Voter registration bases in Arizona and Illinois were believed to have been breached in recent weeks by foreign hackers, prompting the FBI to issue a warning for all states to beef up their efforts to safeguard their voter registration systems, Yahoo News reported Monday.
The site obtained a copy of the restricted “flash” alert sent out by the FBI’s Cyber Division, dated Aug. 18, which warned of cyber criminals targeting state elections systems and asked officials to search for similar malicious activity. The alert did not name the states involved, but an anonymous source confirmed to Yahoo that the alert was related to attacks on databases in Arizona and Illinois.
Illinois officials were forced to shutter the state’s voter registration system for 10 days in late July after hackers were able to download the personal data of up to 200,000 voters, Ken Menzel, general counsel for the state’s Board of Elections, told Yahoo’s Michael Isikoff.
The Arizona attack was more limited in scope, according to the report. Malicious software was introduced into the registration system, but an anonymous state official told Yahoo no voter data was stolen.
The threat was deemed serious enough for Homeland Security Secretary Jeh Johnson to hold a conference call with state elections officials on Aug. 15, where he reportedly offered his department’s assistance in fortifying the systems and federal cyber security experts to search for vulnerabilities in states’ voting systems.
Although Johnson said on the call that he was not aware of “specific or credible cybersecurity threats,” the FBI alert went out three days later, according to the report.
In the alert, the FBI listed eight IP addresses as the sources of the Arizona and Illinois attacks, noting that one of the addresses was involved in both attacks. Rich Barger, a cyber security expert at the firm ThreatConnect, told Yahoo that one of the IP addresses has previously surfaced in Russian hacker forums and the method for intrusion resembled the methods used in other attacks suspect to have been carried out by state-sponsored Russian hackers.
Menzel, the Illinois elections official, told Yahoo that the FBI did not identify the suspected foreign hackers by country.
The news comes shortly after the FBI confirmed it was investigating cyber attacks at the Democratic National Committee and Democratic Congressional Campaign Committee, which experts have attributed to Russian government-linked hackers.