National: Election system hacks: We’re focused on the wrong things | InfoWorld
The security of U.S. election systems was a major water-cooler topic this summer. There was plenty of media buzz about the potential of Russians hackers infiltrating our voter databases and trying to manipulate the upcoming presidential election. Most recently, the Arizona Secretary of State’s office closed down the state’s voter registration system after a hacker compromised valid credentials and used them to access the system. Shortly after that incident, someone exploited the IVRS (Illinois Voter Registration System). A message posted to Facebook, purportedly written by Kyle Thomas, director of the election board’s voting and registration systems division, stated that the IVRS compromise was a direct result of a SQL injection attack and that the records for up to 200,000 voters were accessed. “The offenders were able to inject SQL database queries into the IVRS database in order to access information. This was a highly sophisticated attack most likely from a foreign (international) entity,” the message posted to Facebook explained. And now we have a leaked FBI memo that, although it doesn’t name Illinois and Arizona, announces that “foreign actors” used common scanning tools to find and exploit vulnerabilities in election systems. The memo also listed internet protocol addresses associated with the hacks. The leaked FBI memo recommends that states “contact their Board of Elections and determine if any similar activity to their logs, both inbound and outbound, has been detected.”