WASHINGTON _ Local officials consistently play down suspicions about the long lines at polling places on Election Day 2016 that led some discouraged voters in heavily Democratic Durham County, N.C., to leave without casting a ballot.
Minor glitches in the way new electronic poll books were put to use had simply gummed things up, according to local elections officials there. Elections Board Chairman William Brian Jr. assured Durham residents that "an extensive investigation" showed there was nothing to worry about with the county's new registration software.
He was wrong.
What Brian and other election officials across eight states didn't know until the leak of a classified intelligence is that Russian operatives hacked into the Florida headquarters of VR Systems Inc., the vendor that sold them digital products to manage voter registrations.
A week before the election, the hackers sent emails using a VR Systems address to 122 state and local election officials across the country, inviting them to open an attachment wired with malicious software that spoofed "legitimate elections-related services," the report said. The malware was designed to retrieve enough additional information to set the stage for serious mischief, said the National Security Agency report disclosed by the Intercept, an investigative web site.
That wasn't the only type of attack.
The new revelations about the Kremlin's broad and sophisticated cyber offensive targeting Democrat Hillary Clinton and aimed at seating Donald Trump in the Oval Office have set off a wave of worry about the security of the nation's voting systems. State election officials, facing questions as to whether they ignored oddities or red flags, have responded by accusing intelligence agencies of failing to alert them of the risks.
The truth is a hodge-podge of electronic machinery that enables Americans to exercise their most sacred democratic right is weakly guarded by state and local agencies. Those officials are quick to assure the voting public that their systems are secure, but they lack the resources and technical know-how to defend against cyber intrusions, or even to perform forensic examinations to ensure nothing happened.
Election officials in Illinois, another state that VR Systems lists as a customer, did not find out they were hacked by Russian operatives late last June until a week or two later. By then, the Russian operatives had downloaded about 90,000 voter registration records, leading to an investigation by the FBI and the U.S. Department of Homeland Security, said Ken Menzel, general counsel of the Illinois Board of Elections. Menzel confirmed a Bloomberg report that the Russians appeared to have made unsuccessful attempts to alter or delete some records.
In Georgia, where a nationally watched congressional runoff race is scheduled for Tuesday, Politico magazine reported that a U.S. hacker from a national laboratory seeking to expose vulnerabilities in election systems was able to easily download millions of voter records from Kennesaw State University's Center for Election Systems, which manages them. Election watchdog groups say subsequent warnings to the state about a hole in their system went unheeded for months.
David Jefferson, a computer scientist at the Lawrence Livermore National Laboratory in California who has acted in his personal capacity in trying to safeguard election integrity, said he believes it is "absolutely possible" that the Russians affected last year's election.
"And we have done almost nothing to seriously examine that," he said.
"The Russians really were engaged in a pattern of attacks against the machinery of the election, and not merely a pattern of propaganda or information warfare and selective leaking," said Alex Halderman, a University of Michigan computer science professor. "The question is, how far did they get in that pattern of attacks, and were they successful?"
Election officials across the country may not even know if they've been attacked, computer scientists say, pointing to the scenario that played out in Durham County.
