Breaking: Two State Election Databases Hacked
We just learned today, August 29th, that hackers have breached the databases of not one, but two state board of election systems. This breaking news comes from a FBI “flash” alert that was given to state boards earlier this month and just emerged into the eyes of the public.
Follow My Vote has secured a copy of the original alert released by the FBI’s Cyber Division.
Which State Election Databases Got Hacked?
Right now we are not getting any official confirmation on which states had their systems hacked. Without mentioning specifics, The FBI alert reports that two states had their Board of Election databases compromised. Recent events however, give us all the clues we need.
On July 13, 2016, officials in Illinois went as far as to shut down the entire state’s voter registration system for 10 days.
During the breach, hackers were able to steal the personal data of 200,000 registered Illinois voters. This information aligns perfectly with what is described in the flash alert concerning a breach and theft of data. It’s likely the alert is referring to the Illinois hack.
The second hack can likely be attributed to Arizona. On or around June 30, 2016, The Arizona Secretary of State’s Office shut down part of their voter registration system due to finding malicious software on a computer used to log into the state’s voter registration system.
The Arizona breach is slightly less serious, as no data was stolen.
The hack described in the FBI alert is a SQL injection. This type of attack is carried out by adding SQL (Structured Query Language) code to forms or input locations to gain access to backend data. SQL injections are currently the most common type of website hack. An attacker can often gain easy access to websites and their servers by entering code that the form does not expect to be inserted. The form will easily deny a wrong password or username, but when confronted with a totally different type of request, it opens a vulnerability. Specifically, it can allow hackers to view, manipulate, or steal all of the backend data.
Who Is Responsible?
We are not sure. There are 8 IP addresses listed in the alert as sources of the attacks. One of these IP addresses was listed as a source for both attacks, supporting the theory that one organization was behind both attacks.
An additional theory that is circulating the internet is that Russian hackers are responsible. The evidence behind this theory stems from a previous emergence of one of these IP addresses on a Russian hacker forum.
Where Do We Go From Here?
Some people are in favor of paper voting systems. It seems logical because hackers can’t manipulate or steal the information in the same manner. This is true. However, paper based voting systems are fantastic at negating all transparency. They create black boxes where you will never know if your vote was counted or got discarded. Top this off with human error and a small number of people counting the ballots, and elections easily become inadequate tools for true representation.
Ultimately, we need more transparency and better voting technology. Follow My Vote is dedicated to advancing and reforming voting technology around the world. The United States is one of many countries that are in dire need of innovation in the voting sector.
“These attacks are yet another reminder that something must be done to secure our election systems. If people can’t trust our elections systems, they are going to be much less likely to vote. Follow My Vote’s blockchain-based voting software is a complete end-to-end system that supports secure identity verification, voter registration, anonymous ballot issuance, verifiable vote casting, and tallying results. Blockchain voting is the future. The time is now!”
– Adam Kaleb Ernest, Co-Founder & CEO – Follow My Vote
This is a massive wake up call for a lot of people, especially following the Democratic National Convention hack. Those in the election industry have been aware of the lack of security. They have stood by watching voting machines get compromised and de-certified one after another.
Now is the time for innovative technology to help us vote better. We are at a point where we can use the tools of the past or use the tools of the future.
Learn about our Technology and get involved!
About the author: Will Long is the Marketing Manager of Follow My Vote.