Election exploits: What you need to know [infographic]

An at-a-glance overview of this summer's voter registration database breaches, including how the attackers got in and what they stole.

In late August, an FBI alert warning state election officials about an attack on voter registration databases from Illinois and Arizona was leaked and posted in a report on Yahoo News. 'According to the FBI’s alert, 'an unknown actor' attacked a state election database by using widely available penetrating testing tools, including Acunetix, SQLMap, and DirBuster,' wrote Michael Kan. 'The hackers then found an SQL injection vulnerability -- a common attack point in websites -- and exploited it to steal the data. The FBI has traced the attacks to eight IP addresses, which appear to be hosted from companies based in Bulgaria, the Netherlands, and Russia.' What isn't known is whether these election database hacks are tied either to the hack of the DNC or other recent breaches. “One of the interesting things about these attacks which came to light is that the attackers were using a commercial grade vulnerability scanner rather than a self-built or an open source tool," says Amit Ashbel, director of product marketing at application security provider Checkmarx. "Not only does it not align with most hacker techniques, it also increases the chance of exposing the attacker. That in itself indicates that the attacker was probably not part of a well-organized hacking team and it also seems that it was not part of a state grade attack but rather someone who had access to a tool and wanted to try it out. The following infographic from Checkmarx offers an overview of the election breaches in Arizona and Illinois, including how the attackers got in and what they stole.

Show Comments