DERELICTION OF DUTY
ON JULY 12, 2016, Matthew Emmons, an IT technician, was settling into a quiet workday when a colleague approached his cubicle in the Springfield strip-mall office of the Illinois State Board of Elections. Servers holding the personal information of more than 7.5 million voters had ground to a halt, and there was something he had to see.
Within minutes, a handful of techs had anxiously gathered around a monitor showing the registration database servers hitting total capacity. “We knew we were under attack,” Emmons, now the IT director, recalls. “These are very powerful servers, and it had locked those things up.”
Emmons and his colleagues took the servers offline and started to investigate. What they discovered was mysterious and terrifying. The site’s online voter database had been overloaded by repeated queries. At peak, five requests arrived every second, and though now blocked by a new firewall, they continued to bombard the site for a month. These queries, known as SQL (pronounced “sequel”) injections, are among the most common types of computer attacks, allowing the hacker to send commands to a database to extract, modify, or erase what’s inside.
But what shocked the techs most was when the attack had begun. Activity logs showed that whoever had penetrated the database had been snooping inside for almost three weeks, learning about the system’s structure, figuring out what they could and could not do, and pilfering personal information on half a million voters. If the attackers hadn’t overloaded the servers, Emmons and his colleagues might have never known they were there.
Only later would the Illinois team officially learn, from a Senate hearing nearly a year after the incident, that they’d suffered the first known shot in a Russian campaign that would target every state. “It was a little scary, knowing that it’s a nation,” Emmons says. “This is a part of running elections in the United States now.”
To this day, it’s unclear why, after weeks of quietly poking around, the intruders shut down the servers with a blast of queries. Were they hoping to draw attention and trigger public panic? Or did someone sitting behind a keyboard in Moscow or Minsk botch a more sophisticated project?
“I have to be a little careful because of how we were briefed on that,” says Rep.
You’re reading a preview, subscribe to read more.
Start your free 30 days