The Department of Homeland Security told 21 states Friday that they had been targeted ahead of last November’s voting, though the majority of the attempts are believed to have failed.
Reports last summer first said that there had been intrusions into systems in Illinois and Arizona, which were blamed on Russian hackers as part of a widespread alleged effort to influence the election.
DHS had previously said that 21 states were affected, though the election officials themselves were left with the decision about whether to reveal the attempts to the public.
Alabama, Colorado, Illinois, Maryland, Virginia, Washington and the swing state of Wisconsin all confirmed the attacks.
Wisconsin Elections Commission Administrator Michael Haas was told that Kremlin-linked actors “scanned internet-connected election infrastructure likely seeking specific vulnerabilities such as access to voter registration databases, but the attempt to exploit vulnerabilities was unsuccessful.”
National Security Agency documents leaked to The Intercept by contractor Reality Winner this spring said that hackers from Moscow’s foreign intelligence agency are also believed to be behind cyberattacks a voting software company.
The NSA documents say that successful hacks of VR Systems led to more “phishing” emails to local election officials designed to spread the hack.
VR Systems’ website says its EViD software for election management is used in states including California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia.
The DHS telling states of their vulnerability comes as investigations into the alleged Russian meddling and potential collusion by Americans are underway in the House of Representatives, Senate, FBI and Special Counsel Robert Mueller’s office.
Virginia’s Sen. Mark Warner, the leading Democrat on the Senate Intelligence Committee, said in a statement that Homeland Security’s reaching out to the states, some of whom are now prepping for new elections, came far too late.
“I expect the top election officials of each state to be made aware of all such attempted intrusions, successful or not, so that they can strengthen their defenses — just as any homeowner would expect the alarm company to inform them of all break-in attempts, even if the burglar doesn’t actually get inside the house.”