This post is meant to serve as a warning to other local campaigns, and too note that sites are being targeted. It seemed like a fluke when 7 accounts were noticed on https://fordelahanty.com with .ru email accounts. That .ru is reserved for Russian websites. We removed the accounts and added verbiage to the site that it was only intended for Louisville voters. Campaign servers already required two factor verification and server administrative resources are limited by IP address. This protected the server but individual sites appear to have been compromised. Steps had begun yesterday to further secure sites.
Louisville Election Site Hacked
The campaign’s election results site at https://louisvilleelection.com apparently was targeted and successfully infiltrated by unauthorized user(s) possibly from Belarus a former soviet republic. The unauthorized accessor added 10 users with full administration privileges and changed the passwords of legitimate users effectively taking control of the site. The site was likely compromised by a Brute Force Attack on the regular log in screen. The site is still out of the control of the campaign and will likely be shut down shortly. No voter data, campaign data was located on the site, it was intended to serve as an election results site which is why it was largely dormant.
Campaign/Voter Data Secure
Seandelahanty.com the campaign’s primary site was not compromised and steps have been taken to further secure it. Users may notice service interruption during the day as further measures are taken. The site already utilizes security services provided by Cloudflare preventing DOS attacks. Cloudflare offers this protection for free to most customers. The campaign’s other site at seandelahanty.org was also not penetrated and still secure.
This appears NOT to be isolated. A quick Google search shows scores of election related sites being compromised. Other campaigns are encouraged to take steps to prevent unauthorized access.