The FBI is investigating hacking attacks on at least two state election boards, one of which resulted in data being stolen, according to an alert from the agency’s cyber division.
“The FBI is requesting that states contact their Board of Elections and determine if any similar activity to their logs, both inbound and outbound, has been detected,” the agency warned in the alert issued on Aug. 18.
The majority of data stolen from one state’s board of elections website occurred in July, while an attempt to hack into the election system of another state was made in August, according to the alert, which didn’t identify the states or what type of data was stolen. While election boards maintain voter registration data, most of that information is public. The Federal Bureau of Investigation memo was first reported Monday by Yahoo News.
U.S. officials and cybersecurity specialists have raised the possibility that foreign hackers -- particularly those linked to the Russian government -- might try to hack into voting systems, possibly to meddle with U.S. elections this November. Russian officials have repeatedly rejected accusations that the government is engaged in political hacking.
U.S. officials are weighing whether to designate elections as national critical infrastructure after hacking attacks on political groups including the Democratic National Committee, a move that would open up federal assistance to election officers around the country, Homeland Security Secretary Jeh Johnson told reporters this month.
But Johnson and other officials have said that rigging the outcome of a national election would be difficult because of the many jurisdiction and different systems used. “There’s no one federal election system,” Johnson said. “There are some 9,000 jurisdictions across this country that are involved in the election process.”
FBI spokeswoman Jillian Stickels declined to comment on the alert.
“In furtherance of public-private partnerships, the FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations,” she said in an e-mail. “This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”