Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Report: Russia's US Election Interference Was Widespread
Jurisdictional Issues Have Impeded Full Digital Forensic InvestigationsHackers targeted election systems in at least 21 states prior to the 2016 presidential election, according to an investigation by the New York Times. But state and federal agencies have not launched the type of forensic digital investigations that would be required to reveal the full extent or impact of such attacks, the publication reported.
See Also: Gartner Market Guide for DFIR Retainer Services
While U.S. intelligence agencies unanimously agree that Russia conducted a hacking and information leak campaign designed to disrupt the election, the agencies did not believe Russian intelligence agencies tried to manipulate ballots or vote counts (see Intelligence Report Blames Putin for Election-Related Hacks).
But the Times investigation, which cites nearly two dozen anonymous national security and state officials, indicates that the United States still has not fully explored how attackers targeted voting infrastructure and what the ramifications might have been.
The Times also reports that intelligence officials believe hackers gained access to the systems of two election services vendors. The companies were not named.
In June, a National Security Agency contractor, Reality Leigh Winner, was arrested after she allegedly leaked a top-secret memo revealing an election-themed spear-phishing campaign (see U.S. Contractor Arrested in Leak of NSA Top-Secret File).
The five-page memo says attackers sent emails that purported to be from VR Systems, a Florida-based provider of electoral roll software, to 122 email addresses associated with local governments. The Times quotes VR Systems' chief operating officer, Ben Martin, as saying he did not believe the hackers were successful in compromising his company's systems.
The NSA memo says attackers created a Gmail address, vr.elections@gmail.com, and emailed Microsoft Word documents with setup guides for EViD, a system from used to verify voters' identities. The documents were rigged with malicious software, the NSA memo concludes.
Voting Suppliers Hacked?
Although the Times contends that the Russian hacking effort is suspected to have been expansive, it's unclear if that was directly linked to election day hiccups seen in places such as Durham County in North Carolina.
VR Systems supplied the county with software used for checking voter registration rolls. The Times reported that dozens of people were told they were ineligible to vote even though they possessed valid voter registration cards. In one precinct in the county, technical problems held up voting for two hours.
The problems were blamed on human error and software problems, the Times reported. But given the backdrop of clear efforts to compromise electoral roll systems in other states, many believe the issues should be more deeply investigated.
The Times reports that jurisdictional concerns have in part hampered those efforts. States control their elections and generally oppose federal government involvement. U.S. intelligence agencies also have legal restrictions when it comes to addressing domestic issues.
Still, it's been publicly known for some time that at least two states saw their electoral rolls penetrated. The FBI issued an alert around August 2016 that election databases in two states - Illinois and Arizona - had been breached. But the effect of those breaches remains unclear.
Diverted Attention
The question of whether U.S. votes were hacked has become highly politicized. The Trump administration has, at times, contested that the 2016 U.S. presidential election may have been influenced by hackers.
After initially throwing doubt on the U.S. intelligence agencies' conclusions, President Trump later acknowledged Russia's interference. Subsequently, however, he began suggesting that election fraud may have caused him to lose the popular vote.
According to official election results, Trump won the Electoral College - the U.S. system under which states elect presidents - but lost the popular vote by around 3 million ballots, to his rival, Democratic presidential nominee Hillary Clinton.
Regardless of the popular vote, however, under the Constitution, the Electoral College selects a president.
After the election, Trump began alleging that he lost the popular vote due to unregistered voters casting ballots. Although officials say it's not uncommon for small inconsistencies to be found after elections, there's no evidence of the large-scale voter fraud that would have been required to make this happen.
In May, Trump signed an executive order creating a commission, called the Advisory Commission on Election Integrity, to investigate voter fraud. Some members of the commission have said they want to investigate whether any electoral fraud resulted from hack attacks. The commission's work has stalled, however, in part due to the refusal of 45 states to turn over some or all of their voter registration data.
Meanwhile, there are questions - as yet unproven - over whether members of Trump's own team, or his business contacts, may have colluded with Russian intelligence agencies to influence the U.S. election, and these questions are being investigated by a special counsel. The investigation has reportedly expanded into whether Trump may have improperly dismissed former FBI Director James Comey, who was previously leading this probe.
Vote Manipulation Questions Continue
Although worries over potential election tampering became a very public issue leading up the 2016 election, many election watchers thought that U.S. voting systems were so decentralized and varied that it would be difficult to manipulate a tally.
Due to how the Electoral College system works, however, it would in theory only take targeted tampering in a handful of key states - and possibly just in several counties of those states - to influence the outcome of an election. And electronic voting machines, used in many states, are well known to have a host of security problems that could potentially be exploited by attackers wanted to exert such influence.