On Friday, the Department of Homeland Security notified 21 states that they were targets of hacking during the 2016 election. DHS did not identify the states publicly, but several states did confirm that they had been informed of the hacking by the federal government.
The Associated Press contacted every state election office regarding the hacking. States that confirmed that they had been targeted included Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Florida, Illinois, Iowa, Maryland, Minnesota, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Texas, Virginia, Washington and Wisconsin.
The notifications were a rare confirmation from the Trump Administration that the Russian attempts to interfere with the election were real. The notifications came on Friday, the day of the week typically reserved for announcements the Administration prefers to have overlooked.
Some state election officials and congressmen were critical of the Administration for its slow pace in sharing information about the cyberattacks. “It is completely unacceptable that it has taken DHS over a year to inform our office of Russian scanning of our systems, despite our repeated requests for information,” California’s Democrat Secretary of State Alex Padilla said. “The practice of withholding critical information from elections officials is a detriment to the security of our elections and our democracy.”
“We have to do better in the future,” said Senator Mark Warner (D-Va.), a member of the Senate committee investigating Russia’s actions.
The DHS report did not specify the source of the hacking attempts, saying in a statement, “We are working with them to refine our processes for sharing this information while protecting the integrity of investigations and the confidentiality of system owners.”
Several state election officials did specifically name Russia as the culprit, however. Alaska Elections Division Director Josie Bahnke said that computers in Russia had looked for vulnerabilities in the state’s networks. A statement by the Wisconsin Election Commission referred to “Russian government cyber actors.”
In most cases, the state computer systems were not breached, but Illinois was an exception. A previous report indicated that hackers gained access to the Illinois voter registration computers and tried to alter or delete data.
A secret NSA document leaked to The Intercept by Reality Winner last June showed that the Russians had also targeted private companies that contract with state governments to provide software for electronic voting machines. Voting machines are typically not tied to computer networks, but could be vulnerable through software updates. The document said the GRU, Russian military intelligence, was responsible for the attacks.
So far, there is no evidence that any attempts to alter software or data was successful. “There remains no evidence that the Russians altered one vote or changed one registration,” Judd Choate, president of the U.S. National Association of State Election Directors, told Reuters.
Russia has denied any involvement in the cyberattacks on the US voting infrastructure.
Also on Friday, President Trump referred to the Russian hacking as a “hoax” in a tweet. Since the election, the president has had little to say about the Russian cyberattacks even though there is widespread agreement among intelligence agencies that the Putin government was directly involved.