Russia 'probably' probed voting processes in all 50 states in 2016 election: Senate Committee

The committee also expressed that vulnerabilities 'remain imperfectly understood' heading into the next election.

The Senate Committee on Intelligence has released the first volume of its investigative report on Russian manipulation and interference of the 2016 US Election, revealing that all 50 states were probably targeted for attempted vote manipulation.

According to the heavily redacted, 67-page report [PDF], the Russian government conducted various intelligence-related activities against US election infrastructure at both state and local level, which began as early as 2014 and continued until at least 2017.

From assessing suspicious IP addresses that were discovered in mid-2016, the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) concluded that Russia probably conducted intelligence activity in all 50 states, allowing it to collect "general election-related web pages, voter ID information, election system software, and election service companies".

Previously, the DHS had revealed that Russian government hackers targeted at least 21 states during the 2016 US election.

The DHS concluded that the intelligence activities are likely to have been conducted by Russia as the tactics, techniques, and procedures (TTPs) observed from these IP addresses were consistent with previously observed Russian TTPs.

See also: SOS, IT pros - US is being attacked with its own technology

"Eventually we get enough of a picture that we become confident over the course of August of 2016 that we're seeing the Russians probe a whole bunch of different state election infrastructure, voter registration databases, and other related infrastructure on a regular basis," former Special Assistant to the President and Cybersecurity Coordinator Michael Daniel said.

The intentions behind Russia's interference into the 2016 election cycle remain unclear however, the report said, as Russian cyber actors were in a position to manipulate voter data but there is not any evidence that they did so.

The committee's speculations regarding Russia's intentions behind the data collecting span from the country wanting to catalog data for use at a later date to wanting to generally "undermine the integrity of elections and American confidence in democracy".

Russia's intelligence activities were first discovered in mid-2016 in Illinois, the report said, when state officials detected anomalous network activity, specifically a large increase in outbound data, on a voter registry website. 

The FBI then issued an unclassified flash alert to state technical-level experts across the country on a set of suspected IP addresses identified from the attack on lilinois's voter registration databases, discovering that another 20 states had made connections with at least one of the suspected IP addresses. The FBI proceeded to issue a second flash alert which revealed that all 50 states were probably targeted.

Election vulnerabilities remain 'imperfectly understood'

The majority of Russia's exploitation of US election infrastructure in 2016 occurred in the seems between federal and state authorities, the report said. 

From the investigation's findings, the committee concluded that leading up to the 2016 US election, there were limited domestic cybersecurity capabilities in place except where the FBI and DHS worked with state and local partners. 

"State election officials, who have primacy in running elections, were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor," the report said.

The committee also noted since the 2016 election, vulnerabilities "remain imperfectly understood" heading into the upcoming election, referring to comments made in 2018 by then-DHS Undersecretary for National Protection and Programs Division Christopher Krebs that "top election vulnerabilities remain" regarding the administration of the voter databases and the tabulation of the data.

Acknowledging these vulnerabilities, the committee raised concerns about the possibility for Russia to interfere with the upcoming 2020 election. 

See also: Microsoft demos ElectionGuard technology for securing electronic voting machines

"If Russia's preferred candidate does not prevail in the 2020 election, the Russians may seek to delegitimize the election. The absence of any successful cyber intrusions, exfiltrations or manipulations would greatly benefit the U.S. public in resisting such a campaign," the report said.

Despite these vulnerabilities at the state level, the committee still recommended for the election process to be handled by state authorities, even though state election infrastructure needed to be improved. Such improvements include bolstering under-resourced localities, undertaking security audits of state and local voter registration systems, installing monitoring sensors on state systems, and using ballots that can produce a verifiable paper trail.

Funding for these improvements are currently provided by Congress, which created a $380 million fund that has been distributed to states under a formula laid out in the Help American Vote Act. The committee noted that Congress would need to evaluate the results of the fund and consider whether additional funding will be required to replace vulnerable voting machines and improve cybersecurity.

The report's recommendation has received dissent however, with Democrat Senator Ron Wyden of Oregon saying that elections should no longer be state run.

"We would not ask a local sheriff to go to war against the missiles, planes and tanks of the Russian Army. We shouldn't ask a county election IT employee to fight a war against the full capabilities and vast resources of Russia's cyber army," he said.

"I cannot support a report whose top recommendation is to 'reinforce [ ] state's primacy in running elections'."

With presidential elections coming up in 2020, Wyden has not been the only official to express concerns about foreign interference. Former special counsel Robert Mueller on Wednesday, testified about his own report on Russian interference in US elections, warning that "the Russian government's effort to interfere in our election" is among the "most serious" challenges to the country's democracy he has seen.  

Related Coverage

Microsoft demos ElectionGuard technology for securing electronic voting machines

New ElectionGuard SDK to be open-sourced on GitHub; provided for free to voting machine vendors.

FTC reportedly approves $5B settlement with Facebook

The settlement would easily surpass the FTC's largest financial penalty to date.

FTC hits Facebook with record $5 billion fine for user privacy violations

As part of the record-breaking settlement, Facebook has agreed to conduct a massive overhaul of its consumer privacy practices.

Microsoft notified 10,000 victims of nation-state attacks

Most of the attacks came from state-sponsored hacking groups in Iran, North Korea, and Russia.

US wiped hard drives at Russia's 'troll factory' in last year's hack

IRA news site reveals what happened last year on the day before the US midterms.

How database hacks could impact elections and voters' fears (TechRepublic)

Cris Thomas (aka Space Rogue), global strategy lead at IBM X-Force Red, explains SQL injection attacks and discusses how voter registration database hacks can lead to doubt in the election process.