Arizona Voter Database Hacked

On Monday, Arizona officials confirmed reports that a voter registration database in the state has suffered a hack after a notice was sent to elections officials around the country. Illinois’ voter registration database was also breached.

Authorities believe no personal information has been compromised.

Jamie Winterton, director of Strategic Research Initiatives at Arizona State University’s Global Security Initiative, told ASU Now, that the biggest risk was voter trust in the electoral system.

Winterton said the breach “wasn’t on the voting machine software itself, but on the registration databases in Arizona and Illinois. Most of the information in the database is publicly available, so it’s not terribly concerning from an identity-theft perspective. What is worrisome, however, is that the voter database guides who is — and who is not — allowed to vote. With the possibility that Arizona will be a swing state this year, removing even a small percentage of voters from the database could swing the result.”

According to Mother Jones, “On August 18, state elections officials received a “Flash,” a notice sent by the FBI to various relevant parties, titled “Targeting Activity Against State Board of Election Systems.” The FBI reported that it had received reports of an additional IP address—a unique series of numbers that identifies every device that connects to the internet—within the logs of one state’s board of election’s system in July, and then another attempt at breaking into a separate state’s system in August.”

Winterton told ASU Now that the “attackers used something called SQL injection. SQL stands for Structured Query Language; it’s how many databases are managed. When you type information into a box on a website — a username and password, for example — that website is probably using SQL to facilitate the conversation between you and the database, to make sure you have an account and the right credentials to access it. During a SQL injection attack, though, a hacker will type code into the box instead of a username, in an attempt to control the database. If the website doesn’t check to make sure that the inputs are valid, the code gets passed through to the database and can do things like dump information or allow modifications of the database.”

Winterton says there is an easy fix such as “creating rules against nonsensical inputs — no one’s name has a “=” in it, for example — goes a long way towards protecting against SQL injection attacks.”

Yahoo News quoted a cybersecurity expert that claimed one of the IP addresses had “surfaced before in Russian criminal underground hacker forums.

4 Comments on "Arizona Voter Database Hacked"

  1. The Russians have been doing this for years in attempts to change the outcomes of elections in Europe. Never forget that Putin was brought up in the culture of the KGB. If a pervert like Julian Assange (WikiLeaks) is getting the information for his data dumps from the Russians there is absolutely no way to trust anything in those “dumps.”

  2. The Oracle of Tucson | August 30, 2016 at 7:24 am |

    “The biggest risk was voter trust in the electoral system”.
    I had no idea anyone had trust in the electoral system..

    TOoT

  3. Let’s just see if the usual shenanigans come up today in the event there is a very close race for the BOS candidates. I would expect nothing less from Pima County and Brad Nelson!

  4. “Get out early and get out often”, it’s election day in Pima County……….
    My father voted Republican for all of his life, but once he died he’s voted as party faithful Democrat in every election ever since.

Comments are closed.