The Ohio Secretary of State’s office was the subject of a thwarted foreign cyber attack on Election Day.
Ohio Secretary of State Frank LaRose said Tuesday that the so-called “SQL injection” attack was detected by the state’s internal systems. The attack was attempting to insert malicious code into his office’s website.
The attempted hack originated in Panama and was traced to a Russian-owned company, he said, but was “relatively unsophisticated.”
“Some of these unsophisticated attacks are ways that they probe for vulnerabilities. They are poking around for soft spots,” LaRose said, noting that the cyber attack was looking for vulnerabilities in his office’s website.
Similar attacks are designed to disrupt and undermine the credibility of elections, LaRose said, but they cannot affect the state’s election results. Neither the elections machines used around Ohio nor the ballot counters are ever connected to the Internet.
LaRose credited the state’s “Albert” intrusion system, a digital burglar alarm, for alerting it to the attempted attack.
“The good guys won that day and the bad guys lost,” he said.
Ohio’s 88 county boards of elections must adopt similar software provided by the state as part of a 34-point election security checklist LaRose required under a directive issued earlier this year.
A new bill recently signed into law also will allow him to hire a chief information security officer to oversee protection of information services and create the Ohio Cyber Reserve, a volunteer force of technology professionals who will respond to incidents with a goal of restoring systems as quickly as possible.
The cyber reserve will operate under the Ohio National Guard and is recruiting members.