In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
The Illinois State Board of Elections online voter registration has been hacked.
“The attackers took advantage of a programming flaw in the website’s database,” The Hill explains. The attack, known as a ‘SQL injection,’ occurs in databases using the SQL programming language.”
Unless properly configured, SQL databases can be tricked into running commands entered by any website visitor.
The attack on the statewide Illinois Voter Registration System occurred July 12, and the system was shut off July 13 as a precaution once the board realized the severity of the attack.
The registration database is a frequent target of cyberattacks, said Ken Menzel, the board’s general counsel, but “this is the first time that we’re aware of that anybody’s gotten into anything – not for lack of trying.”
A statement from Kyle Thomas, director of the board’s voting and registration systems division, says the board believes the attack was the work of foreign hackers.
Board officials are in the process of determining the number of records exposed and the names of all the individuals affected.
Officials have no evidence the attackers added, changed or deleted any information in the database. Efforts to extract voter signature images and voter histories were not successful.
Incident cleanup has caused online voting outages for about a week.
The correspondence of a programmer for a top-tier ISIS web forum has been compromised.
On July 17, an independent researcher known as “Switched” tweeted content from a data dump that allegedly contained messages belonging to Abu Alaaina Khorasani, who is an administrator of the “Shumukh al Islam” website. Shumukh al Islam, or “Glory of Islam,” regularly hosts official ISIS propaganda.
The hacker apparently broke into the account to prove …