Hackers Downloaded Information from 200,000 voters in Illinois

Source: http://www.securityweek.com/fbi-warns-attacks-state-election-systems, https://threatpost.com/fbi-warned-state-election-board-systems-of-hacks/120198/(Security Week, Threatpost)

The FBI’s Cyber Division sent out a flash alert earlier this month, warning election officials nationwide to secure voter registration data systems, after two breaches were detected earlier in the summer. Attackers breached a Board of Elections website in July, and a separate intrusion was detected on another state’s Board of Election system earlier in the month.

In the first attack, a threat actor scanned the website of the state’s board of election using the Acunetix vulnerability scanner. This helped in the  detection of a SQL injection flaw, which lead to the attackers exploiting the vulnerability using SQLmap(an open-source SQL injection and takeover tool). Another tool used in the attack was DirBuster, which is a Java application designed to brute force directories and filenames on web and application servers. The Federal Bureau of Investigation has provided indicators of compromise, including IP addresses and log entries, and has informed all states to contact their board of elections and determine if they have been targeted in similar attacks. States were urged to search their logs for activity coming from the eight “suspicious” IP addresses associated with the attack tools. Though the agency has warned all organizations to refrain from directly contacting the IP addresses used by the attackers.

Incidents in Illinois and Arizona appeared on the news, after authorities decided to shut down voter registration systems. This isn’t the first time that United States election systems have been vulnerable to cyber attacks, a security researcher was charged and arrested earlier this year for finding and exploiting flaws in a Florida election website.