People connected to the Russian government tried to hack election-related computer systems in 21 states, a Department of Homeland Security official testified Wednesday.
Samuel Liles, the Department of Homeland Security’s acting director of the Office of Intelligence and Analysis Cyber Division, said vote-tallying mechanisms were unaffected and that the hackers appeared to be scanning for vulnerabilities — which Liles likened to walking down the street and looking at homes to see who might be inside.
But hackers successfully exploited a “small number” of networks, Liles said, likening the act to making it through a home’s front door.
[Russian hackers targeted Arizona election system]
Liles was testifying before the Senate Intelligence Committee, which is investigating Russia’s efforts to meddle in the 2016 presidential election, and his remarks add some clarity to the breadth of the Kremlin’s cyber mischief. Officials in Arizona and Illinois had previously confirmed that hackers targeted their voter registration system, though news reports suggested the Russian effort was much broader.
Bloomberg reported earlier this month that Russian hackers “hit” systems in 39 states, and the Intercept, citing a classified intelligence document, reported that Russian military intelligence “executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election.”
In a separate hearing before the House Intelligence Committee on Tuesday, former Department of Homeland Security secretary Jeh Johnson testified that Russia’s meddling, directed by President Vladimir Putin, was “unprecedented, the scale and the scope of what we saw them doing.” The testimony came a day after White House press secretary Sean Spicer said at a briefing he did not know whether President Trump believes Russia interfered in the 2016 presidential election.
In addition to scanning voting systems for vulnerabilities, U.S. intelligence committees have said Russian hackers acquired and engineered the release of emails from the Democratic National Committee and Hillary Clinton's campaign chairman, John Podesta.
“In retrospect, it would have been easy for me to say I should have brought a sleeping bag and camped out in front of the DNC in the late summer,” Johnson testified. He said the severity of Russia’s efforts persuaded him to sign onto an Oct. 7 statement publicly blaming the Kremlin for what had happened, even though doing so could have been perceived as “taking sides” or “challenging the integrity of the election itself.”
“My view is that we needed to do it, and we needed to do it well before the election to inform American voters of what we saw,” Johnson said. He added: “I think the larger issue is it did not get the public attention that it should have, because the same day the press was focused on the release of the Access Hollywood video.” That video showed Trump bragging about kissing and groping women.
Officials declined to say which 21 states were targeted or identify those that actually had data — such as voter registration lists — removed from their systems. Jeanette Manfra, the acting deputy undersecretary for cybersecurity and communications, said she could not do so because it was important to protect the confidentiality of those victimized.
FBI Assistant Director of Counterintelligence Bill Priestap testified Wednesday before the Senate Intelligence Committee that Russians also pushed false news reports and propaganda online, using amplifiers to spread their message. He said Russia for years has tried to influence U.S. elections but that the “scale” and “aggressiveness” of its efforts in 2016 made the attempts more significant.
“The Internet has allowed Russia to do so much more today than they’ve ever been able to do in the past,” Priestap said. He said Russia’s goal was to “sow discord” in the United States and to “denigrate” Clinton and help Trump.
Johnson suggested that in the aftermath of the hacking, the federal government should “encourage a uniform set of minimum standards for cybersecurity when it comes to state elections system and voter registration databases.”
But he acknowledged that doing so might be a heavy lift, given that state election officials are naturally suspicious of what he called a “federal takeover” of their election practices.
“State election officials are very sensitive about what they perceive to be federal intrusion into their process,” Johnson said, noting that he often encountered officials pushing back and arguing that “it’s our process, our responsibility.”