Cyber Incident Victim: State of Alaska Government
Date:
Nov 2016
Location:
United States of America
Summary
A hacker gained unauthorized access to the server hosting Alaska's public elections website by exploiting a vulnerability patched around that time, though officials confirmed no damage occurred. The intruder, identified as CyberZeist, obtained partial administrator access but was unable to alter public content or compromise voter data due to network restrictions limiting outgoing connections. Election results remained unaffected, with state officials attributing the breach to inadequate automatic updates rather than malicious intent. Federal authorities and cybersecurity experts commended the state's layered defenses, noting the system's resilience prevented operational impact. The incident was not publicly disclosed initially to avoid undermining confidence in electoral integrity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In November 2016, a hacker operating under the alias CyberZeist gained unauthorized access to the server hosting Alaska’s public elections website by exploiting a vulnerability in PHP software that had been patched by developers in October of that year. The breach drew the attention of federal law enforcement agencies, though Alaska election officials did not publicly disclose the incident at the time. According to documents released by Governor Bill Walker’s administration in 2018, the hacker obtained administrator-level access to the server but was unable to alter any public-facing content or election-related data. CyberZeist published screenshots demonstrating the unauthorized access, but state officials confirmed the attacker could not manipulate information due to security protocols restricting the server’s outgoing connections to only one other state server. This architectural limitation contained potential damage by preventing lateral movement within the network. Alaska Division of Elections Director Josie Bahnke emphasized that no voter registration data, ballot counts, or election results were compromised during the intrusion.
State officials attributed the breach to inadequate automatic update mechanisms rather than deliberate malicious activity, noting the PHP vulnerability had been addressed prior to the attack but the patch was not properly implemented. Cybersecurity experts, including Joseph Lorenzo Hall, assessed that while the incident demonstrated vulnerabilities, Alaska’s layered defenses prevented operational impact. A subsequent security review gave the elections division a 'B' grade, acknowledging robust protections for critical systems despite the web server intrusion. Federal authorities commended the state’s containment response and resilient infrastructure design. Officials opted against publicizing the breach in 2016 to avoid undermining confidence in electoral integrity, a decision aligned with their assessment that no material harm occurred to election processes or outcomes. The incident remained undisclosed until 2018 when records were released following a public information request by the Anchorage Daily News.