An NBC News report last week claiming a U.S. official confirmed that several states’ voter rolls were penetrated by Russian hackers is getting belated pushback from the Department of Homeland Security.
DHS blasted out a statement Monday that said NBC “misrepresented facts” and “falsely report[ed]” the DHS official’s comments.
On Thursday, the network touted an interview with DHS cybersecurity chief Jeanette Manfra. The report paraphrased Manfra’s comments as saying “the Russians successfully penetrated the voter registration rolls of several U.S. states prior to the 2016 presidential election.”
A video preview of the NBC interview showed Manfra being asked specifically about states’ voter registration systems being targeted. Manfra responded with a line that was similar to what the DHS has been saying for many months: “We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated.”
Indeed, on Monday, DHS confirmed that she was only reiterating what the department first disclosed in a hearing last June.
“NBC News continues to falsely report my recent comments on attempted election hacking – which clearly mirror my testimony before the Senate Intelligence Committee last summer – as some kind of ‘breaking news,’ incorrectly claiming a shift in the administration’s position on cyber threats,” Manfra said in Monday’s statement.
Since DHS’s initial disclosure in June, the process of informing the 21 states that they had been targeted has been messy, at best. Some states have rejected the notion that a so-called “scan” — which it appears is what a vast majority of the 21 states were subjected to — really warranted the rhetoric DHS used to describe it, given how common scans are. A scan is essentially a search for website’s vulnerabilities and weakness; state election officials told TPM last year that their websites are scanned hundreds of times a day.
It’s not entirely clear how the states that didn’t fit into that pattern of activity fit into the DHS’ initial assessment.
Illinois publicly disclosed in June 2016 a breach of its voter registrations systems, saying voter rolls were accessed, but not tampered with or deleted. The state later confirmed that that was what DHS was referring to when it named Illinois as one of the 21 states.
In Wisconsin, there was an attempt linked to Russian government cyber-actors to intrude on the system not with a scan, but through a banner or a pop-up ad that was effectively blocked by the state’s IT system, a Wisconsin official told TPM last fall.
What happened in Arizona is a bit murkier. A local election administrator’s computer log-in and password appeared to have been stolen after the official opened a malicious email in June 2016, but the state did not find that its system had been compromised in the hacking attempt. A spokesman for Arizona’s Secretary of State told TPM last week that a Russian server was used in the phishing attempt, but that it should “be noted that servers anywhere in the world could have been used.”
The spokesman, Matt Roberts, also said that Arizona did not consider itself among the 21 states DHS said were targeted by Russian hackers, as “the DHS could not confirm that any attempted Russian government attack occurred whatsoever to any election-related system in Arizona, much less the statewide voter registration database.”
The DHS declined to clarify for TPM whether it was including Arizona in its assessment of states that had been successfully accessed.
Read the department’s full statement below:
WASHINGTON – Today, Jeanette Manfra, National Protection and Programs Directorate (NPPD) Assistant Secretary for the Office of Cybersecurity and Communications, released the following statement regarding the recent NBC news coverage on the Department of Homeland Security’s efforts to combat election hacking.
“Recent NBC reporting has misrepresented facts and confused the public with regard to Department of Homeland Security and state and local government efforts to combat election hacking. First off, let me be clear: we have no evidence – old or new – that any votes in the 2016 elections were manipulated by Russian hackers. NBC News continues to falsely report my recent comments on attempted election hacking – which clearly mirror my testimony before the Senate Intelligence Committee last summer – as some kind of “breaking news,” incorrectly claiming a shift in the administration’s position on cyber threats. As I said eight months ago, a number of states were the target of Russian government cyber actors seeking vulnerabilities and access to U.S. election infrastructure. In the majority of cases, only preparatory activity like scanning was observed, while in a small number of cases, actors were able to access the system but we have no evidence votes were changed or otherwise impacted.
“NBC’s irresponsible reporting, which is being roundly criticized elsewhere in the media and by security experts alike, undermines the ability of the Department of Homeland Security, our partners at the Election Assistance Commission, and state and local officials across the nation to do our incredibly important jobs. While we’ll continue our part to educate NBC and others on the threat, more importantly, the Department of Homeland Security and our state and local partners will continue our mission to secure the nation’s election systems.
“To our state and local partners in the election community: there’s no question we’re making real and meaningful progress together. States will do their part in how they responsibly manage and implement secure voting processes. For our part, we’re going to continue to support with risk and vulnerability assessments, offer cyber hygiene scans, provide real-time threat intel feeds, issue security clearances to state officials, partner on incident response planning, and deliver cybersecurity training. The list goes on of how we’re leaning forward and helping our partners in the election community. We will not stop, and will stand by our partners to protect our nation’s election infrastructure and ensure that all Americans can have confidence in our democratic elections.”
