The Russian government attempted to intrude into election systems in all 50 states starting in 2014, an effort one official likened to a thief casing a parking lot.
The Senate Select Committee on Intelligence released today a partially redacted bipartisan report describing Russian election interference efforts leading up to the 2016 presidential election and into 2017, although there is no evidence votes were changed.
The report also discussed the flaws in the response by federal and state officials, while offering recommendations for preventing such intrusions in the 2020 election and beyond.
The Senate Intelligence Committee concluded that “Russian government-affiliated cyber actors conducted an unprecedented level of activity against state election infrastructure in the run-up to the 2016” but found “no evidence” that vote tallies were altered or that voter registry files were deleted or modified, though the committee said that the intelligence community’s insight into that is limited.
The committee said one official made the car thief analogy, saying that the car thief “didn’t go in, but we don’t know why.”
The report determined Russia’s cyber efforts to penetrate and scan U.S. election infrastructure were led largely by Russian military intelligence, known as the GRU, which is the same group that special counsel Robert Mueller determined hacked the Democratic National Committee’s email systems and provided those purloined emails to Wikileaks for dissemination.
The report said that the intelligence community’s “confidence level” about the attribution of the attacks “evolved over 2017 and into 2018.”
The report stated that “the U.S. intelligence apparatus is, by design, foreign-facing” and admitted that there are “limited domestic cybersecurity authorities except where the FBI and DHS can work with state and local partners,” which is why the U.S. election systems were so vulnerable to intrusion.
“State election officials, who have primacy in running elections, were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor,” today’s report read.
Michael Daniel, the former assistant to the president and cybersecurity coordinator for the National Security Council, “personally concluded” by late August 2016 that the Russians had attempted intrusions in all 50 states. The report says that “intelligence developed later in 2018 bolstered Mr. Daniel’s assessment.”
The committee says it reached out to the 21 states that DHS “first identified as targets of scanning activity” to learn about their experiences, though the committee believes that all 50 states were likely hit with Russian intrusions in one way or another.
The report states that the first evidence of Russia scanning state election systems in the U.S. was uncovered in 2016, when Illinois “discovered anomalous network activity, specifically a large increase in outbound data, on a Illinois Board of Elections voter registry website” in mid-July 2016. The FBI then started its investigation, and in mid-August 2016, alerted state technical-level experts of a set of suspicious IP addresses that had been identified from the attack on Illinois’ voter registration databases.
The report stated that these alerts provided IT professionals with malicious IP addresses to investigate but “provided no clear reason for states to take this threat more seriously than any other alert received.”
Many of the results of the investigation, the committee says, were provided through voluntary self-reporting by the states contacted.
Among the interesting tidbits in the report is that, in at least one state, Russia’s alleged cyber intrusion efforts made use of IP addresses based in the U.S., the Netherlands, and Poland. That state’s IT contractor attributed the cyberattack to Russia and suggested that the activity was “reminiscent of other attacks where attackers distract with lots of noise and then ‘sneak in the back.’”
Neither DHS nor the Senate Intelligence Committee was able to figure out a pattern related to which states were targeted, which the report said “lends credence to DHS’s later assessment that all 50 states probably were scanned.” The report said that DHS told the committee that “there wasn’t a clear red state-blue state-purple state, more electoral votes, less electoral votes” pattern to the attacks.
“DHS acknowledged that the U.S. Government does not have perfect insight, and it is possible the intelligence community missed some activity or that slates did not notice intrusion attempts or report them,” the Senate report states.
The committee said that Russia’s malign influence efforts should result in “renewed attention to vulnerabilities in U.S. voting infrastructure” and that the U.S. “must create effective deterrence” to prevent this from happening again in 2020 and beyond.
And the committee warned states against online voting because while it makes voting easy for members of the military, especially while deployed, “no system of online voting has yet established itself as secure.”
In its news release, the Senate Intelligence Committee said that its investigation’s conclusions were based upon more than 15 open hearings, more than 200 witness interviews, and nearly 400,000 documents.
