Arizona Cybersecurity Incident the Latest in a Growing List of Attempts

In a positive turn in their investigation of the latest attempt to hack a state computer system, Arizona officials said Russian hackers weren't behind the incident.

by / January 13, 2017

Russian hackers may have conducted cyberattacks against the nation’s two main political parties, influenced the outcome of the U.S. presidential election and hacked a voter registration system in Arizona, but contrary to what they said earlier this week, Arizona officials now believe a recent password-reset email sent to lawmakers and staffers could have been malware — not another Russian breach.

That could be good news for Arizona officials, TV viewers jarred on Thursday by a 10-minute replacement of C-SPAN coverage with state-run Russian TV network footage, and anyone stirred by the recent revelation of an unverified but salacious file on President-elect Donald Trump’s ties to Russia.

But it’s far from the only recent example of unauthorized attempts to gain access to official computers and networks, amid serious concerns about their security.

In Arizona, as reported by The Arizona Republic, the state shuttered outside access to its payroll and human resources system over the Jan. 7 weekend after about 100 officials and employees received a password-reset email. When some clicked on a link provided, a window with Russian writing opened.

State Chief Information Security Officer Mike Lettman emailed legislative staffers on the evening of Jan. 6 letting them know anyone who clicked the link or changed their password had had their login and password compromised — and that doing so could have compromised their desktop or laptop.

But on Monday, Jan. 9, Megan Rose, spokeswoman for the Arizona Department of Administration, told the newspaper a phishing attack had been ruled out, the payroll system hadn’t been tampered with and the emails could have been legitimate.

The department has been analyzing PCs to determine whether malware could have prompted them to change browser language settings.

The incident came roughly seven months after the FBI alerted Arizona officials in June that Russian hackers had targeted the state’s voter registration system. As The Washington Post reported, the FBI considered the threat “credible and significant,” an eight on a scale of one to 10, and as a result the Arizona secretary of state closed the system for almost a week.

The hackers, it later became clear, hadn’t actually compromised any voting system but had stolen the username and password of a Gila County election official.

Elsewhere during the past year:

•    Hacking, phishing and distributed denial of service attacks aside, Government Technology columnist and cybersecurity expert Dan Lohrmann concluded days before the Nov. 8 general election that the process would remain trustworthy. Among 10 reasons, Lohrmann pointed out that voting machines aren’t connected to the Internet; most have a paper ballot backup process; states were getting help from the U.S. Department of Homeland Security; and state governments, not the feds, count votes.

•    Amid nationwide concern over cyberattacks, Hawaiian election officials ramped up their vigilance in November. Hawaii’s Office of Elections reached out for guidance on additional security procedures to the Department of Homeland Security and the FBI, an elections official told The Honolulu Star-Advertiser.

•    Following massive DDoS attacks in September and October, Lohrmann noted manufacturers had already been warned that Internet of Things (IoT) devices should be secured. After attending Wisconsin Gov. Scott Walker’s fourth annual cybersecurity summit, he cited key points from the keynote address — among them that makers of IoT devices generally aren’t computer or security companies and don’t see security as their responsibility; and that few incentives currently exist to get IoT security right. “While I would prefer to see voluntary action taken by industry rather than new regulation, it appears that the voluntary approach is not working,” Lohrmann wrote in Government Technology.

•    In September, the 2016 Deloitte-National Association of State CIOs Cybersecurity Study arrived. Its executive summary found rising high-level state awareness, with governors increasingly likely to receive updates from their CIOs and CISOs, and that cybersecurity was becoming part of government’s operational fabric. But it warned of a need to rethink recruitment strategies to attract younger talent.

•    In late August, FBI Director James Comey told the Symantec Government Symposium how the bureau was increasing its efforts to identify and rebuff cyberattackers. He identified state-backed efforts as the highest level of cyberthreats, said the FBI has set up teams nationwide to combat the problem, and warned of the threat posed by encrypted devices.

•    With rising national concern over the security of votes about to be cast in the presidential election, McClatchy reporter David Goldstein highlighted sobering recent revelations on that front. Among them: Georgia uses older voting machines that don’t automatically produce a paper trail.

•    In June, information from up to 90,000 Illinois voters was hacked in a one-month cyberattack on the State Board of Elections that could have been foreign in origin. No files of registered voters were erased or modified and no voting histories or signatures were captured, the Chicago Tribune reported.

•    After this attack and the June attempt in Arizona, the FBI issued a “flash alert” to warn about malicious attempts to access states’ voter registration information.