The 2018 midterm elections are still months away, but the threat of Russian election interference looms. And now a new NBC report will do little to banish doubts that the US could be caught flat-footed in defending against possible foreign meddling.
NBC News’s Cynthia McFadden, William M. Arkin, Kevin Monahan, and Ken Dilanian report that US intelligence officials found that Russian hackers “compromised” state websites or voter registration databases in seven states ahead of the 2016 elections, and that federal intelligence officials didn’t inform state election officials.
Federal officials reportedly concluded by January 2017 that Russians probed election infrastructure in Illinois, Texas, Alaska, Arizona, California, Florida, and Wisconsin.
Federal and state officials say they have no evidence to suggest that these Russian intrusions into voter databases or systems changed or altered the outcome of any votes.
But the alleged intrusions are a troubling sign that, without proper defenses, bad actors won’t be deterred from trying again in 2018 or beyond.
What’s new — and not so new — in this NBC report
Seven states’ voter registration systems or websites were allegedly “compromised in a variety” of ways, with varying degrees of seriousness. NBC News says that, based on intelligence documents, officials define “compromised” as “actual ‘entry’ into election websites, voter registration systems and voter look-up systems.”
Russia’s attempts to penetrate voter systems ahead of the 2016 election have previously been documented. A June 2017 Intercept report based on a leaked National Security Agency classified document (remember Reality Winner?) detailed Russians’ gambit to hack a private vendor that supplied voter registration software, and try to obtain information from more than 100 US local election officials.
Additionally, the Department of Homeland Security officials confirmed in a June 2017 Senate intelligence hearing that at least 21 states were targeted and hackers had probed their registration systems. Only Illinois election officials testified to a breach — “a malicious cyber-attack of unknown origin” against the Illinois voter registration system that allowed hackers to access 90,000 voter registration records.
Officials with the Department of Homeland Security didn’t elaborate on the other targeted states. Sam Liles, then-acting director of the Cyber Division of the DHS, testified that Russians were testing systems’ vulnerability — which he compared to “someone walking down the street to see if you are home.”
At the same time, Liles conceded that ”a small number of networks were exploited — they made it through the door.” Then, as now, intelligence officials say none of the breaches affected the 2016 vote.
The NBC News report details intrusions in at least seven states where Russians didn’t just poke around but are said to have “made it through the door.”
Department of Homeland Security officials identified those states in January 2017, and in September 2017 notified those states — but, according to the states, only told them they were targeted, not that the Russians actually breached their system.
Now, here’s where it gets a bit confusing: Six of the seven states deny any breach took place, based on their own internal investigations. Which means there’s still disagreement over what actually happened in the lead-up to the 2016 election.
Or as NBC News puts it: “It’s a discrepancy that underscores how unprepared some experts think America is for the next wave of Russian interference that intelligence officials say is coming.”
The Department of Homeland Security says that it is working with states and localities to protect voting systems, but the timeline laid out by NBC News — and the discrepancies between the states and federal government — isn’t exactly reassuring as the 2018 midterm election approaches.
Again, federal and state officials do agree that vote tallies were unaffected and unchanged. But hackers likely aren’t trying to gain access to election infrastructure just for kicks, and the Russians (or other nefarious actors) could exploit those same vulnerabilities if the US doesn’t take adequate action.
To be clear, some states are embarking on significant protection measures. In Virginia, for example, officials are returning to paper ballots, which experts say is the one surefire way to verify the integrity of the vote.
But questions remain as to whether the Trump administration is doing enough to deter or retaliate against Russia’s well-documented attempts to meddle and sow distrust in US elections. The Kremlin has waged a successful propaganda campaign, in addition to using cyberattacks to infiltrate US voting systems.
Adm. Mike Rogers, head of US Cyber Command and the National Security Agency, told lawmakers on Tuesday that America is “taking steps, but we’re probably not doing enough,” adding “they haven’t paid a price at least that’s sufficient to get them to change their behavior.”