A description of the July 2016 hacking of a state board of elections and theft of the personal information of nearly 500,000 voters contained in a federal indictment filed Friday against a dozen Russian intelligence officers “likely” refers to Illinois, a spokesman for that state’s elections board told StateScoop.
The indictment from Robert Mueller, the special counsel investigating foreign interference in the 2016 U.S. presidential election, largely concerns cyberattacks against Democratic Party and Hillary Clinton’s campaign. But it also contains a count detailing an aggressive hacking campaign against state and county boards of elections, which are responsible for collecting and storing voters’ registrations.
The July 2016 hack against a target referred to as “State Board of Elections 1” obtained a range of personal details of about half a million voters, including their names, addresses, dates of birth, driver’s license numbers and partial Social Security numbers. The FBI reported the following month that it had detected breaches of voter-registration databases in Illinois and Arizona .
Matt Dietrich, the spokesman for the Illinois Board of Elections, told StateScoop the scenario described in the indictment fits with what happened in that state. Illinois shut down its online voter-registration system on July 12, 2016, after discovering a security breach, and kept it offline for more than two weeks.
“We have no confirmation from DOJ but the timing and circumstances make it likely,” he said. “We actually notified 76,000 voters whose data had been viewed and we believe the 500,000 figure in the indictment may be a result of DOJ using federal criminal code and our use of the Personal Information Privacy Act to determine who we needed to notify.”
Illinois officials said last year that there is no evidence the hacking of the state’s voter database affected the outcome of the presidential election. (Clinton carried the state by an 18-point margin.)
But the indictment describes attempted cyberattacks against elections officials beyond just a single state board. In June 2016, the document reads, the Russian officers allegedly “researched domains used by U.S. state boards of elections, secretaries of state, and other election-related entities for website vulnerabilities.”
After the July operation that grabbed voters’ personal information, the Russian hackers allegedly stepped up their activity again in October 2016 when they scanned the websites of state- and county-level elections boards in Florida, Georgia and Iowa for vulnerabilities.
In November 2016, just days before the election, the intelligence officers allegedly sent Florida election officials more than 100 emails using an email address designed to mimic a company — a tactic known as spearphishing — referred to as “Vendor 1,” which the indictment describes as a supplier of software that verifies voter registrations. The phony emails contained Microsoft Word files, stamped with Vendor 1’s logo, that carried malware. The indictment does not state whether any of the Word files were opened.
In a statement released Friday, the Illinois Board of Elections said it is still reviewing the July 2016 incident, and that it will be asking federal law enforcement for more information about the number of voters that may have been affected by the hack.
“The State Board of Elections has worked with the FBI and Department of Homeland Security throughout the aftermath of the 2016 breach and is grateful that DOJ has identified perpetrators,” the statement reads. “We will fully cooperate as necessary in the prosecution.”