May 8 (UPI) — Russian cyber actors surveilled about 20 state election systems with the intent of undermining confidence in the U.S. voting process during the 2016 election, the Senate Intelligence Committee said in a report released Tuesday.
The committee determined that cyber actors affiliated with the Russian Government extensively scanned state systems and in some cases were in a position to at least alter or delete voter registration data, but found no evidence that hackers had changed vote tallies or voter registration information.
“These activities began at least as early as 2014, continued through Election Day 2016, and included traditional information gathering efforts as well as operations likely aimed at preparing to discredit the integrity of the U.S. voting process and election results,” the committee said.
Russian-affiliated cyber actors scanned election systems in least 18 states for vulnerabilities and the committee had evidence at least three more may have been targeted in some capacity, according to the report.
Assessments by the committee as well as the Department of Homeland Security and the FBI were made based on self-reporting by the states and there is a possibility more states were targeted and went undetected.
Hackers went beyond scanning and attempted to gain access to voting websites in at least six states and “in a small number of states” managed to gain access to restricted elements of election infrastructure.
“The Committee does not know whether the Russian government-affiliated actors intended to exploit vulnerabilities during the 2016 elections and decided against taking action, or whether they were merely gathering information and testing capabilities for a future attack,” the report stated.
Initial DHS response to the meddling was inadequate at the time, but cooperation between the agency and states has greatly improved since, according to the report.
The committee found the diversity of voting infrastructure in the United States proved to be a strength that prevented potential attacks.
“Because of the variety of systems and equipment, changing votes on a large scale would require an extensive, complex, and state or country-level campaign,” the report said.
In contrast, the committee noted many aspects of election structure are connected and can be accessed over the internet, making them vulnerable to hacking.
It also found many voting systems are outdated and lack paper records that can be reliably audited in the event of allegations of machine manipulation.
Additionally, the number of vendors selling machines has decreased, leading the committee to be concerned about vendors of voting machines and election software becoming targets for malicious cyber actors.