Riverside County District Attorney Michael Hestrin was at his desk on June 7, 2016, when the calls started coming in. It was the day of the California presidential primary, and upset voters wanted the county’s top prosecutor to know that they had been prevented from casting their ballots. “There were people calling our office and filing complaints that they had tried to vote and that their registration had been changed unbeknownst to them,” says Hestrin. Soon there were more than 20 reports of trouble, and Hestrin, a 19-year veteran of the office and a graduate of Stanford Law School, dispatched investigators to county polling places to see what was going on. At first what they found was reassuring. Everyone who had been blocked from voting had been offered a provisional ballot, and most had cast their votes that way. But as the investigators dug deeper, things looked less innocuous. In the days after the vote, more people started coming forward to say they’d also had problems with their voter registration on primary day. In at least half a dozen cases, Hestrin and his investigators concluded, the changes had been made by hackers who had used private information, like Social Security or driver’s-license numbers, to access the central voter-registration database for the entire state of California. There the trail went cold.
The California secretary of state’s office told Hestrin’s investigators that the state’s system hadn’t recorded the Internet addresses of the computers that had made the changes, so there was no way to learn the identity of the hackers. Hestrin could go no further, but that wasn’t the end of it. The lingering mystery of the voter-registration changes bred doubt among members of both parties. Local Republicans publicly alleged that Democrats were ignoring the issue and privately accused them of trying to suppress the GOP vote. Democrats thought Republicans were making up an excuse for their losses at the county polls. “That was a big concern,” says Hestrin, an elected Republican. “People should still have faith in our election systems.”
It was only months later that it dawned on investigators in D.C. that undermining voters’ faith may have been the point of the Riverside County hack all along. In the months following the California primaries, the feds discovered that Russian hackers had broken into more than 20 state and local election systems and attempted to alter voter registration in several of them. Looking back at the events in Riverside County, cybersecurity officials at the White House wondered whether it had been a test run by the Russians. “It looked like a cyberattacker testing what kind of chaos they could unleash on Election Day,” says one former federal cybersecurity official who looked into the case. “There was no forensic evidence, so we may never know for sure, but the intelligence told us the Russians were bragging about doing just that.”
It is easy to forget, in the constant flurry of news, that the abiding goal of the Russian operation against the 2016 presidential election was, in the words of the U.S. intelligence community, “to undermine public faith in the U.S. democratic process.” What unfolded from early spring 2016 through the close of polls on Nov. 8 in states and counties across America was an aggressive attack on the credibility of our elections and a largely unseen and futile attempt by the federal government to counter it. The FBI, the Department of Homeland Security (DHS) and U.S. intelligence services worked to identify the hackers and determine how widespread their malicious influence operation was. The feds struggled to help states protect their ballot machines and voter-registration rolls, only to become suspected of election meddling themselves amid mounting partisanship. In the end, realizing there was little they could do to stop what they feared might be a final Russian attack on the vote, the feds worked up an extraordinary plan to limit the damage on Election Day and in the days after.