Illinois election system breached: Why state governments need to be on alert

This election cycle has provided more than a few noteworthy headlines. Some of the most recent, however, don’t comment on the candidates, but rather provide a real-life lesson in cybersecurity preparedness.

State and federal officials confirmed that Illinois’ state voter system had been breached earlier this year. Worse still, the Prairie State wasn’t the only one to fall victim to this kind of attack, showing the need for state governments to be aware of and actively protect against these kinds of threats.

Sensitive voter information exposed

According to an August 2016 report from the Chicago Tribune, the Illinois State Board of Elections confirmed that a hack launched in June on the state’s election system did result in the exposure of individual voters’ information. And while officials believe the attack impacted fewer than 200,000 citizens – a small number considering that more than 3.4 billion people voted during the presidential primaries in March – the attack underscores the threats that state governments face during such a pivotal time.

“The attack underscores the threats that state governments face during such a pivotal time.”

The Tribune reported that cybercriminals, possibly from a foreign nation, were active within the voter system for a month before their activity was halted. During this time, attackers were potentially able to make off with specific information about certain voters, including the last four digits of Social Security numbers as well as driver’s license numbers. Thankfully, though, the hack did not result in erased or modified voter files, and hackers were unable to access voting history information or capture images containing signatures.

“We say that the system was compromised in this context, that it’s been accessed,” Ken Menzel, elections board general counsel, explained. “We’re very confident nothing was added, deleted or altered.”

The attack, which was launched on June 23, was detected and ceased on July 12 thanks to the efforts of election officials and programmers that leveraged code to prevent unauthorized access to the database containing voter information. As a precautionary measure, the state also eliminated all outside, offline access to the election website, where citizens would go to complete their voter registration applications.




“We’ve been working with the people in the governor’s technology group (the Illinois Department of Innovation and Technology) and they’ve been wonderfully helpful,” Menzel said of the post-breach efforts. “There are also some interstate groups that have banded together for security issues, as well as the FBI and Homeland Security.”

Not the only victim

Around the same time that Illinois officials announced the breach, Reuters reported that the FBI detected a similar attack in Arizona’s voter registration database.
 
State governments needs to be prepared for the threats emerging during election season. “The Arizona attack was more limited and involved introducing malicious software into one state employee’s computer,” Reuters contributors Dustin Volz and Jim Finkle wrote.

In activity parallel to Illinois’ breach response, Arizona officials detected the breach and temporarily shut down the election website so that the threat could be effectively addressed.

A lesson in cybersecurity

These incidents, which experts like David Kennedy of information security company TrustedSec noted could be part of a larger attack, provide a real-life lesson for state governments. Now, more than ever, it’s critical that government networks are adequately protected against unauthorized access and malicious activity.

One of the first – and strongest – lines of defense here is the firewall. State governments and their IT teams need to not only be aware of the threats facing them this election season, but be prepared with the right cybersecurity tools. Having a next-generation firewall in place is an important piece of this puzzle.

Such an asset enforces organizational policies to ensure that only authorized users can access sensitive platforms like voter registration databases. What’s more, a robust firewall helps deliver a high quality of service while guarding against dangerous and malicious software.

To find out more about how a next-generation firewall could help your organization, contact the experts at Untangle today.