Russians Hacked 39 States During Election

Newly released details of Russian cyberattacks indicate that the Russian hacking during the election was far more widespread than previously indicated. Sources within the investigation reported that Russian cyberattacks hit at least 39 states. The hackers accessed software used by poll workers and at least one state’s voter database. The extent of the attacks raises concerns about the integrity of future elections since Russia has also been implicated in hacking other elections including the recent French presidential voting.


The recent revelations were made to Bloomberg Politics by three people with direct knowledge of the US investigation. The details released to Bloomberg come on the heels of the report leaked by Reality Winner, a contract employee of the NSA. The classified NSA report revealed that Russian hackers traced to the GRU, Russian military intelligence, had targeted US companies that provide software for voting machines.


The Bloomberg report states that the hackers tried to alter or delete voter registration data in Illinois in addition to the “spear phishing” attacks that compromised the emails at the Democratic National Committee and the Clinton campaign. Russian hackers were trying to take over the computers of 122 election officials shortly before the election.


The sources report that Illinois was considered “Patient Zero” for the investigation. The state gave federal investigators almost full access to its election computer systems. Unauthorized access to systems at the state board of elections was detected as early as July 2016 and as many as 90,000 voter records in the state database were compromised with personal information on voters such as names, Social Security numbers, driver’s licenses, birth dates and gender.


The sophistication and sheer number of the attacks prompted the Obama Administration to complain directly to the Kremlin via the hotline between Washington and Moscow. In October, the US reportedly used a back channel to provide evidence of Russian complicity to the Kremlin and threatened that continued hacking could lead to an expanded conflict. The hacking continued up to the election.


Russian President Vladimir Putin has denied any involvement by the Russian government in the cyberattacks. Earlier this month, Putin suggested that the hacking might have been carried out by “patriotic hackers” not connected to the Russian government.


During the election, the federal government did not have jurisdiction over state election systems. Some states cooperated with federal counterintelligence operations, but others did not. Jeh Johnson, Secretary of Homeland Security under President Obama, proposed in August 2016 that election systems be considered a critical national infrastructure, which would give the federal government more latitude in protecting state systems from cyberattacks. Ultimately, partisan disagreements meant that the designation was not made until January 2017.


There were hints of the Russian hacking revealed prior to the election, but Bloomberg reports that the Obama Administration kept the full scope of the attacks from the public. The government feared that the full truth would undermine public confidence in the election.


The claims of Russian hacking have become a source of amusement for many conservatives, but the recent revelations show the frightening extent of Russian interference in a core function of American democracy. So far there is no evidence that Russians were able to manipulate votes or voter rolls, but it was not for lack of trying.


And it probably isn’t over. Former FBI Director James Comey warned the Senate Intelligence Committee in his testimony, “They’re coming after America. They will be back.”

This 2 Keystroke Error Is Why Clinton Deserved To Lose

Any campaign staffed with people who can’t navigate the shallow waters of phishing emails and how basic online security should be handled ought not to win even a race for dog catcher. But then again, this was the campaign of a woman who kept her email server in her own basement, with a backup in a bathroom in Colorado, when she was secretary of state.

It simply proves that phishing works. Especially when naïve Clinton campaign staffers believe every email they receive. In this case, it was IT staffer Charles Delavan who mistakenly responded using the word “legitimate” instead of “illegitimate” that handed Clinton chairman John Podesta’s password over to hackers.


The email in question was purportedly from Google, claiming that hackers had attempted to access Podesta’s account. According the the NYT, hundreds of these were sent to all kinds of political targets. It just so happens that the one read by this Podesta aide, who had access to his boss’s email, resulted in the rube clicking on the link in the phishing email not the one in the reply by Delavan.

“This is a legitimate email,” Charles Delavan, a Clinton campaign aide, replied to another of Mr. Podesta’s aides, who had noticed the alert. “John needs to change his password immediately.”

With another click, a decade of emails that Mr. Podesta maintained in his Gmail account — a total of about 60,000 — were unlocked for the Russian hackers. Mr. Delavan, in an interview, said that his bad advice was a result of a typo: He knew this was a phishing attack, as the campaign was getting dozens of them. He said he had meant to type that it was an “illegitimate” email, an error that he said has plagued him ever since.

Not only did the person who got the phishing email fall for it and misread the reply, but the IT staffer apparently didn’t go back and correct his mistake. And nobody realized it for months. Apparently, getting dozens of phishing emails isn’t enough for IT folks to send a “to all” email with the title something like “Security Alert: DO NOT CLICK ON LINKS in emails that appear to be from Google.”

Because that’s what any normal company would do (like, maybe Goldman Sachs, or Exxon, which will be in charge of running America’s economy and diplomatic corps, respectively). I used to run a payment services company, and we would have been hauled over the coals if anything like this happened to us. We got tested for it regularly by outside security consultants.

Clinton deserved everything she got. She deserved to be hacked because her campaign was too dysfunctional and naïve to take even the most basic security measures to protect their online data. And because she was this careless at the State Department, and in her own campaign, we have every reason to believe she would have been just as careless as president.

I won’t give any credit or praise to Russian hackers or their purposes in hurting Clinton and helping Trump. But really, it’s good this happened before the election, because we really dodged a bullet keeping this disaster away from the White House.