This story is over 5 years old.


Foreign hackers stole up to 200,000 voters' information, FBI says

The FBI said foreign hackers had stolen the data from two state election databases and advised state officials to protect their data.
Homeland Security Secretary Jeh Johnson arrives to testify before a Senate Judiciary Committee hearing on "Oversight of the Department of Homeland Security" in Washington, U.S., June 30, 2016. (Joshua Roberts/Reuters)

The FBI put out a bulletin this month that foreign hackers broke into two state election databases and advised state officials to protect their data, Yahoo News reported on Monday.

"The FBI is requesting that states contact their Board of Elections and determine if any similar activity to their logs, both inbound and outbound, has been detected," the FBI warned in the August 18 alert.

Yahoo reported that the two states, unnamed in the bulletin, were in Arizona and Illinois. The general counsel of the Illinois Board of Elections told the outlet that hackers downloaded personal data on up to 200,000 state voters, while in Arizona the infiltrators broke in but failed to steal anything.


The FBI bulletin reportedly provided eight IP addresses connected to the attacks. One of the addresses was found in both attacks and the FBI is looking to see whether other states were at risk from the same perpetrators, the report said.

"If there was any doubt, this confirms that we need to be taking all necessary steps to secure our election infrastructure," said Lawrence Norden, a deputy director of the Brennan Center for Justice and author of a 2015 report about election cybersecurity. "At the same time, it's important to note that attacks on these kinds of databases should not have an impact on the integrity of our elections."

Related: A foreign power could hack the US election, experts fear

Norden said the key to securing voter information against cyber attacks is to make regular backup and paper copies of voter registration lists "to make sure that every legitimate voter can vote and have her vote counted."

The hacking report follows a phone call earlier this month by Homeland Security Secretary Jeh Johnson to state election officials in which his department offered help guarding voting systems against hacking and urged states to follow federal "cyber" guidelines.

On the call, Johnson mentioned that Homeland Security is convening a Voting Infrastructure Cybersecurity Action Campaign "with experts from all levels of government and the private sector to raise awareness of cybersecurity risks potentially affecting voting infrastructure and promote the security and resilience of the electoral process."

"Secretary Johnson encouraged state officials to focus on implementing existing recommendations… on securing election infrastructure, such as ensuring that electronic voting machines are not connected to the internet while voting is taking place," read a DHS summary of the call.

Johnson offered the assistance to carry out "vulnerability scans, provide actionable information, and access to other tools and resources for improving cybersecurity."