The details of an apparent Russian state-sponsored cyberattack on local election officials and a vendor of U.S. voting software are shocking—but they shouldn’t be surprising. In fact, experts had been warning for months before the 2016 election about exactly the type of attack that was revealed Monday in leaked NSA documents. According to the documents, the purpose of the attack, which occurred last August, was “to obtain information on elections-related software and hardware solutions.” The attackers “likely used data obtained from that operation to create a new email account and launch a voter-registration themed spear-phishing campaign targeting U.S. local government organizations.” The NSA’s analysis does not draw any conclusions about whether the attack affected voting outcomes in the presidential election in November, or any other national or local races. But targeting voter registration systems is widely seen as one of the most effective ways to use a cyberattack to disrupt the electoral process. An adversary with access to voter registration information could, for example, delete names from the voter roll or make other modifications to the data that could cause chaos on Election Day. (See “How Hackers Could Send Your Polling Station Into Chaos.”)
Before the election, Rice University computer science professor Dan Wallach told MIT Technology Review that poorly secured voter registration databases were the biggest cybersecurity threat facing the U.S. voting system, since many states put them online. In September, the Associated Press reported that hackers had targeted voter registration systems in 20 states.
Also among potential targets, experts warned at the time, were electronic poll books—computerized versions of the paper lists that poll workers often use to check voters in. Most offer the option to connect to the Internet.