Hackers Used Outside Vendor to Access State Voter Info, Sources Say
Government systems haven't been the only source for voter-related information.
-- Foreign hackers were able to gain access to voter-related information in four states by targeting not only government systems, but also by breaking into computers associated with private contractors hired to handle voter information, ABC News has learned.
As ABC News first reported Thursday, hackers have recently tried to infiltrate voter registration systems in nearly half of the states across the country –- a significantly larger cyber-assault than U.S. officials have been willing to concede.
And while officials have publicly admitted Illinois and Arizona had their systems compromised, officials have yet to acknowledge that information related to at least two other states' voters has also been exposed.
Hackers working on behalf of the Russian government are suspected in the onslaught against election-related systems, according to sources with knowledge of the matter.
Testifying before the House Judiciary Committee on Wednesday, FBI Director James Comey said his agents are trying to figure out "just what mischief is Russia up to in connection with our election."
Sources told ABC News that –- beyond the Illinois and Arizona incidents disclosed in August -– information on voters in Florida was also recently compromised by hackers. ABC News could not determine the fourth state whose voters had some of their information exposed.
The voter information was exposed after cyber-operatives gained entry to at least one computer associated with a private company hired to administer voter information, the sources said.
A simple "phishing" scheme –- with a malicious link or attachment sent in an email –- is likely how it all started, one source said.
"The attack was successful only in the sense that they gained access to the database, but they didn't manipulate any of the voter [information] in the database," the source said.
The appropriate congressional committees have been briefed on the matter. And on Friday, the FBI and Department of Homeland Security hosted a conference call with Florida state officials "to address questions regarding the security of election systems and to share information regarding the general nature of the cyber threat," the FBI said in a statement, without offering any more specifics.
A spokeswoman for the Florida Department of State said her state’s voter registration system "is secure."
"We currently have no indication of a Florida-specific issue" nor "any indication of phishing attempts that have allowed unauthorized access" to the state system, spokeswoman Meredith Beatrice said.
"As is the case with most email accounts ... of course the Florida Department of State encounters phishing attempts and spam emails," but those intrusion attempts are "anticipated" and the state "has in place many safeguards to prevent phishing attempts from being successful," Beatrice added.
Speaking before lawmakers this week, Comey and other U.S. officials emphasized that voter registration databases -— not the voting system itself — are being targeted by hackers. And due to the voting system's "clunky" and decentralized arrangement, it would be nearly impossible for a cyberattack to change the outcome of the 2016 elections, the officials said.
Nevertheless, federal and state authorities "must remain vigilant and continue to address these challenges head on," Homeland Security Secretary Jeh Johnson said in a statement today. "Before November 8, I urge state and local election officials to seek our cybersecurity assistance."
Twenty-one states have already sought assistance from the department, and, "We hope to see more," Johnson said.
For months, the FBI has been investigating what appear to be coordinated cyberattacks on political organizations -- the most damaging so far being the hack of the Democratic National Committee.
The first known compromise of a state election-related system occurred in late June, when hackers identified a security gap in the Illinois Board of Election's website and exploited it to steal voter registration information.
Then in August, hackers used the same vulnerability to access what one state official called "the outer system" of Arizona's voter registration system.
While Arizona officials found no evidence that information was manipulated or stolen, they still don't know whether voter-related information was examined or otherwise exposed, according to a spokesman for the Arizona secretary of state.
"The prospect of a hostile government actively seeking to undermine our free and fair elections represents one of the gravest threats to our democracy since the Cold War," Senate Minority Leader Harry Reid, D-Nev., wrote in a recent letter to Comey.