Cyber Incident Victim: Ohio Secretary of State
Date:
Nov 2019
Location:
United States of America
Summary
A cyber attack targeting Ohio's election infrastructure was thwarted during Election Day, involving a SQL injection attempt to insert malicious code into the state's election office website. The unsophisticated attack, detected by Ohio's Albert intrusion detection system, originated from Panama but was traced to a Russian-owned company. Officials characterized the incident as a probe seeking vulnerabilities to potentially disrupt electoral processes and undermine public confidence, though it posed no risk to election results due to voting systems being isolated from online exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 5, 2019, Ohio’s election infrastructure experienced a cyber attack targeting the website of the Ohio Secretary of State’s office during Election Day operations. The attack was identified by the state’s internal monitoring systems, specifically the Albert intrusion detection platform, which flagged the malicious activity in real time. Secretary of State Frank LaRose characterized the incident as a “relatively unsophisticated” SQL injection attempt aimed at inserting harmful code into the office’s web infrastructure. Attackers sought to exploit vulnerabilities in the website’s database layer, a common technique to manipulate or extract data. Initial geolocation data indicated the attack originated from Panama, but subsequent forensic analysis traced the activity to a company owned by Russian entities. LaRose emphasized the attack appeared designed to probe for weaknesses rather than execute a high-impact breach, noting such methods are often used to identify potential entry points for future exploitation.
The attempted intrusion did not compromise any voting systems or election results, as Ohio’s voting infrastructure remained physically isolated from online networks. LaRose confirmed the attack’s primary objective was to disrupt electoral processes and undermine public confidence in the election’s integrity, but it failed to affect vote tabulation or reporting mechanisms. No data exfiltration or system compromise occurred due to the defensive measures in place. The Secretary of State’s office publicly disclosed the incident on November 26, 2019, highlighting the effectiveness of the Albert system in detecting the threat. LaRose reiterated the resilience of Ohio’s election security protocols, noting the separation of critical voting infrastructure from internet-connected systems neutralized the attack’s potential impact. The event underscored ongoing threats to election infrastructure but demonstrated the state’s capacity to identify and neutralize intrusion attempts without operational disruption.