AOH :: ISN-3177.HTM

Chicago Voter Database Hacked

Chicago Voter Database Hacked
Chicago Voter Database Hacked 

ABC News
Oct. 23, 2006

Oct. 23, 2006 - As if there weren't enough concerns about the integrity 
of the vote, a non-partisan civic organization today claimed it had 
hacked into the voter database for the 1.35 million voters in the city 
of Chicago.

Bob Wilson, an official with the Illinois Ballot Integrity Project -- 
which bills itself as a not-for-profit civic organization dedicated to 
the correction of election system deficiencies -- tells ABC News that 
last week his organization hacked the database, which contains detailed 
information about hundreds of thousands of Chicago voters, including 
their Social Security numbers, and dates of birth.

"It was a serious identity theft problem, but also a problem that could 
potentially create problems with the election," Wilson said.

A nefarious hacker could have changed every voter's status from active 
to inactive, which would have prevented them from voting, he said.

"Or we could've changed the information on what precinct you were in or 
what polling place you were supposed to go to," he said. "So there were 
ways that we could potentially change the entire online data base and 
disenfranchise voters throughout the entire city of Chicago."

"If we'd wanted to, we could've wiped the entire database out," Wilson 

Tom Leach, a spokesman for the Chicago Election Board, tells ABC News 
that the problem seems to have arisen because the city's database 
allowing voters to locate their voting precinct once asked voters for 
detailed information such as Social Security numbers.

Approximately six years ago, Leach said, when the website was updated -- 
requiring only name and address -- city computer experts "never cut the 
links to the Social Security numbers and the dates of birth."

Leach said he doubted the Illinois Ballot Integrity Project could have 
disenfranchised voters or wiped out the database, but he and the 
Election Board were very concerned and had taken steps to remedy 
whatever problems exist, including bringing in an outside computer 
forensic expert to verify that the database is secure and to ensure no 
one had already hacked the database.

"We're also making arrangements to remove the Social Security numbers," 
he added, and the Election Board was also alerting law enforcement to 
the problem as pointed out to them.

"Even though they could hack into the Web site, they couldn't hack into 
the voter file," Leach said. "The Web site feeds into a copy file, not 
the actual original file."

Leach said the issue had absolutely nothing to do with the city's 
electronic voting machines, which are manufactured by Sequoia Voting 

But Wilson counters that this is just one hole in a system that may be 
full of them.

"This is a part of the entire electronic voting program that we're 
depending on -- computerized voter databases and electronic voting 
machines," Wilson said. "Any computer is subject to failure and security 
flaws and we have seen in electronic voting hundreds of news reports 
about dozens and dozens of jurisdictions where there are problems."

Copyright 2006 ABC News Internet Ventures

Visit the InfoSec News store! 

Site design & layout copyright © 1986-2015 CodeGods