Overview

Voter registration databases (VRDB) are rich targets and may be an attractive target for computer intrusions. This problem is not unique to individual states—it is shared across the nation. The keys to good cybersecurity are awareness and constant vigilance.

What are the threats that may place voter data at risk?

Malicious actors may use a variety of methods to interfere with voter registration websites and databases. Some methods of attack are listed below and provide guidance that is applicable to VRDBs and many other computer networks.

Phishing attempts are forged emails, texts, and other messages used to manipulate users into clicking on malicious links or downloading malicious file attachments. Phishing attacks can lead to credential theft (e.g., passwords) or may act as an entry point for threat actors to spread malware throughout an organization, steal voter information, or disrupt voting operations. For guidance to defend against phishing, see the United States Computer Emergency Readiness Team (US-CERT) Tip on Avoiding Social Engineering and Phishing Attacks.
Injection Flaws are broad web application attack technique that attempts to send commands to a browser, database, or other system, allowing for a regular user to control behavior. The most common example is Structured Query Language (SQL) injection, which subverts the relationship between a webpage and its supporting database, typically to obtain information contained inside the voter registration database. Another form is Command Injection, where an untrusted user is able to send commands to an operating systems supporting a web application or database. See US-CERT’s Publication on SQL Injection for more information.
Cross-site scripting (XSS) vulnerabilities allow threat actors to insert and execute unauthorized code in web applications. Successful XSS attacks on voter registration websites can provide the attacker unauthorized access to voter information. For prevention and mitigation strategies against XSS, see US-CERT’s Alert on Compromised Web Servers and Web Shells.
Denial-of-service (DoS) attacks prevent legitimate users from accessing information or services. A DoS attack can make a voter registration website unavailable or deny access to voter registration data. Contact your Internet service provider (ISP) to discuss ways they can help block DoS attacks targeting your organization. For more information on DoS, see US-CERT’s Tip on Understanding Denial-of-Service Attacks.
Server vulnerabilities may be exploited to allow unauthorized access to sensitive information. An attack against a poorly configured server running a voter registration website may allow an adversary access to critical information and to the supporting voter registration database itself. See US-CERT’s Tip on Website Security for additional information.
Ransomware is a type of malicious software that infects a computer system and restricts users’ access to system resources or data until a ransom is paid to unlock it. Affected organizations are discouraged from paying the ransom, as this does not guarantee access will be restored to a compromised VRDB. For more information on ransomware, see US-CERT’s Publication on Ransomware.