A multi-agency report has strengthened claims that Russia meddled with election systems in all 50 US states during the last presidential race.
The report is called a joint intelligence bulletin (JIB), and it comes from the Department of Homeland Security and the FBI. It is an unclassified document intended for internal distribution to state and local authorities.
Intelligence newsletter OODA Loop reports that the JIB reveals stronger evidence of Russian interference. Agencies believe that Russian agents targeted more than the 21 states initially suspected.
According to the bulletin:
Russian cyber actors in the summer of 2016 conducted online research and reconnaissance to identify vulnerable databases, usernames, and passwords in webpages of a broader number of state and local websites than previously identified, bringing the number of states known to be researched by Russian actors to greater than 40.
Although there are some gaps in the data, the bulletin claims “moderate confidence” that Russia conducted “at least reconnaissance” against all US states because its research was so methodical, it added.
Russia’s cyberspace election meddling played out between June and October 2016, with most activity occurring in July, the JIB said. They researched election-related websites and information in at least 39 states or territories, with Secretary of State websites drawing the most attention. They proceeded alphabetically through the states “with some exceptions”, although OODA Loop doesn’t say what they were.
The agency also went beyond mere reconnaissance, though. According to the bulletin, they regularly tried to find vulnerabilities in SQL databases behind state election websites. They were able to access voter registration files in one place, and a sample ballot from a US county website in another.
The bulletin builds on previous joint work done by the two agencies. The most detailed was a joint analysis report released in December 2016 that identified two Russian groups interfering in the 2016 election.
The first was Advanced Persistent Threat (APT) 29, which entered the fray in 2015, while the second, APT28 (also known as Fancy Bear), entered in spring 2016. Both of these groups used spearphishing attacks to distribute malware. The 2016 attack resulted in the Democratic National Committee hack that saw senior party members’ emails distributed online.
A subsequent indictment of several Russian military officers as part of the Mueller investigation into Russian election interference surfaced more details. These included the theft of data on around 500,000 voters from an unnamed state’s board of elections. They took names, addresses, partial Social Security numbers, dates of birth, and driving license numbers.
The news comes as the US Senate considers a bill calling for sanctions on any country found meddling in US elections. The Defending Elections from Threats by Establishing Redlines (DETER) bill calls for the US Director of National Intelligence to compile reports on any foreign interference within 60 days of the election. It particularly calls out Russia, singling out its financial institutions for economic sanctions should it be caught interfering in the US election.