COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY
Evidence of scanning of state election systems first appeared in the summer prior to the 2016 election. In mid-July 2016, Illinois discovered anomalous network activity, specifically a large increase in outbound data, on a Illinois Board of Elections' voter registry website.[3] Working with Illinois, the FBI commenced an investigation.[4] [5] [6] The attack resulted in data exfiltration from the voter registration database.[7]
(U) On August 18, 2016, FBI issued an unclassified FLASH[8] to state technical-level experts on a set of suspect IP addresses identified from the attack on Illinois's voter registration databases.[9] [10] [11] The FLASH product did not attribute the attack to Russia or any other particular actor.[12]
- ↑ (U/ ) FBI Electronic Communication,
- ↑ FBI HLM,
- ↑ (U) DHS briefing for SSCI staff, March 5, 2018.
- ↑ (U) SSCI Transcript of the Open Hearing on Russian Interference in the 2016 U.S. Elections, held on Wednesday, June 21, 2017, p. 113.
- ↑ (U ) According to the United States Computer Emergency Readiness Team (US-CERT), an SQL injection is "an attack technique that attempts to subvert the relationship between a webpage and its supporting database, typically in order to trick the database into executing malicious code."
- ↑ (U) DHR IIR 4 0050006 17, An IP Address Targeted Multiple U.S. State Government's to Include Election Systems, October 4, 2016.
- ↑ (U ) DHS briefing for SSCI staff, March 5, 2018.
- ↑ (U) FBI FLASH alerts are notifications of potential cyber threats sent to local law enforcement and private industry so that administrators are able to guard their systems against the described threat. FLASHs marked TLP: AMBER are considered sharable with members of the recipients own organization and those with direct need to know.
- ↑ Number T-LD1004-TT, TLP-AMBER,
- ↑ (U) Ibid.
- ↑ (U) Ibid.
- ↑ R wned
6
COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY
