Hackers have ramped up their efforts to meddle with the country’s election infrastructure in the weeks leading up to Tuesday’s midterms, sparking a raft of investigations into election interference, internal intelligence documents show.
The hackers have targeted voter registration databases, election officials, and networks across the country, from counties in the Southwest to a city government in the Midwest, according to Department of Homeland Security election threat reports reviewed by the Globe. The agency says publicly all the recent attempts have been prevented or mitigated, but internal documents show hackers have had “limited success.”
The recent incidents, ranging from injections of malicious computer code to a massive number of bogus requests for voter registration forms, have not been publicly disclosed until now.
Federal agencies have logged more than 160 reports of suspected meddling in US elections since Aug. 1, documents show. The pace of suspicious activity has picked up in recent weeks — up to 10 incidents each day — and officials are on high alert.
“It’s like a burglar walking up to your house in middle of night, jiggling the door to see if it’s unlocked,” said Jim Condos, president of the National Association of Secretaries of State and Vermont’s top election official. “That’s what it looks like — they’re trying to figure out your weakness.”
Russian hackers carried out a sophisticated campaign against the US voting system in the run-up to the 2016 presidential election, according to US intelligence assessments and recent indictments from Special Counsel Robert Mueller. The hackers targeted voter registration databases in 21 states and stole the personal information of 500,000 US voters. The Senate committee investigating 2016 Russian election interference sharply criticized DHS for not identifying and sharing information on the threats.
Since then, DHS has begun offering classified briefings to state officials and sharing threat assessments with more partners.
“We’re much better prepared for attacks against our election infrastructure than we were in 2016,” said Lawrence Norden, an election security expert with the Brennan Center for Justice at New York University. “The fact that we’re monitoring this activity is in itself a good sign.”
DHS spokesman Scott McConnell attributed the recent increase in reported incidents to more vigilance and better communication between state offices and his agency.
“This sharing is helping us build a national-level understanding of the cybersecurity threats facing our nation’s election infrastructure,” McConnell said.
McConnell noted that some complaints turn out to be groundless. He said there is no baseline to assess the rate of hacking attempts because similar election threat numbers were not compiled in previous years.
The daily DHS election-threat reports compile initial, on-the-ground accounts of possible interference but make no conclusions about who is behind the attacks. However, the reports reviewed by the Globe describe most of the recent incidents as “foreign-based.”
The Globe obtained the unclassified reports, which are distributed to law enforcement agencies and election security officials across the country, for a period covering eight consecutive days in late October. Each report includes statistics on complaints received since Aug. 1.
In late August, Vermont officials found that hackers — believed to be from Russia — were scanning their voter registration databases and looking for vulnerability, according to Condos, Vermont’s secretary of state. The state immediately notified the Department of Homeland Security, which opened an investigation.
“Boy, were they glad,” Condos said. “They were glad we sent it to them.”
Reports from the last two weeks show states have flagged dozens of new attempts by foreign hackers to penetrate their systems, steal voter data, and access e-mail accounts. Investigators have been able to draw connections between several of the attempted hacks in different states, according to a Nov. 1 DHS bulletin.
The hackers’ recent targets and methods, documents show, are similar to those of the Russian efforts around the 2016 election.
“We’re seeing the same thing; the only difference is now we aren’t saying Russia,” a DHS cybersecurity official told the Globe. “It’s nuanced. We haven’t attributed the attacks to anyone yet.”
DHS provided the official to comment on the intelligence reports obtained by the Globe on the condition of anonymity.
In the last week of October alone, at least half a dozen states reported barrages of malicious log-in attempts on voter databases and election security systems, reports show.
One state, which is unnamed in the documents, successfully blocked about 51,594 login attempts from foreign countries in a 24-hour period, documents show. The following day, another state fended off another 52,092 attempts.
Investigators have said a handful of the hacking attempts targeting separate election networks in several states are connected, documents show.
Internal intelligence documents show some of the cyber meddling efforts have had “limited success.” On Oct. 23, a senior official in charge of a state’s election process had a personal social media account hacked and reregistered to a Russian e-mail provider, a report shows. The report does not list the state or include other identifying details.
Elsewhere, an unidentified city government computer system was compromised. Hackers initially attempted to access the city clerk’s account a day before the Aug. 14 primary. On primary day, hackers tried to get into the account of a city IT employee, a report shows.
The network was ultimately compromised, but the DHS report did not detail the extent of the breach.
Voter registration information can be used, and weaponized, for other types of election interference, including social media disinformation campaigns in local elections.
“Those are the kinds of things that are causes of concern,” said Condos. “What changed since the 2016 [election] cycle is sowing chaos and social discord via social media.”
Last Thursday night, West Virginia Senator Joe Manchin’s social media accounts were hacked just hours before a campaign debate. His office did not say who was behind the hack, but noted it was working with federal law enforcement. On Friday, Twitter announced it had taken down more than 10,000 automated accounts that were posting messages that discouraged voting, Reuters reported.
A week earlier, on Oct. 25, two states reported suspicious text messages had been sent out, falsely claiming that “All Early Voting sites will be closed this weekend,” according to a DHS report.
In the state that reported a massive influx of bogus requests for voter registration forms, DHS determined the act was part of a continued, foreign-based misinformation campaign.
Federal agencies have wrestled with how to combat election interference, and agencies have disagreed about how much information to share and with whom.
DHS’s strategy is to put out a call for all states and election officials to report back anything remotely suspicious.
One election official flagged for DHS four unsolicited phone calls from Russia just days after the official attended cybersecurity meetings, according to a DHS report.
Another state reported a foreign news agency’s request for access to Election Day vote counting. The media request failed to mention the agency is a subsidiary of government-operated Russia Today, a report shows.
Massachusetts officials have seen an increase in hacking attempts recently, but officials know of no major breaches, according to Debra O’Malley, spokeswoman for Secretary of State William Galvin.
Massachusetts has one of the more secure voting systems because its practices are old-school — the state uses optical scans and paper ballots. Additionally, voter registration databases are on a separate network and not connected to the Internet, O’Malley said.
Norden, the election security expert, believes the nation’s increased focus on election security will pay off.
“If you have a determined, well-funded adversary, you may not block them 100 percent of the time,” he said. “But the good news is . . . even if there is a successful breach against part of our election infrastructure, people should still be able to vote and we should be able to accurately count those votes at the end of the day.”
Jana Winter can be reached at firstname.lastname@example.org. Follow her on Twitter @JanaWinter. This investigation was made possible through the Spotlight Investigative Journalism Fellowship, a social impact initiative of Participant Media. For more, go to www.spotlightfellowship.com.