Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.
As ominous as that sounds, the hacking represented attempts to alter or delete voter information, not successful executions.
Using evidence from the Illinois computer banks, federal agents were able to develop digital “signatures” — among them, Internet Protocol addresses used by the attackers — to spot the hackers at work. The signatures were then sent through Homeland Security alerts and other means to every state. Thirty-seven states reported finding traces of the hackers in various systems, according to one of the people familiar with the probe. In two others — Florida and California — those traces were found in systems run by a private contractor managing critical election systems.
In Illinois, investigators also found evidence that the hackers tried but failed to alter or delete some information in the database, an attempt that wasn’t previously reported. That suggested more than a mere spying mission and potentially a test run for a disruptive attack, according to the people familiar with the continuing U.S. counterintelligence inquiry.
In March, the National Association of Secretaries of State offered an assessment with no wiggle room: “The voting process was not hacked or subject to manipulation in any way. No credible evidence of hacking, including attempted hacking of voting machines or vote counting, was ever presented or discovered in any state, including during recount efforts that took place after the election.” They also noted that the news coverage of Russian hacking attempts was being heavily driven by speculation and conspiracy-mongering — stirring up fears that were unfounded:
U.S. intelligence agencies have confirmed that Russian-based “cyber scanning or probing activities” were discovered against state voter registration systems, but this targeting does not equate to gaining access or actual breaches. Claims that twenty or more states experienced Russian-led hacks or intrusions into their election systems are false and inaccurate. Furthermore, while it is theoretically possible to disrupt an election via networked systems, compromising voter registration systems would not affect election results. Election registration databases are not linked to vote counting.
Earlier this month, Denise Merrill, Connecticut secretary of state, told the Daily Caller that the Obama administration gave states no reason to expect a foreign cyber-intrusion effort like this: “And over-and-over again, they did say there was no credible threat that they had found. And they said that right through the election, and the next administration reiterated that. Over and over again when we asked, we were told there was no actual threat that they knew of,” Merrill said. Asked if there were any private briefings for state election officials on possible Russian interference prior to the November 2016 voting, Merrill said, “No. We were not briefed on any of that. We were not told in advance.”