Hackers have gone after the U.S. government for a variety of purposes: to steal personally identifiable information of government employees, in an effort to pilfer trade secrets, to commit tax fraud and more. Recently, however, they sought to undercut the government by going after its lifeblood : registered voters.
According to the Chicago Sun Times, hackers accessed personal information belonging to as many as 200,000 registered voters in the state of Illinois. Illinois State Board of Elections General Counsel Ken Menzel stated that the cyberattackers first infiltrated the online voter registration portal. From there, they managed to access a database holding personal information belonging to residents of Illinois – despite having blocked the IP addresses of hackers and shutting down the system upon learning of the breach.
“Hackers accessed voter registration data, including names and addresses, dates of birth and in some cases, the last four digits of Social Security numbers and driver’s license or state ID numbers.”
Arizona also fell prey to a breach of its voter registration data; however, reports suggest that the infiltration was much more limited than that of the Illinois board of election.
What We Know About the Breach So Far
“The breach was orchestrated using an SQL injection.”
The breach first came to light in late August, when the FBI notified the affected states of the incident. The agency subsequently issued warnings to other state election boards to look into any possible indicators of an incident.
All eyes were on Russia immediately following the breach, according to WIRED. Specifically, cybersecurity researchers and several “unnamed intelligence officials” alluded to the Democratic National Committee and the Clinton campaign breaches, both of which are believed to have been the work of Russian hackers.
WIRED noted that the breach was orchestrated using an SQL injection. This entails entering code into a website’s entry field – which is exclusively intended for data inputs – thereby “triggering commands on the site’s backend,” and in this case, obtaining access to the site’s server. It’s a simple tactic that isn’t necessarily indicative of state-sponsored action. Nevertheless, early clues pointed in Russia’s direction. WIRED did state that it traced one IP address to the Turkish AKP political party, but ceded that the finding could be nothing more than “a red-herring.”
What’s Next?
The most immediate response to this situation would be to improve SQL injection defenses by making sure that government agencies at all levels employ web application firewalls and other web-based perimeter defenses capable of filtering out potentially hazardous requests.
“SQL injections are one of the more common ways hackers bypass security on the web.”
Again, this would technically just be a responsive measure specifically aimed at occluding SQL injections. At this point, however, preparedness across all potential attack vectors should be a priority. This includes endpoint protection in all agency computing environments, strong server management and defense, and a mitigation plan should intrusions occur.
