A variety of intelligence gathered by the U.S. Department of Homeland Security, including some that is secret, led to the conclusion that Wisconsin’s elections system had been targeted last year by Russia, state election leaders said Friday.
Elections officials repeated, as they said last week, there’s no evidence that Wisconsin’s elections systems were compromised or that Russian scans of state websites resulted in a security breach.
“These scanning attempts were unremarkable, except for the fact that (the U.S. Department of Homeland Security) later identified their source as being Russian government cyber actors,” said Michael Haas, the state’s elections administrator, and Mark Thomsen, chairman of the Wisconsin Elections Commission, in a joint statement.
The commission’s update Friday was the latest effort to explain fully what happened with the reported Russian run at Wisconsin’s systems, and the first to cite intelligence as a foundation for the federal report.
Homeland Security said last week that Wisconsin was one of 21 states whose elections systems were targeted by “Russian government cyber actors.”
That created confusion among state leaders, who had never been told previously about being a target. On Tuesday, Homeland Security informed the state that it was actually a Department of Workforce Development website, not the voter registration database, that had been scanned.
Then on Thursday, Homeland Security said that just because elections systems weren’t scanned in some states didn’t mean they weren’t a target.
Wisconsin officials confirmed Friday that Homeland Security determined Wisconsin was targeted “based on a variety of sources, including intelligence information that cannot be publicly disclosed.”
Homeland Security believes the Department of Workforce Development scans were looking for vulnerabilities in order to gain information about how to target elections systems, activity seen in other states, Wisconsin elections officials said.
Haas and Thomsen repeated that Homeland Security officials did not tell the state about the Russian government’s involvement in the attempted hacks until last week.
“The resulting confusion over the past week has been an unnecessary distraction from the fact that Wisconsin’s systems are secure and have not been breached in any way,” Haas and Thomsen said. “We have all learned many important lessons and DHS officials have apologized and promised to improve their communications with state and local elections officials.”
DHS spokesman Scott McConnell said Thursday, without naming Wisconsin or any other state, that hackers looked for vulnerabilities to exploit in other government computer systems as a way to get into the election systems. The other networks were usually connected to the election systems or shared similarities.
Officials in both California and Texas, like Wisconsin, have said they received conflicting information from Homeland Security about whether their elections systems were targeted.
Wisconsin officials provided new details about what they were told by Homeland Security this week:
- Homeland Security confirmed Russian scanning activity on July 30 and 31, 2016, of an inactive IP address assigned to a Wisconsin Department of Workforce Development job center site. The state subsequently blocked access to Wisconsin systems from the suspicious IP address.
- In August 2016, the state’s firewalls blocked an advertisement embedded in a publicly available website from being displayed on a Wisconsin Elections Commission computer. The ad could have led the user to a suspicious IP address, but because it was blocked, the user had no ability to be directed to there, state elections officials said. The state told Homeland Security about the IP address, which Homeland Security later determined to be connected to “Russian government cyber actors.”