WASHINGTON — The Mueller Report confirms the Russians tried to hack the Illinois Board of Elections website in 2016.
“In one instance in approximately June 2016, the GRU compromised the computer network of the Illinois State Board of Elections by exploiting a vulnerability in the SBOE’s website. The GRU then gained access to a database containing information on millions of registered Illinois voters, 189 and extracted data related to thousands of U.S. voters before the malicious activity was identified,” the report states.
This was part of an effort of the Russian intelligence agency — the GRU — to determine “vulnerabilities” on websites of more than two dozen states, including Illinois.
READ IT HERE: Redacted version of special counsel’s report
The hack had nothing to do with counting the votes in elections in Illinois. The hackers looked at voting registration data: name, address, date of birth, gender and the last four digits in the Social Security number. In all, hackers searched through about 80,000 records, with the elections board confirming that the records of just under 3,000 voters were viewed by the hackers.
A report on the breach prepared by the Illinois State Board of Elections on Aug. 26, 2016, and obtained by the Sun-Times, details how the hackers were detected by state board information technology staffers.
“Processor usage had spiked to 100% with no explanation,” said the report, with an analysis of server logs showing the “heavy load” was “malicious in nature,” and aimed at the online voter application website.
The particular form of the Illinois cyberattack was a “SQL injection” — as in Structured Query Language — where malicious code can be planted.
“We saw data being downloaded and it was going to a place where it shouldn’t have been going, so we shut them down,” Ken Menzel, the general counsel for the state elections board, told the Sun-Times in 2017.
“We had something that wasn’t properly battened down in one of the fields on the on-line portion of the website,” Menzel said in 2017. That was “a mistake on our end.”
The data was going to a server in the Netherlands — not one of the 109 separate election jurisdictions in the State of Illinois.
Server logs showed the cyberattack began June 23 with malicious SQL inquiries. Once detected the attack was detected, the staff put in code changes on July 12, 2016.
On July 13, the website was taken offline. On July 19, the Illinois General Assembly and the Illinois Attorney General were notified. The AG’s office notified the FBI, which started an investigation in cooperation with the Department of Homeland Security. On July 21, the site was coming back online.
Attackers continued to hit state board IP addresses five times per second until Aug. 12, 2016, Menzel told the Sun-Times in 2017. That’s when attacks abruptly ceased.