The hackers that breached the Illinois election database do not appear to have been looking for anything in particular, IT professionals told the state Senate subcommittee on cybersecurity during a hearing Thursday.
In August, federal intelligence agencies believe one of the same Russian hacking operations that struck the Democratic National Convention last summer breeched an online voter database in Illinois. A similar attack struck Arizona as well, the only other known state breach attributed to Russia in the 2016 election season.
Reports emerged in August that hackers broke into the database by taking advantage of a common coding error in web forms that allows visitors to trick the database into running commands. That is known as an SQL injection, where SQL, pronounced “sequel,” is the type of database in use.
{mosads}While those reports had pegged the number of breached files at 200,000, the IT officials that testified Thursday said that figure was incorrect. The actual number was 70,000.
At the hearing, state elections employees described the attack in detail, including reasons that they did not believe the attackers had data they were specifically targeting.
The hackers amassed records by searching by local voter identification numbers, systematically searching nine-digit codes starting from “000000001” and incrementally adding one.
The identification codes in the database were issued locally and are not in a standardized statewide format. That limited the number of records that could successfully be returned. Though some cities use nine character codes, others use more or fewer. Any user with a code in a different format would not be searchable using that method.
That method of searching is good for taking large datasets but only guarantees that the attacker would steal the files with the lowest number codes — an administrator could easily discover the attack and shut it down before it reached higher number codes.
“In my 35 years experience, they were just on a fishing expedition to get whatever they could,” said Kevin Turner, director of information technology at the Illinois State Board of Elections.
State senators at the hearing said that the attack was linked to Russia through the internet addresses of intermediary servers used to send commands.
The hearing was organized by state Sen. Michael E. Hastings (D-Tinley Park).