Russian hackers targeted state election databases ahead of the 2016 U.S. presidential election, a Department of Homeland Security official told the Senate Intelligence Committee on Wednesday.
“As of right now, we have evidence of 21 states, or election-related systems in 21 states, that were targeted,” said Jeanette Manfra, acting deputy undersecretary of cybersecurity and communications for the agency’s National Protection and Programs Directorate.
The disclosure followed previous confirmation from DHS and the Federal Bureau of Investigation that voter registration databases in Arizona and Illinois were compromised by foreign-based hackers in the months leading up to the election.
The revelations add a new wrinkle to ongoing probes over alleged Russian meddling in the 2016 U.S. presidential campaign. Democratic nominee Hillary Clinton has blamed the role of Russian intelligence at least partly for her unexpected loss in November.
White House press secretary Sean Spicer on Tuesday said he had not yet spoken to President Donald Trump about whether he believes Russia interfered in last year’s election.
“I have not sat down and talked to him about that specific thing,” Spicer told reporters at the daily White House press briefing. “Obviously, we’ve been dealing with a lot of other issues today.”
On Wednesday, each of the three witnesses who testified during the Senate Intelligence Committee’s first panel — representatives from DHS and the FBI — said there was no evidence that any votes or election tallies from the 2016 contest were tampered with as a result of hacking.
Sen. Mark Warner (D-Va.), the committee’s top Democrat, wrote a letter to Homeland Security Secretary John Kelly on Tuesday asking him to publicly disclose which states were targeted, and to share any applicable hacking data with state officials.
“If physical infrastructure operated by multiple states was simultaneously attacked, surely the federal government would have an obligation to inform the American people and the other states so that they could take protective measures,” Warner said at Wednesday’s hearing.
Manfra expressed unease with publicly identifying the other states that were targeted.
“When an entity is a victim of a cyber incident, we believe very strongly in protecting the information around that victim,” she told lawmakers. “All of the system owners within those states are aware of that targeting.”
During the hearing’s second panel, election officials from Indiana and Wisconsin said they hadn’t received notices that their election databases had been compromised.
Bill Priestap, assistant director of the FBI’s counterintelligence division, said he had no doubt the Russians were behind the hacking efforts and that they would be back in future U.S. elections. He drew a parallel between the collapse of the USSR and Russia’s efforts to remake itself into a global superpower as one reason for their election meddling in the United States and across Europe.
“Hoping to regain its prior stature, Russia has decided to try to weaken us and our allies,” Priestap told senators, adding that Russian hackers have attempted to influence previous U.S. elections, but not to the scope that was seen in last year’s contest.
When asked by Sen. Joe Manchin (D-W.Va.) about Russia’s intention, Priestap said the country’s focus was “on undermining democracy.”
Some committee members, including Sens. Roy Blunt (R-Mo.) and Ron Wyden (D-Ore.), expressed support for paper-audited trails to ensure the validity of votes in the event of future hacking efforts.
Steve Sandvoss, executive director of the Illinois State Board of Elections, told the panel that hackers used an SQL injection cyberattack to gain access to the state’s voter registration database. The attack began on June 23, 2016, but election officials were not made aware of the attack until database process usage unexpectedly spiked to 100 percent on July 12.
“If they had never cranked up the volume, is it fair to say you would have never discovered it?” Sen. Jim Risch (R-Idaho) asked.
“I would say it probably would not have been discovered, certainly not right away,” Sandvoss replied. “And if the volume was low enough, even an analysis of our server logs might not catch something like that because it wouldn’t stand out.”