“In a sense, it’s a declaration of war. It’s a cyberwar,” said Steve Sandvoss, executive director of the Illinois State Board of Elections.
“When a foreign government attacks your system, obviously you know they are up to no good,” he told Fox News. “Elections being a central part of our democracy, being attacked by a foreign government I think everybody in the country should be concerned about that.”
“When a foreign government attacks your system, obviously you know they are up to no good.”
As the national debate over election security focuses on ways to protect the integrity of our country’s election system, officials in Illinois know firsthand the effect of being attacked by Moscow.
The invasion did not put any Russian troops on the ground, but millions of computer hits that attacked the state’s voter rolls for weeks during the 2016 presidential campaign. The FBI and Department of Homeland Security said hackers from the GRU, the Russian intelligence service, successfully attacked the Illinois Board of Elections computers.
State officials said up to 80,000 voter registration records were accessed. It turned out that the greatest concentration of breached files belonged to the residents of Galesburg. A total of 14,121 residents, or almost half of the city’s population, had their voter registration information compromised.
“I certainly don’t want to be on the front of any cyberwar,” Sandvoss said.” We are as prepared as we can be.”
“The Russians would be making a serious mistake if they came here with hostile intentions,” Galesburg Mayor John Pritchard said. “We probably don’t take kindly to outside interference into our political process.”
He noted that “there were no changes made to our records, no deletions or additions. But they were viewed.”
Small query explodes
The attack began June 23, 2016, with a small external computer query that exploded inside system three weeks later. The number of hits remained at five hits per second, and after roughly one month, suddenly stopped.
“It was noticeable because our processing system was deteriorating, the system was slowing down,” Sandvoss said. “We made the decision to shut the system down.”
The state’s system remained offline for several weeks.
“Thankfully there was no evidence that any of the records were changed, manipulated or deleted,” Sandvoss said.
“Thankfully there was no evidence that any of the records were changed, manipulated or deleted.”
Officials eventually found that seven of the IP addresses used by the attackers were traced to the Netherlands, including to two groups known as “Cozy Bear” and “Fancy Bear,” the names, officials said, for Russian intelligence operations. It turned out that Galesburg happens to have a nine-digit voter number that the hackers were able to randomly access.
“We came up short on the luck side,” Mayor Pritchard noted.
State officials are doing more than just rely on luck. They said they have employed numerous additional defenses of voter information to try to prevent any future hacks.
“I don’t think that you can protect the system completely,” Sandvoss noted. “We do our best, of course, to strengthen the system.”
He said that the Board of Elections has since hardened its defenses and has implemented new procedures to protect it for the mid-terms and the 2020 presidential election. This includes downloading daily antivirus protection software, monitoring servers and daily logs, conducting a vulnerability assessment, and taking other steps. The federal government has also provided $13 million to beef up security.
“We haven’t seen anything of the caliber of the original attack,” Sandvoss said. “Our system gets hit every day by malicious software, but it gets stopped at the firewall level.”
“There’s always room for improvement in terms of IT,” Democratic state Sen. Michael Hastings, chairman of the State Cyber Committee, insisted. He has held hearings on the hacking and praises the steps the Board of Elections has taken to protect the voter rolls
“We are going to continue to be vigilant,” he promised, but wonders, “are we doing enough?”
Hastings knows firsthand the precious privilege that voting represents. He is a 37-year-old graduate of the U.S. Military Academy at West Point, N.Y., who was an offensive lineman on the Army’s football team and deployed to Iraq. He is now serving his third term as a legislator and brings the same vigor and can-do spirit of his Army days to fighting the new cyberenemy that attacked his state and country.
‘A sacred right’
“I’m not angry at the outcome of the election, I was more concerned about the security of our democracy. Serving overseas in Iraq, serving in the military for 10 years, I believe that voting is a sacred right for all Americans,” he said. “And I want to make sure that Illinois residents feel safe and secure, in casting your vote for whatever candidate they choose, whoever that may be, and having these investigations to provide the assurances to Illinois residents, that our voter systems are secure, or will be secure, is the upmost importance to me.”
“(H)aving these investigations to provide the assurances to Illinois residents, that our voter systems are secure, or will be secure, is the upmost importance to me.”
“Overall, people still trust the process and I think people are more vigilant now than ever,” he continued.
Hastings, who has faced America’s enemies on the battlefield, said the cyberenemy can be as lethal to our democracy, and that the nation must be prepared.
“People forget what makes this country great in the fact that we are a democracy, and the fact that I fought to protect our democracy,” he said. “I hold it very sacred and I’ll do anything I can to protect it.”