Two US state voter databases breached

The Federal Bureau of Investigation has found breaches in Illinois and Arizona's voter registration databases and is urging states to increase IT security ahead of the November presidential election, according to a US official familiar with the probe.

Illinois voters during the US presidential primary election in March this year.
REUTERS/Jim Young

The official, speaking on condition of anonymity, said investigators were also seeking evidence of whether other states may have been targeted.

The FBI warning in an August 18 alert from the agency's cyber division did not identify the intruders or the two states targeted. Reuters obtained a copy of the document.

Accessing information in a United States voter database, much of which is publicly accessible, does not necessarily suggest an effort to manipulate the votes themselves. When registering, voters typically provide their names, home addresses, driver's license or identification numbers, and party affiliations.

But US intelligence officials have become increasingly worried that hackers sponsored by Russia or other countries may attempt to disrupt the presidential election.

Officials and cyber security experts say recent breaches at the Democratic National Committee and elsewhere in the Democratic Party were likely carried out by people within the Russian government. Kremlin officials have denied allegations of Moscow's involvement.

An FBI spokeswoman would not comment on the alerts but said the agency "routinely advises" on "various cyber threat indicators observed during the course of our investigations".

The intrusions come amid repeated unsubstantiated claims by Republican presidential candidate Donald Trump that the US election system is "rigged."

Trump has cited emails leaked from the Democratic National Committee that indicated the party favoured Hillary Clinton over Bernie Sanders as reason to cast doubt on the electoral process in general.

Concerns about election IT security prompted Homeland Security secretary Jeh Johnson earlier this month to offer state election officials the department's help in making their voting systems more secure.

David Kennedy, chief executive officer of information security consulting company TrustedSec, said the attacks referenced in the FBI alert appeared to be largely exploratory and not especially sophisticated.

"It could be a precursor to a larger attack," he said.

Citing a state election board official, Yahoo News said the Illinois voter registration system was shut down for 10 days in late July after hackers downloaded personal data on up to 200,000 voters.

The Arizona attack was more limited and involved introducing malicious software into the voter registration system, Yahoo News quoted a state official as saying. No data was removed in that attack, it reported.

Voting watchdog organisations say states have generally improved their security practices over the last several presidential election cycles.

Only five states - New Jersey, Delaware, Georgia, South Carolina and Louisiana - use electronic voting machines without a paper trail, according to a database maintained by Verified Voting, a non-profit organisation that aims to improve vote accuracy and transparency.

But several state election boards have rejected assistance from the Department of Homeland Security to secure their voting systems, citing fears of a federal takeover of a state-run system, said Susannah Goodman, director of the voting integrity program at Common Cause, a progressive advocacy organisation.

“We can simultaneously have confidence in our system and prepare appropriately for possible attacks," Goodman said.