The Illinois’ Voter Registration System, IVRS, is still down after officials discovered a security breach on July 12. The system was shut down the day after the breach was discovered, according to Kyle Thomas, the state board of elections’ director of voting and registration systems. “Once the severity of the attack was realized, as a precautionary measure, the entire IVRS system was shut down, including online voter registration,” Thomas wrote in a memo to the election authority that was posted to McLean County Clerk Kathy Michael’s Facebook page. A look-up field on IVRS that allowed voters to find out if they were already registered to vote, and at which address, could have allowed hackers access to the system, Ken Menzel, general counsel for the State Board of Elections, told StateScoop.
“One of the fields in that self lookup had a badly set parameter that allowed the attack through,” Menzel said.
The attack was traced back to servers in the Netherlands, Menzel said, causing officials to assume the hacking came from a foreign source.
The attack did not change any information in the IVRS, but the hackers did use structured query language, or SQL, database queries in an attempt to obtain voter signature images and history. SQL queries are commonly used in managing data held in a database system.