SPRINGFIELD – Special counsel Robert Mueller’s recently released report on Russian interference in the 2016 election repeated what Illinois already knew: that it suffered the worst election data breach of any state in the country when Russian agents stole the personal information of more than 70,000 voters.
To the Illinois State Board of Elections, that is welcome news.
“I’m reassured, because there was nothing new in the report about what happened in 2016,” SBOE spokesman Matt Dietrich said. “I knew there was potential for Illinois to be mentioned, but I didn’t think there’d be any revelations about it.”
An indictment of 13 Russian operatives last summer was the first public mention of the SBOE website breach. A brief recount of the incident is on Page 50 of the Mueller report released with redactions last week. It details “intrusions” on the “administration of U.S. elections.” Russian hackers accessed voters’ names, addresses, birth dates and the last four digits of their Social Security numbers.
“In one instance in approximately June 2016, the GRU (Russian military intelligence) compromised the computer network of the Illinois State Board of Elections by exploiting a vulnerability in the SBOE’s website,” the Mueller report reads.
Although the summary of the hacking incident is unchanged from what was publicly known, the recap is followed by several lines of blacked-out redactions.
“That’s where we would have learned something new,” Dietrich said of the redactions. “We might have seen exactly how the FBI connected Russia with our data breach. But it’s still considered an open investigation, so the feds are not going to let the public know their techniques.”
Dietrich said that although the chief concern was identity theft, there has been nothing “out of the ordinary” reported to the elections board since the incident, suggesting nothing was done with the stolen data.
Neither have any local jurisdictions reported cybersecurity problems in the two election cycles since the breach.
Still, with the help of a $13.2 million grant from the federal government last year, the state has taken numerous measures to protect voter data.
Those included hiring nine “cyber navigators” to advise and assess the risk of county election offices and partnering with the Illinois National Guard to immediately send a cyber expert to any of the state’s 108 local election offices should an incident occur.
That partnership, which cost the SBOE just less than $30,000, expired after the 2018 elections, but Dietrich said the board is considering doing it again.
“The risk is going to be greater in 2020,” Dietrich said. “It’s a presidential election. There’s a lot more at stake, and there will be a higher turnout.”
According to the current state budget, at least half the $13.2 million grant, meanwhile, must be used to pay for the cyber navigator program and the cybersecurity enhancements those experts suggest.
Before last November, $2 million of that allotment was spent to reimburse jurisdictions that already paid for their own cybersecurity improvements.
“We don’t know why Illinois was targeted in 2016,” Dietrich said. “The suspicion is that they landed on us, and because they got in, that’s why they were successful.”