The FBI has discovered that two state elections databases have been penetrated by foreign hackers, according to a story by Yahoo News.
Yahoo reporter Michael Isikoff said that the Bureau issued a "Flash Alert" from its Cyber Division, outlining two separate breaches of state election databases in July and August using a Structured Query Language injection vulnerability.
The Aug. 18 alert does not specify the states involved, but Isikoff said that sources familiar with the attacks reported that Illinois and Arizona voter registration databases were the targets of the attacks.
According to the Yahoo report, Illinois had to shut down its voter registration system for 10 days after the personal information of an estimated 200,000 voters was taken in the attack.
The Arizona attack did not involve any lost data but did include a malware attack into its voter registration network.
Secretary of Homeland Security Jeh Johnson had previously held a conference call on Aug. 15 warning state officials that the election infrastructure could be the target of cyber attacks. Johnson also offered federal assistance from DHS’s National Cybersecurity and Communications Integration Center to help secure state election networks.
"Secretary Johnson encouraged state officials to focus on implementing existing recommendations from [the National Institute of Standards and Technology] and the [U.S. Election Assistance Commission] on securing election infrastructure, such as ensuring that electronic voting machines are not connected to the internet while voting is taking place," DHS officials said in a statement.
The FBI alert recommended that state governments conduct vulnerability scans, with an emphasis on SQLi vulnerabilities, for their local government and law enforcement sites.
