Russian hackers hit U.S. election systems in a total of 39 states prior to the 2016 U.S. election, far more than was previously disclosed, according to a Bloomberg report.
Notably, in Illinois, investigators determined that the hackers had not only accessed the state's voter database, but had also tried to delete or alter voter data.
The hackers also accessed software to be used by poll workers on Election Day, and accessed a campaign finance database in at least one state.
Federal agents used information from the Illinois breach, which was discovered in July 2016, to identify breaches in 38 other states. Traces of the hackers were found in the election systems belonging to a total of 37 states, and in Florida and California, traces were found in systems belonging to a private contractor managing election systems.
Still, some states refused to cooperate with the federal investigation, leaving the full extent of the attacks unclear.
Anticipating the Next Attack
The White House, believing that the Russians may have been preparing to delete voter registration information or slow the vote tallying process, contacted the Kremlin directly in October 2016 to warn that the attacks risked setting off a broader conflict.
"Last year, as we detected intrusions into websites managed by election officials around the country, the administration worked relentlessly to protect our election infrastructure," Eric Schultz, spokesman for former President Barack Obama, told Bloomberg. "Given that our election systems are so decentralized, that effort meant working with Democratic and Republican election administrators from all across the country to bolster their cyber defenses."
A former senior U.S. official pointed out to Bloomberg that the Russians now have three years to expand their knowledge of U.S. election systems prior to the next presidential election.
With that in mind, Seclore CEO Vishal Gupta told eSecurity Planet by email that it's crucial to focus on the future and work on securing elections in 2018 and beyond. "The U.S. must start putting precautions in place today that assure voter data and election systems are protected, or else history is bound to repeat itself," he said.
Venafi chief security strategist Kevin Bocek said that should mean rebuilding the security of U.S. voting systems, many of which were built more than a decade ago, from scratch. "It's laughable how systems we thought were immune to attack were so woefully under-secured," he said.
"We've seen this with ATMs and POS systems," Bocek added. "The finance and retail industries have effectively responded to their own deep vulnerabilities, and now state, local and federal governments need to respond in the same way to protect voting systems."
Keeping Track of Data
In general, Varonis vice president of field engineering Ken Spinner said, this news underscores the importance of auditing all sensitive data, voter and otherwise. "Without a record of who is accessing, changing or deleting data, it's virtually impossible to detect compromise," he said. "It's not hard to imagine a scenario where voter data has been compromised, but has gone undetected due to lack of auditing or evidence of a breach."
"It's more important than ever to monitor file activity and user behavior, so that if an outside party is attempting to manipulate or delete information -- as happened in Illinois -- that activity is able to be flagged and investigated right away," Spinner added.
"Whether you're a small company or a national government, the best risk reduction is to limit access to those who need it the most, keeping sensitive data locked down, and to monitor data access so that when something suspicious happens, you can catch it before it turns into global headlines," Spinner said.