By David Thornton
Sources within the investigation reported that Russian cyberattacks hit at least 39 states. The hackers accessed software used by poll workers and at least one state’s voter database. The extent of the attacks raises concerns about the integrity of future elections since Russia has also been implicated in hacking other elections including the recent French presidential voting.
The recent revelations were made to Bloomberg Politics by three people with direct knowledge of the US investigation. The details released to Bloomberg come on the heels of the report leaked by Reality Winner, a contract employee of the NSA. The classified NSA report revealed that Russian hackers traced to the GRU, Russian military intelligence, had targeted US companies that provide software for voting machines.
The Bloomberg report states that the hackers tried to alter or delete voter registration data in Illinois in addition to the “spear phishing” attacks that compromised the emails at the Democratic National Committee and the Clinton campaign. Russian hackers were trying to take over the computers of 122 election officials shortly before the election.
The sources report that Illinois was considered “Patient Zero” for the investigation. The state gave federal investigators almost full access to its election computer systems. Unauthorized access to systems at the state board of elections was detected as early as July 2016 and as many as 90,000 voter records in the state database were compromised with personal information on voters such as names, Social Security numbers, driver’s licenses, birth dates and gender.
The sophistication and sheer number of the attacks prompted the Obama Administration to complain directly to the Kremlin via the hotline between Washington and Moscow. In October, the US reportedly used a back channel to provide evidence of Russian complicity to the Kremlin and threatened that continued hacking could lead to an expanded conflict. The hacking continued up to the election.
Russian President Vladimir Putin has denied any involvement by the Russian government in the cyberattacks. Earlier this month, Putin suggested that the hacking might have been carried out by “patriotic hackers” not connected to the Russian government.
During the election, the federal government did not have jurisdiction over state election systems. Some states cooperated with federal counterintelligence operations, but others did not. Jeh Johnson, Secretary of Homeland Security under President Obama, proposed in August 2016 that election systems be considered a critical national infrastructure, which would give the federal government more latitude in protecting state systems from cyberattacks. Ultimately, partisan disagreements meant that the designation was not made until January 2017.
There were hints of the Russian hacking revealed prior to the election, but Bloomberg reports that the Obama Administration kept the full scope of the attacks from the public. The government feared that the full truth would undermine public confidence in the election.
The claims of Russian hacking have become a source of amusement for many conservatives, but the recent revelations show the frightening extent of Russian interference in a core function of American democracy. So far there is no evidence that Russians were able to manipulate votes or voter rolls, but it was not for lack of trying.
And it probably isn’t over. Former FBI Director James Comey warned the Senate Intelligence Committee in his testimony, “They’re coming after America. They will be back.”