Hackers targeted state, local election systems across USA
Flurry of emails suggests widespread deception campaign
State and local election officials across the country reported numerous hacking alerts last year from suspicious emails sent to their systems, including at least eight Florida counties that received one tied to what U.S. intelligence officials say was a Russian effort to disrupt the presidential campaign.
While election officials contacted by the USA TODAY Network said there were no successful hacks into their voting systems or offices, some noted that suspicious activity directed through a Tallahassee-based election software company came amid a flurry of other threats routinely blocked by election offices.
Election offices regularly divert spam, phishing attempts and other suspicious emails into quarantine systems and may not know about specific hacking attempts unless notified, officials said.
But the details about specific efforts by suspected Russian hackers show just how far and wide those attempts stretched.
A National Security Agency report published by the website
The Intercept said Russian military intelligence executed a cyberattack on at least one U.S. supplier of voting software and sent deceptive emails to more than 100 local election officials in the days leading up to the No-- vember election.
The supplier, identified by the website as VR Systems of Tallahassee, contacted Florida counties it serves last year with guidance on what to do if they received the suspicious email from “vr.elections@gmail.com.” The notice came before the November election and after federal officials alerted election offices about the threat.
Most Florida counties use VR Systems software to manage voter information and rolls, not for voting machines or tabulation. But a breach of the systems could have disrupted elections by manipulating voter information used at local precincts, according to The Intercept report.
Sen. Mark Warner, D-Va., has called for declassifying the names and number of states affected by the Russian hacking attempt as a way to prevent such attempts in next year’s midterm elections.
States already monitor for suspicious activity in their computer systems, including election networks.
Wisconsin reported a spike in attempts to break into state computer systems just before the state’s primary and general elections last year, according to records obtained by the USA TODAY Network. It’s not clear, however, if any of those were tied to the Russian effort identified by U.S. intelligence.
Two days before the state’s presidential primary April 5, 2016, the reports show, state security analysts logged more than 150,000 alerts in a single day for attempts to find holes in state systems. Wisconsin has typically logged fewer than 60,000 of these alerts per day over the past two years.
Even more unusual, the number of alerts logged on a single November day spiked to more than 800,000 — a more than tenfold increase over the normal daily peak. It was the largest single-day spike in the past two years.
Wisconsin Gov. Scott Walker’s administration said the spikes in April 2016 and November were “spread across all of our servers,” including — but not limited to — election systems. It attributed the November spike to international malware but didn’t provide an explanation for the April surge.
Election offices across the country were on alert last year after U.S. intelligence identified potential Russian threats. In Arizona and Illinois, election officials reported breaches of voter registration databases but said systems involved in counting votes were not affected. The FBI then warned other states to check their protections against attacks.
Jeanne Atkins, who was Oregon secretary of State during the election, said the Department of Homeland Security tested the state’s voter registration database, which is connected to the internet.
“There were concerns. We were in constant monitoring mode,” Atkins said.
Homeland Security made the same offer to all states through the National Association of Secretaries of State, she said.