Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

No Evidence Russian Hackers Changed Votes in 2016 Election: Senators

Hackers backed by the Russian government attempted to undermine confidence in the voting process in the period leading up to the 2016 presidential election, but there is no evidence that they manipulated votes or modified voter registration data, according to a brief report published on Tuesday by the Senate Intelligence Committee.

Hackers backed by the Russian government attempted to undermine confidence in the voting process in the period leading up to the 2016 presidential election, but there is no evidence that they manipulated votes or modified voter registration data, according to a brief report published on Tuesday by the Senate Intelligence Committee.

According to the Senate panel, threat actors had attempted to access numerous state election systems and in some cases voter registration databases.

Authorities are confident that Russian threat actors targeted election systems in at least 18 states, and there is some evidence that three other states may have also been hit. These numbers only cover local or state government organizations – attacks on political parties and NGOs are not included.

Several other states reported seeing malicious activity, but investigators have not been able to confidently attribute the incidents to Russia.

Nearly all the targeted states observed attempts to find vulnerabilities in their systems. These scans were often aimed at the website of the Secretary of State and voter registration infrastructure, the Senate panel said in its report.

In at least six states, Russian hackers attempted to breach voting-related websites, and in a small number of cases they were able to gain unauthorized access to election infrastructure components, and even obtained the access necessary for altering or deleting voter registration data. However, it does not appear that they could have manipulated individual votes or aggregate vote totals.

The Russian government is believed to have launched this campaign at least as early as 2014 with the goal of gathering information and discrediting the integrity of the United States’ voting process and election results, senators said.

The Senate panel has admitted that its assessment, as well as the assessments of the DHS and FBI, are based on information provided by the targeted states, and there may be some attacks or breaches that have not been detected.

“While the full scope of Russian activity against the states remains unclear because of collection gaps, the Committee found ample evidence to conclude that the Russian government was developing capabilities to undermine confidence in our election infrastructure, including voter processes,” senators wrote in their report.

“The Committee does not know whether the Russian government-affiliated actors intended to exploit vulnerabilities during the 2016 elections and decided against taking action, or whether they were merely gathering information and testing capabilities for a future attack. Regardless, the Committee believes the activity indicates an intent to go beyond traditional intelligence collection,” they added.

The Trump administration recently imposed sanctions against several Russian spy agencies and 19 individuals for trying to influence the 2016 presidential election.

Related: Facebook Details Election Security Improvements

Related: Dispel Launches Election Security Platform

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...