A federal indictment of 12 Russian military intelligence officials released Friday, July 13 confirms what many have long suspected, that Russians were responsible for the hacking of the Illinois State Board of Elections’ voter data base in 2016.
The indictment also discloses the fact that one of the computers used by cyber experts of the Russian GRU military intelligence was located in Illinois.
The indictment announced in Washington by assistant US Attorney General Rod Rosenstein identifies the hacked election board only as “SBOE 1.” However, it refers to an August 2016 FBI alert to various state boards of election about hacking.
In the wake of that FBI alert, the Illinois State Board of Elections acknowledged its voter data base had been hacked.
ISBE staffers had become aware of a cyber intrusion on July 12, 2016, and took steps to stop it. Illinois State Board of Elections General Counsel Ken Menzel told the press at the time that there was “reasonable suspicion” that those responsible for the hacks were foreigners.
In late June 2016, the FBI stated that “an unknown actor scanned a state’s Board of Election website for vulnerabilities using Acunetix …”
The new indictment states that on April 22, 2016, the Russian intelligence (GRU) operatives moved compressed stolen Democratic National Committee data, including opposition research, “to a GRU-leased computer in Illinois.” It does not identify exactly where in Illinois that computer was located.
The amount of data stolen was also considerably larger than previously reported.
“In or around July 2016, (indicted Russian intelligence agent Anatoliy Sergeyevich) Kovalev and his co-conspirators hacked the website of a state board of elections (SBOE 1) and stole information related to approximately 500,000 voters, including names, addresses, partial Social Security numbers, dates of birth and driver’s license numbers.”
When the FBI’s Cyber Division issued its public “flash” alert, prosecutors say, Kovalev and his co-conspirators attempted to cover their cyber tracks by clearing their computer logs and deleting various files.
The FBI advised state boards of election around the country to take numerous specific precautions to identify and eliminate cyber intrusion into their data bases, including searching their computer logs “for commands (such as) SELECT, INSERT, UNION, CREATE, DECLARE, CAST, EXEC, and DELETE, ‘, %27, —”
The Internet Protocol address used in the hack of the Illinois State Board of Elections – 18.104.22.168 – was also used to launch cyberattacks on Germany’s Freedom Party and against Ukrainian lawmakers, and on a Turkish political party.
—- Indictment confirms Russians behind 2016 Illinois election board hack —-