The hackers that breached the Illinois election database do not appear to have been looking for anything in particular, IT professionals told the state Senate subcommittee on cybersecurity during a hearing Thursday. In August, federal intelligence agencies believe one of the same Russian hacking operations that struck the Democratic National Convention last summer breeched an online voter database in Illinois. A similar attack struck Arizona as well, the only other known state breach attributed to Russia in the 2016 election season. Reports emerged in August that hackers broke into the database by taking advantage of a common coding error in web forms that allows visitors to trick the database into running commands. That is known as an SQL injection, where SQL, pronounced “sequel,” is the type of database in use.
While those reports had pegged the number of breached files at 200,000, the IT officials that testified Thursday said that figure was incorrect. The actual number was 70,000.
At the hearing, state elections employees described the attack in detail, including reasons that they did not believe the attackers had data they were specifically targeting.
The hackers amassed records by searching by local voter identification numbers, systematically searching nine-digit codes starting from “000000001” and incrementally adding one.
Full Article: Illinois voting records hack didn’t target specific records, says IT staff | TheHill.