A U.S. indictment against Russian intelligence left Illinois State Board of Elections (ISBOE) Public Information Officer Matt Dietrich assuring residents their votes remain safe.
“Two years ago to this date, the Illinois State Board of Elections electronic voter registration database was the victim of a malicious cyber-attack in which an attacker, at that time of an unknown origin, got into our voter registration database and we eventually determined that they viewed the voter registration information of 76,000 voters,” Dietrich said at an impromptu press conference July 13.
The indictment, announced by U.S. Deputy Attorney General Rod J. Rosenstein, accused two Russian intelligence officers of hacking election databases across the country.
“The Department of Justice today handed down an indictment in which count No. 72 references not the Illinois State Board of Elections specifically, but a generic SBOE1,” Dietrich said. “We think it is very likely that we are SBOE1.”
Count No. 72 reads “In or around July 2016, KOVALEV and his co-conspirators hacked the website of a state board of elections (“SBOE 1”) and stole information related to approximately 500,000 voters, including names, addresses, partial Social Security numbers, dates of birth, and driver’s license numbers.“
Though ISBOE has not received any confirmation from the Department of Justice that it is, in fact, SBOE1, Dietrich said “based on the circumstances described in the indictment, we think it is pretty likely that it is us.”
ISBOE Information Technology (IT) staff discovered the breach on July 12, 2016, and immediately found the entry port and closed it, Dietrich said. The next day, IT also removed the database and website.
That was when ISBOE called in the Federal Bureau of Investigations (FBI), the U.S. Department of Homeland Security and the Illinois Attorney General’s Office to assist election officers.
“We made sure the intruder had not created a back-door entry to come back in or stayed in there,” Dietrich said. “We believe the intruder tried to change voter data, but was unsuccessful in doing so.”
Since October 2016, ISBOE has worked with Homeland Security to perform weekly cyber hygiene scans on the voter database to ensure the system is no longer vulnerable to future hacking, according to Dietrich.
“That duty has since been taken over by DoIT, The Department of Innovation and Technology, on the state level,” Dietrich said.
There has been no breach since July 2016, he added.
“We installed new firewall software and hardware, and we have devoted some personnel specifically to cybersecurity,” Dietrich said.
Going forward in the 2018 election cycle, Dietrich said even stricter measures would be put in place.
“In the budget that just passed in May and was signed into law, there is a provision that states the State Board of Elections is going to use at least half of $13.2 million in federal funding that we received from the U.S. Elections Assistance Commission to create and manage a cyber navigator program,” Dietrich said.
He said not one vote in Illinois was changed as a result of what happened two years ago.
“To change votes would take physical access to machines,” Dietrich said.