Skip to content
Naked Security Naked Security

Russia ‘targeted 21 states’ during US election campaign, says official

Homeland Security official declines to reveal more to Senate hearing as details emerge of hacking attempts in Illinois and Arizona

During the recent US Senate Intelligence Committee hearings on Russian interference in US elections Jeannette Manfra, the acting deputy under-secretary for cybersecurity and communications, provided the soundbite of the day:

As of right now we have evidence of election related systems in 21 states that were targeted.

What neither Manfra nor others testifying would share, in open session at least, was how the Russians targeted the election systems, nor how successful they were. She did, however, concede that there is no evidence that any attempt was made to penetrate state voting systems and alter results. In her opinion, the decentralized nature of the US elections would make it “virtually impossible” to do so without being detected.

The senators were not pleased with the reluctance of Manfra and others to reveal additional details – the who, what, where, why, and how of the targeting – beyond the declaration that the activity was owned by Russia. So we are left to pull back the covers ourselves.

We turn to the unauthorized leak of the top secret NSA analysis on the Russian General Staff Main Intelligence Directorate (GRU) and their activities targeting the US election. The existence of this report became known when Reality Winner provided it to The Intercept. The NSA analysis, taken at face value, called out how the Russians “targeted US election via phishing attacks”.

Now to be clear, the information in the analysis was not especially noteworthy from a technological standpoint. What is interesting is the finding on how the  information was used cumulatively to move on to the next target.  The analytic document contained a redacted image that outlined the spear-phishing campaign and made clear which information was known, and what is being deduced.

Spearphishing Diagram

The analysis indicates a phish email that was sent from to 122 separate recipients, all associated with local government organizations, across up to 21 states. Last year, both Illinois and Arizona were told that their election offices or employees had been affected by a Russian effort.

The Arizona incident, in August 2016, at first seemed to be inconsequential. As the Washington Post reported at the time, Arizona’s secretary of state, Michele Reagan, shut down the voter registration system for nearly a week following a call from the FBI that a “credible” threat existed. It turned out that no compromise of the state’s systems had occurred, nor that of any Arizona county. A single election official in Gila County, Arizona, had had their username and password compromised when “a worker may have inadvertently downloaded a virus”. However, the username/password combination would only have provided access to the Gila County voting registration system.

The Illinois incident in July 2016, however, was more substantive. Thomas Kyle, director of voting and registration systems for the Illinois State Board of Elections, sent an email to all state election officials acknowledging that the breach had occurred on July 12 2016. Subsequently we learned the voter registration information for a “small percentage” of voters had indeed been accessed, but not altered or deleted.

Then, in August 2016, the FBI published an FBI Flash Alert, Targeting Activity Against State Board of Election Systems. The similarity between the FBI Flash Alert and the Illinois email? They both described how the actors could inject SQL database queries into state’s systems. Given the timing of the outreach by the FBI, the incidents in both states appear to be consistent with the “targeting” that both Manfra and the NSA describe in their analysis.

Add to this the contemporaneous activities that were going on at the Democratic National Committee, whose dirty laundry was put on show by the Fancy Bear hacker group, and it seems clear that the Russians were busy in the summer of 2016. Interestingly, we learned from homeland security secretary Jeh Johnson, during a separate hearing that the DNC had turned away both the FBI and Homeland Security, instead relying on a private company to get to the bottom of who had ravaged their systems.

Despite all this, we would expect Russian president Vladimir Putin to deny the Russian hand has been involved. And yes, he he did not disappoint.

Hackers are free people. They are like artists. If they are in a good mood, they get up in the morning and begin painting their pictures. Hackers are the same. They wake up in the morning, they read about some developments in international affairs, and if they have a patriotic mindset, then they try to make their own contribution the way they consider right into the fight against those who have bad things to say about Russia.

Whether it is acknowledged or not, what the Russians have demonstrated is their active campaign to sow doubt and uncertainty in the US election (and those of other nations) has been successful. And one thing’s for sure: this is not the last we’ve heard about the Russian meddling in the US election process, and if predictions are correct, it isn’t the last we’ve seen of their meddling either.


This is nothing but fake news. What about Obama? He went to France and told everyone who to vote for. That’s a much bigger problem. Nobody should be allowed to go to another country and say who anyone should vote for.


If Obama had been the president, or an official representative of the US government, at the time he backed Macron I’d go so far as to agree that he was violating established norms and shouldn’t be doing that. I live in the UK and felt he was out of line when he visited these shores as president to comment on the Brexit vote (which did not go his way by the way) even though he was clearly doing so in the US national interest.

But he wasn’t president when he backed Marcon so he’s free to exercise his right to free speech, no?

Could Obama’s intervention have swung the French election in favour of Macron? Marine Le Pen would have needed a vote swing of more than 32% to win. It’s very clear that Marcon won on the back of a coalition of all the voters who didn’t vote Marine Le Pen in the first round. Are you saying that all the people who were planning to vote socialist in the first round were then planning to switch to voting for the extreme right wing candidate instead of the centrist until Obama intervened? Or is it more likely that everyone to the left of Marine Le Pen in round one stayed to the left of Marine Le Pen in round two?

Setting that aside, anyone who suggests that the French are inclined to sheepishly follow instructions from visiting Americans clearly hasn’t spent much time in France.


This is nothing but fake news. What about Obama? He went to Russia to get voter appeal yet when Trump won he sent the diplomats packing back to Russia and sanctions on Russia.


New rule: I’m not going to approve any more comments that start “This is nothing but fake news” and then fail to even try to back it up and/or pivot to some completely unrelated topic.
The term “fake news” is not a magical incantation, you need to bring more to the table.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!