Published: Fri, August 18, 2017
Economy | By Annette Adams

1.8 million Chicago voter records exposed online

1.8 million Chicago voter records exposed online

A suppler of USA voting machines has confirmed a major data leak that has seen the details of more than 1.8 million voters in the state of IL exposed.

The incident is an example of the potential problems raised by an increasingly networked and connected voting system whose security systems have not necessarily kept up - especially at a time when Russian Federation is known to be probing US election systems. The authorities, in turn, notified ES&S, which promptly secured those files and shut down the AWS server Saturday evening. "If the breach in Chicago is an indicator of ES&S's security competence, it raises a lot of questions about their ability to keep both the voting systems they run and their own networks secure", she said.

"The backup files on the AWS server did not include any ballot information or vote totals and were not in any way connected to Chicago's voting or tabulation systems", ES&S said in a statement on Thursday.

"The expense for that is going to be borne by ES&S", Allen said, Chicago Tribute reports.

The latest incident comes amid growing concerns over cloud and digital security following multiple data leaks and exposures in recent months, often due to cloud configuration errors made by third-party vendors. Forensic experts are investigating the ES&S leak.

"As part of an effort to find unsecured files on Amazon Web Services (AWS) server platforms, a private researcher completed a download of the Election Systems & Software (ES&S) back - up files of voter data that were prepared for Chicago's electronic poll books and stored on the AWS platform", it said, as it rushed to explain that this does not have anything to do with voter fraud or election manipulation.

After UpGuard's director of Cyber Risk Research Chris Vickery analysed the data, local and IL state authorities were notified. AWS default settings are built to ensure that only authorized employees are able to access this data. He also added that the leaked information contained the administration credentials of the voting. Vickery said his firm was doing a routine research to see what information is publicly available on the Amazon cloud service. Perhaps most critically, the last four digits of the Social Security numbers of all 1.8 million people are also in the data set, a highly sensitive type of data often used as PIN codes or for verification purposes.

"The expense for that is going to be borne by ES&S", Allen said. "And until this happened, we had no idea that it even existed", he said. "System administrators leaving things open and exposed to the public internet is like a cancer on security".

Like this: