Chicago Board of Election Website Catastrophic Security Breach

More than 1.7 Million Registered Voters Have Personal Information Disclosed

Forensicon just uncovered and reported a massive security breach at the Chicago Board of Election’s website http://www.chicagoelections.com. The last time this happened was back in 2006 when past and present Chairman of the Board of Elections ordered a computer forensics audit, yet here we are again with another major breach of voters’ personal information.

The security breach was discovered when Cyber Security and Computer Forensics firm, Forensicon’s President, Lee Neubecker, was attempting to access the Chicago Board of Elections website http://www.chicagoelections.com.

“I wanted to compare voting patterns between Cleveland, Ohio’s Ward 5 that reported 99% voting rates for President Obama in certain precincts. When I visited the Chicago Board of Election’s website, http://www.chicagoelections.com, to compare election returns of demographically similar wards and precincts in Chicago, I discovered the site would not load. I then tried browsing ftp.chicagoelections.com. The ftp port on chicagoelections.com did not require any authentication, but revealed the voter registration database username and password, among countless other data that should not be accessible to the public. A treasure trove of sensitive voter information such as driver’s license numbers, cell phone numbers, emails, dates of birth and more was revealed,” reported Neubecker.

Forensicon analysts have begun to review some of the compromised data in an attempt to quantify the scope of the information breached and inform the public. One unencrypted spreadsheet alone “fulldump.xls” last modified 11/6/2012 7:10AM contained sensitive information relating to over 1,200 individuals, including names, addresses, full driver’s license numbers, and the last 4 digits of their social security number. This is a massive security breach totaling approximately 5 Gigabytes of website code, registered voter information, election judge information, and much more.

[Updates:]

11/16 1:26 pm – Forensicon has transferred all of the data captured from the publicly available site to the Federal Bureau of Investigation.

11/13 3:33 pm – The site ftp.chicagoelections.com/ is no longer accessible after Forensicon notified local government officials and law enforcement of the breach. However, the site www.chicagoelections.com is still active.

Tags: , , , ,

    Related Posts

  • Staff Recognized for Departing Employee Investigations - The first issue of Corporate Counsel Business Journal, CCBJ,  includes an interview with our Director of Digital Forensics, Yaniv Schiff, and Solutions Architect, Curtis Collette, on the evolution of departing employee investigations. Departing Employee: When Do Investigations Become Necessary? appeared in the print publication, online edition, and on CCBJ’s In-House Tech website. For Increasing Numbers of Employers, Departing Employee Investigations[...Read More]
  • Chicago Office Food Drive – The Results Are In - QDiscovery’s Chicago Office collected nearly 1,000 containers of food for the local food bank this Holiday Season!  Our office competed with sister offices in Indiana and Connecticut.  Alas, we came in third.  Our sister offices each collected nearly 2,000 containers for their local food banks.  Relatively new to the company-wide food drive, the Forensics Division[...Read More]
  • QDiscovery QMobile App Wins Innovation Award - QDiscovery’s QMobile is winner of a 2017 Relativity Innovation Award.  Presented at Relativity Fest, the Innovation Award celebrates organizations that create apps or integrations that extend the functionality of Relativity’s eDiscovery software.   Our development team created an application that makes the analysis of mobile collections much more manageable.  Relativity users can now produce and review mobile[...Read More]
  • Moving and Changing - Acquired by Connecticut-based QDiscovery in 2016, Forensicon’s capabilities multiplied overnight, both in forensics brain power and eDiscovery expertise.  As part of a leading provider of end to end litigation support, moving to larger offices that are more central to the Chicago legal community was inevitable.
  • QDiscovery Named One of the Top 20 Providers of Legal Services! - Leading industry publication, CIO Magazine, has named Forensicon’s parent company, QDiscovery, to it’s  Top 20 Providers of Legal Services.  The annual listing includes 20 companies that are at the forefront of providing legal solutions and impacting the marketplace.  Read the whole article here.  Featured in the publication alongside QDiscovery President, Dave Barrett, is Director of Digital Forensics, Yaniv[...Read More]

Trackbacks/Pingbacks

  1. FTP Breach | Unsecured FTP Site Unveils Personal Information Of More Than 1.7 Million Chicago Voters - November 29th, 2012

    […] FTP Site Unveils Personal Information Of More Than 1.7 Million Chicago VotersSecurity firm Forensicon stumbled across a wide open ftp site at the Chicago Board of Election last week. When […]

  2. Chicago Election Judges Received Misinformation Calls - Forensicon - November 6th, 2014

    […] in 2012, Forensicon’s President identified a security lapse of the chicagoelections.com website used by….  This was not the first time something like this […]

Leave a Reply