
By ELLEN NAKASHIMA | The Washington Post | Published: August 29, 2016
WASHINGTON — The FBI is investigating a series of suspected foreign hacks of state election computer systems and websites, and has warned states to be on the alert for potential intrusions.
The Aug. 18 warning, issued after two states suffered intrusions into their systems, comes amid heightened concern over Russian hacks of Democratic party organizations and possible meddling in the presidential election.
The FBI "flash" alert, which is not intended for general public release, listed IP addresses and other technical fingerprints associated with the hacks.
"The FBI is requesting that states contact their Board of Elections and determine if any similar activity to their logs, both inbound and outbound, has been detected," said the FBI alert, which was first reported by Yahoo News.
The warning did not name the states that were targeted. But in June, the Arizona Secretary of State's office shut down part of its website after the FBI found a potential threat to its state voter registration system, according to The Arizona Republic.
And in July, the Illinois Voter Registration System suffered a cyber intrusion in which hackers were able to retrieve a number of voter records, according to a message from the Illinois State Board of Elections.
The intrusion led the state election board to shut down the voter registration system for a week.
"This was a highly sophisticated attack most likely from a foreign (international) entity," said Kyle Thomas, the Illinois board's director of voting and registration systems, in the message.
The FBI declined official comment other than to note it "routinely advises private industry of various cyber threat indicators" it turns up in investigations.
Meanwhile, some private sector researchers say some of the information released by the FBI points to a potential Russian link, though they caution their work is preliminary. Rich Barger, chief information officer at ThreatConnect, said that several of the IP addresses trace back to a website hosting service called King Servers that offers Russia-based technical support. He also said that one of the methods used was very similar to a method used in other intrusions suspected of being carried out by the Russian government, including one this month on the World Anti-Doping Agency.
"If this is the Russians, we can start to think through worst case scenarios as to how they might sow doubt over our electoral process at election time," Barger said.
The reported intrusions so far do not appear to have involved manipulation of data — a key concern of U.S. intelligence officials.
But, Barger said, "the very fact that [someone] has rattled the doorknobs, the very fact that the state election commissions are in the crosshairs gives grounds to the average American voter to wonder — can they really trust the results?"
On Aug. 15, Homeland Security Secretary Jeh Johnson held a conference call with state election officials, offering the Department of Homeland Security's assistance in protecting against cyber attacks.
He said that DHS was "not aware of any specific or credible cybersecurity threats relating to the upcoming general election systems," according to a readout of the call. It was not clear if he was aware at the time of the FBI's investigation into the Arizona and Illinois intrusions.