Update: Illinois HACKED!

I wonder how the Pantagraph found the story?


9:19 this morning

By:  Diane Benjamin

Government is looking out for you:


From: Thomas, Kyle <[email protected]>
Sent: Wednesday, July 20, 2016 4:06 PM
To: Thomas, Kyle
Cc: List – VRS
Subject: Status of Statewide database (IVRS)

Dear Election Authority,

We will begin the process of bringing IVRS and the Paperless Online Voter Application (POVA) system back online tomorrow (Thursday, July 21st).  Below is an explanation of why the systems have been unavailable for the past week.

The State Board of Elections (SBE) fell victim to a cyberattack that was detected on July 12, 2016.  Specifically, the target was the IVRS database.  Once discovered, State Board of Elections closed the point of entry.  On July 13th, once the severity of the attack was realized, as a precautionary measure, the entire IVRS system was shut down, including online voter registration.

SBE’s Information Technology and Voting and Registration Systems staff immediately began researching the extent of the infiltration.  Thus far, we have determined the following:

·         The pathway into IVRS was NOT through our firewalls but through a vulnerability on our public web page that an applicant may use to check the status of their online voter registration application.

·         The method used was SQL injection.  The offenders were able to inject SQL database queries into the IVRS database in order to access information.  This was a highly sophisticated attack most likely from a foreign (international) entity.

·         We have found no evidence that they added, changed, or deleted any information in the IVRS database.  Their efforts to obtain voter signature images and voter history were unsuccessful.

·         They were able to retrieve a number of voter records.  We are in the process of determining the exact number of voter records and specific names of all individuals affected.  (Because of the complex methods used to access the data, this may take 10-15 days.)

·         In an effort to prevent an attack such as this from happening in the future, we have made a number of security enhancements to the IVRS and POVA systems.

·         Once the system is brought back online, all IVRS user passwords will need to be changed at the first login (or by your vendor for system specific accounts).  The new password must be a minimum of eight characters in length, one of which must be a non-alphanumeric character ($, *, # etc.).

Pursuant to the Personal Information Protection Act (815 ILCS530/), the Illinois General Assembly and the Office of the Attorney General have been notified of the incursion.  Furthermore, once we have determined the number of voter records and the individuals whose information was collected, we are prepared to take the proper steps required to notify those persons.

A separate notification will be sent indicating when you and your staff may access IVRS.  Thank you for your patience regarding this matter.

Kyle Thomas

Illinois State Board of Elections

Director-Voting and Registration Systems

Office(217) 782-1590


10 thoughts on “Update: Illinois HACKED!

  1. Hilary Clinton: “all government emails sent from my personal account were secure.” The government has the worst cybersecurity.


  2. Just think – Liberals want all voting done by Internet via computers. Couldn’t be any opportunity for fraud there could there? 😉


  3. What’s SCARIER is that GOOD hackers don’t leave tracks. Sooo, WHY do these “foreign” people want to know how WE vote anyway? Maybe Hillary IS gonna rig the election! Is SNOOPY still running-Charlie Brown would make a GREAT V.P. Good Grief!


  4. The fact that sql injection attacks still work in 2016 is pathetic. Those are very well known attack vectors and very easy to prevent. Of course there are no penalties when the government has security holes that are exploited other than more taxpayer dollars sent to the victims.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s