Voters across the country were shocked to learn last year, through the disclosure of a top-secret NSA document, details of an intricate plot by Russian military hackers to infiltrate American electoral systems. New emails obtained by The Intercept through public records requests illustrate the disturbing extent to which potential targets of the attack were caught unaware, having apparently remained in the dark alongside the voting public. On June 5, 2017, The Intercept published a top-secret National Security Agency assessment that detailed and diagramed a Russian governmental plot to breach VR Systems, an e-voting vendor that makes poll book software used by several pivotal electoral battleground states, such as North Carolina and Virginia. The report attributed the scheme to the Russian General Staff Main Intelligence Directorate, or GRU. GRU’s plan, the NSA claimed, was to roll any success with VR Systems into a subsequent email attack against state voting officials across the country.
According to the documents obtained by The Intercept, officials in a handful of crucial swing states were completely unaware that GRU was trying to infiltrate their voting systems — for months and months after the election had taken place. Experts contacted by The Intercept decried a system in which overstretched state officials were in the dark about potential threats. A former official from the Department of Homeland Security told The Intercept on the condition of anonymity that warning about the potential attacks did not filter down to state-level officials in part because of complicated bureaucratic turf wars between the NSA, DHS, and local bodies — all of which were exacerbated because, for the NSA, transmitting word of the cyberattacks down the chain was “not a high priority issue.”
In North Carolina — which had reported widespread, glitchy disruptions on Election Day — key state voting officials clearly were never filled in on the details of the threat they had faced seven months prior. Rather, the officials learned the details in the news along with the rest of the public, without permission or authorization. These emails, obtained via public records request, underscore the total failure of the U.S. government to get information about imminent threats to election infrastructure to the people most affected, and raises the crucial question of why exactly it took roughly seven months for word of a credible attack against the integrity of American elections to reach the very people and systems under threat.