Election experts, cybersecurity experts and those who are overseeing the upcoming midterms have one thing to say about stopping Russian interference in American elections: Forget 2018. It’s too late. Focus on 2020. Before President Donald Trump had even been sworn into office, intelligence agencies revealed that cyberattacks spanning across 21 states had been conducted under the direct order of Russian President Vladimir Putin. The FBI, CIA and National Security Agency’s report concluded that “Russia’s goals were to undermine public faith in the U.S. democratic process, denigrate Secretary Clinton and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump.” Despite this, lawmakers and federal officials took months, sometimes longer, to take action, with the result that most federal assistance arrived too late to protect the midterm elections.
It wasn’t until eight months later, in September 2017, that the Department of Homeland Security notified the states whose voting systems had been targeted. One state had already identified itself as having been seriously breached: Illinois. The state reported its voter database had been hacked, leaving such personal information as the names, driver’s licenses and partial Social Security numbers for 15 million people in the hands of Russian hackers. In the end, 90,000 voters had their information compromised. Investigators said the foreign hackers had tried to delete or alter voter data but had ultimately failed.
A county database in Arizona, a Tennessee state website and an information technology vendor in Florida all had their systems breached by hackers as well. A classified NSA document published by The Intercept in 2017 referenced how products made by the Florida-based vendor VR Systems were breached by Russian hackers. A DHS document obtained by CBS 60 Minutes in April reportedly showed Russians were the perpetrators of the breaches in all four states. But it was later thought that Arizona had likely been infiltrated by criminal actors, according to what a Trump administration official told Reuters following the CBS report.
Russian election interference seems to have never stopped since the 2016 presidential election. Current cyberattacks have long been in progress, including aggressive spear-phishing campaigns against specific people. Foreign hackers have reportedly already targeted four Democratic candidates: Missouri Senator Claire McCaskill, California congressional candidates Hans Keirstead and David Min, and Alabama congressional candidate Tabitha Isner. All four had been targeted in similar ways, with some attacks dating back to mid-2017.
Although it was not believed to have been done at the hands of cyberattackers, voter records with personal information, including birth dates, home addresses and phone numbers of more than 19 million Texans was found online last week on an unsecured server without a password, as reported by TechCrunch. The same GOP-created analytics firm, Data Trust, believed to be responsible for compromising those Texas voter records, was also found to be at fault for last year’s voter database breach of the Republican National Committee that left the information of 198 million voters unprotected.