State isn’t mentioned in Russian indictment
MADISON - Friday’s indictment of 12 Russians for stealing voter registration data does not mention Wisconsin, but officials have said the state was one of numerous targets.
Russian agents in the summer of 2016 targeted — but did not access — Wisconsin computer systems, federal officials said last year.
The Russian agents attempted to get into an inactive computer at the state Department of Workforce Development, according to past accounts of the incident. They did not breach the system and officials believe the attackers were looking for vulnerabilities they could exploit that would get them into the state voter registration system.
If hackers got into the voter registration system, they likely could deactivate people’s voting credentials or make other changes that would create long lines at the polls. That system is not used to tally votes, so breaking into it could not affect election results.
In a second 2016 incident, a link to a malicious website was set to show up on a state Elections Commission computer, but the link was not displayed because it was blocked by a firewall. If it had been displayed, the link could have taken the user to a system federal officials later determined is associated with the Russian government.
According to Friday’s indictment, the Russians stole the names, addresses and partial Social Security numbers of 500,000 voters in one state. The indictment did not name the state that was involved, but past reports have said hackers stole data from the voter registration system in Illinois in 2016.
The Russians also hacked into the computer system of a vendor that supplies voter registration software, according to the indictment. It did not name the vendor.
The Russians sent more than 100 emails designed to look like they came from that vendor to organizations and officials in Florida who run elections, according to the indictment. The emails included a document infected with malware.
Reid Magney, a spokesman for the Wisconsin Elections Commission, said he had seen no evidence that anything mentioned in the indictment related to activities in Wisconsin.
Wisconsin officials this spring and summer conducted “tabletop exercises” with local election officials to simulate hacking attempts, natural disasters and other situations that could occur during an election, Magney said. More training is occurring at the local level.
In addition, state election officials this spring announced plans to have U.S. Homeland Security officials send “simulated malicious emails” to election clerks to test how they respond. They are also slated to conduct mock hacking attempts on state computer systems.
Those simulations have not yet been conducted, Magney said.
On Friday, the Elections Commission told clerks they must complete an online security course by July 23 to maintain their access to the state’s voter registration system. About 2,500 people around the state have access to that system.