WASHINGTON – Russia's cyberattack on the U.S. electoral system before Donald Trump's election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in nearly twice as many states as previously reported.
In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one said.
The scope and sophistication so concerned Obama administration officials that they took an unprecedented step — complaining directly to Moscow over a modern-day "red phone." In October, two of the people said, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia's role in election meddling and to warn that the attacks risked setting off a broader conflict.
The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts. But they also paint a worrisome picture for future elections: The newest portrayal of potentially deep vulnerabilities in the U.S.'s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn't done meddling.
"They're coming after America," Comey told the Senate Intelligence Committee. "They will be back."
A spokesman for Minnesota Secretary of State Steve Simon said on Tuesday that there's been no indication that Minnesota's systems were compromised. The office heard from Homeland Security that all targets of the hacking attempts have been notified, and "we haven't heard anything about any Minnesota targets in these attacks," spokesman Peter Bartz-Gallagher said.
Russian officials have publicly denied any role in cyberattacks connected to the U.S. elections, including a massive "spear phishing" effort that compromised Hillary Clinton's campaign and the Democratic National Committee, among hundreds of other groups. President Vladimir Putin said in recent comments to reporters that criminals inside the country could have been involved without having been sanctioned by his government.
One of the mysteries about the 2016 presidential election is why Russian intelligence, after gaining access to state and local systems, didn't try to disrupt the vote. One possibility is that the U.S. warning was effective. Another former senior U.S. official, who asked for anonymity, said a more likely explanation is that several months of hacking failed to give the attackers the access they needed to master America's disparate voting systems spread across more than 7,000 local jurisdictions.
Such operations need not change votes to be effective. In fact, the Obama administration believed that the Russians were possibly preparing to delete voter registration information or slow vote tallying in order to undermine confidence in the election. That effort went far beyond the carefully timed release of private communications by individuals and parties.
One former senior U.S. official expressed concern that the Russians now have three years to build on their knowledge before the next presidential election, and there is every reason to believe they will use what they have learned in future attacks.
As the first test of a communication system designed to de-escalate cyber conflict between the two countries, the cyber "red phone" — not a phone, in fact, but a secure messaging channel for sending urgent messages and documents — didn't quite work as the White House had hoped.
The White House provided evidence gathered on Russia's hacking efforts and reasons why the U.S. considered it dangerously aggressive. Russia responded by asking for more information and providing assurances that it would look into the matter even as the hacking continued, according to the two people familiar with the response.
"Last year, as we detected intrusions into websites managed by election officials around the country, the administration worked relentlessly to protect our election infrastructure," said Eric Schultz, a spokesman for former President Barack Obama. "Given that our election systems are so decentralized, that effort meant working with Democratic and Republican election administrators from all across the country to bolster their cyber defenses."
Relations with Russia remain strained. The cyber red phone was announced in 2011 as a provision in the countries' Nuclear Risk Reduction Centers to allow urgent communication to defuse a possible cyber conflict.
Staff writer Patrick Coolican contributed to this report.