The Senate Intelligence Committee on Tuesday evening released an unclassified summary of one of the multiple reports it intends to release as part of its election meddling investigation. The summary focuses on the committee’s findings with regards to the cyber-intrusion campaign Russian-linked entities launched targeting state and local election infrastructure. It also includes updates to recommendations the committee previously offered for election official to protect their systems for the 2018 elections.
“Russian actors scanned databases for vulnerabilities, attempted intrusions, and in a small number of cases successfully penetrated a voter registration database,” the summary said.
The summary says that 18 states had their election systems targeted, and that the intelligence community had varying confidence another three may have been targeted. Department of Homeland Security previously informed 21 states their infrastructures had been targeted, many via so-called “scans.” That notification last year did not clear up many questions surrounding the hacking attempts.
In at least six states, those attempted cyber intrusions went beyond scanning for vulnerabilities, the Senate Intel Committee said, and Russian-linked actors “conducted malicious access attempts on voting-related websites.” The majority of those access attempts were so-called “Structure Query Language (SQL)” injections, “a well-known technique for cyberattacks on public-facing websites,” the committee said.
In a “small number of states,” the committee said, those attacks targeted systems that were restricted from the public, and, “in a small number,” the cyber-intruders “were in a position to, at a minimum, alter or delete voter registration data.”
“[H]owever, they did not appear to be in a position to manipulate individual votes or aggregate vote totals,” the summary added.
It was previously known that Illinois’ voter registration system was targeted by an SQL injection attack. Additionally, Wisconsin’s election website was apparently targeted by Russians via a malicious banner or pop up ad, though state officials told TPM that the attempted hack was blocked by their cybersecurity system.
The Senate Intel summary cautions that its findings on intrusion attempts on state election infrastructures did not include any attempt on third party election vendors.
Read the summary below: