Chicago Board of Election Website Catastrophic Security Breach

More than 1.7 Million Registered Voters Have Personal Information Disclosed

Forensicon just uncovered and reported a massive security breach at the Chicago Board of Election’s website http://www.chicagoelections.com. The last time this happened was back in 2006 when past and present Chairman of the Board of Elections ordered a computer forensics audit, yet here we are again with another major breach of voters’ personal information.

The security breach was discovered when Cyber Security and Computer Forensics firm, Forensicon’s President, Lee Neubecker, was attempting to access the Chicago Board of Elections website http://www.chicagoelections.com.

“I wanted to compare voting patterns between Cleveland, Ohio’s Ward 5 that reported 99% voting rates for President Obama in certain precincts. When I visited the Chicago Board of Election’s website, http://www.chicagoelections.com, to compare election returns of demographically similar wards and precincts in Chicago, I discovered the site would not load. I then tried browsing ftp.chicagoelections.com. The ftp port on chicagoelections.com did not require any authentication, but revealed the voter registration database username and password, among countless other data that should not be accessible to the public. A treasure trove of sensitive voter information such as driver’s license numbers, cell phone numbers, emails, dates of birth and more was revealed,” reported Neubecker.

Forensicon analysts have begun to review some of the compromised data in an attempt to quantify the scope of the information breached and inform the public. One unencrypted spreadsheet alone “fulldump.xls” last modified 11/6/2012 7:10AM contained sensitive information relating to over 1,200 individuals, including names, addresses, full driver’s license numbers, and the last 4 digits of their social security number. This is a massive security breach totaling approximately 5 Gigabytes of website code, registered voter information, election judge information, and much more.

[Updates:]

11/16 1:26 pm – Forensicon has transferred all of the data captured from the publicly available site to the Federal Bureau of Investigation.

11/13 3:33 pm – The site ftp.chicagoelections.com/ is no longer accessible after Forensicon notified local government officials and law enforcement of the breach. However, the site www.chicagoelections.com is still active.

Tags: , , , ,

    Related Posts

  • Hackers for a “Cause”? - In what seems like the most recent form of cyber-attacks by online terrorists, the most recent string of attacks has been hackers stealing credit card information using a charity website. MyCause, the Australian online donation site, reported early this month that it had recently been hit hard as online hackers had potentially jeopardized the credit[...Read More]
  • CIA Admits Spying on Senate Panel - Late summer an internal CIA inspector general admitted that certain officers spied on members of the Senate Intelligence Committee, deleted information from their computers, and knowingly referred false information to the U.S. Department of Justice for the prosecution of Senate staffers. The spying came after reports of Senate committee Democrats working on a report about[...Read More]
  • Mac OSX GPS Photo Forensics Tutorial - Forensicon Tutorial and Walkthrough Extracting GPS metadata from Mac OSX Terminal Command Line using MDLS command Forensicon’s President, Lee Neubecker provides an overview of how anyone can use the Macintosh OSX terminal native command line to extract embedded metadata contained within photos or videos.   The “mdls” command extracts the following fields from photos where such[...Read More]
  • Yaniv Schiff Promoted to Director of Digital Forensics - CHICAGO, Nov. 11, 2014 /PRNewswire/ — Forensicon, Inc., a Chicago-based digital forensics and eDiscovery firm, is pleased to announce the promotion of Yaniv Schiff from Senior Computer Forensics Examiner to Director of Digital Forensics. In Schiff’s new role as Director, he will lead company efforts to build out the team of digital forensics examiners and provide[...Read More]
  • Chicago Election Judges Received Misinformation Calls - How could this have happened? The media has been reporting instances of Republican election judges receiving telephone calls misinforming them that their service was not needed on election day or that further training in remote far away places was required in order to participate as an election judge in Cook County Illinois. The Chicago Cook[...Read More]

Trackbacks/Pingbacks

  1. FTP Breach | Unsecured FTP Site Unveils Personal Information Of More Than 1.7 Million Chicago Voters - November 29th, 2012

    […] FTP Site Unveils Personal Information Of More Than 1.7 Million Chicago VotersSecurity firm Forensicon stumbled across a wide open ftp site at the Chicago Board of Election last week. When […]

  2. Chicago Election Judges Received Misinformation Calls - Forensicon - November 6th, 2014

    […] in 2012, Forensicon’s President identified a security lapse of the chicagoelections.com website used by….  This was not the first time something like this […]

Leave a Reply