Department of Homeland Security officials are saying Tuesday's election will be "the most secure U.S. election since the birth of the internet," thanks to new efforts implemented in response to Russia's 2016 interference. However, that does not mean Russian operatives are finished trying to interfere. In fact, hackers increasingly have been trying to breach election systems in the past couple of months, and DHS fears any activity now could be a practice run for the next presidential campaign.
“The midterm is . . . just the warm-up, or the exhibition game,” said Christopher Krebs, a senior cyber official at the Department of Homeland Security. “The big game, we think, for the adversaries is probably 2020.”
DHS is leading the effort on protecting voting machines, providing states with more election security services after the 2016 election. The FBI has been focused on combating foreign interference on social media. Both efforts have received support from U.S. intelligence agencies.
In many states, election officials have spent the past two years hiring technology experts, establishing cybersecurity training for poll workers, enrolling in free DHS computer vulnerability scans and, in some cases, purchasing new voting equipment with paper-ballot backups that can be audited in the event of cyber mischief.
A DHS-funded group that was formed last February to share cybersecurity information among election officials and federal partners boasts participation from all 50 states and over 1,300 local officials. It didn’t exist in 2016.
But at the same time, Russia's disinformation assault shows no signs of slowing, and internal DHS documents show hackers probing election systems nationwide, some with more success than officials appear to be sharing with the public.
The hackers have targeted voter registration databases, election officials, and networks across the country, from counties in the Southwest to a city government in the Midwest, according to Department of Homeland Security election threat reports reviewed by the Globe. The agency says publicly all the recent attempts have been prevented or mitigated, but internal documents show hackers have had “limited success.”
(...)
Federal agencies have logged more than 160 reports of suspected meddling in US elections since Aug. 1, documents show. The pace of suspicious activity has picked up in recent weeks — up to 10 incidents each day — and officials are on high alert.
(...)
“We’re much better prepared for attacks against our election infrastructure than we were in 2016,” said Lawrence Norden, an election security expert with the Brennan Center for Justice at New York University. “The fact that we’re monitoring this activity is in itself a good sign.”
(...)
The daily DHS election-threat reports compile initial, on-the-ground accounts of possible interference but make no conclusions about who is behind the attacks. However, the reports reviewed by the Globe describe most of the recent incidents as “foreign-based.”
(...)
Reports from the last two weeks show states have flagged dozens of new attempts by foreign hackers to penetrate their systems, steal voter data, and access e-mail accounts. Investigators have been able to draw connections between several of the attempted hacks in different states, according to a Nov. 1 DHS bulletin.
The hackers’ recent targets and methods, documents show, are similar to those of the Russian efforts around the 2016 election.
(...)
In the last week of October alone, at least half a dozen states reported barrages of malicious log-in attempts on voter databases and election security systems, reports show.
One state, which is unnamed in the documents, successfully blocked about 51,594 login attempts from foreign countries in a 24-hour period, documents show. The following day, another state fended off another 52,092 attempts.
(...)
Internal intelligence documents show some of the cyber meddling efforts have had “limited success.” On Oct. 23, a senior official in charge of a state’s election process had a personal social media account hacked and reregistered to a Russian e-mail provider, a report shows. The report does not list the state or include other identifying details.
Elsewhere, an unidentified city government computer system was compromised. Hackers initially attempted to access the city clerk’s account a day before the Aug. 14 primary. On primary day, hackers tried to get into the account of a city IT employee, a report shows.
The network was ultimately compromised, but the DHS report did not detail the extent of the breach.
Some election integrity advocates and former officials have faulted the Trump administration—and President Trump specifically—for not doing more to elevate and highlight the issue.
Mr. Trump has repeatedly played down or denied Russian interference in the 2016 election. Russia has denied attempting to interfere in elections in the U.S. or elsewhere.
There are security gaps still to be filled. Voting machines have been replaced or upgraded in some states, but others are relying on equipment that is outdated or has a known cyber vulnerability.
(...)
Only one state, Virginia, has fully replaced its paperless voting machines since the 2016 election. Five states—Georgia, South Carolina, Louisiana, Delaware and New Jersey—continue to rely entirely on paperless machines, and several others, including Pennsylvania, have some counties that lack a paper backup. Most have taken at least initial steps to swap them out by 2020, though funding remains a challenge.
DHS’s strategy is to put out a call for all states and election officials to report back anything remotely suspicious.
One election official flagged for DHS four unsolicited phone calls from Russia just days after the official attended cybersecurity meetings, according to a DHS report.
Another state reported a foreign news agency’s request for access to Election Day vote counting. The media request failed to mention the agency is a subsidiary of government-operated Russia Today, a report shows.
Officers at U.S. Cyber Command in recent weeks have begun signaling to Russian intelligence operatives intent on spreading disinformation that they are being monitored, according to people familiar with the effort.
Mr. Silvers, the former DHS official, said that while preparation has improved, more is needed, including from Mr. Trump and Congress.
“There’s been important progress, but it’s not nearly enough,” Mr. Silvers said. “In 2016, it was a really novel point to make that there might be a cybersecurity vulnerability to the elections process. It’s not novel anymore.”
Hackers targeting election networks across country prior to midterms (Boston Globe)
U.S. Girds for Possible Russian Meddling on Election Day (WSJ)
The midterms may be the ‘warm-up’ for Russians seeking to target 2020, officials say (WaPo)