Election 2016

Report: Russian Hackers Altered Voter Data in 2016

JM Ashby
Written by JM Ashby

According to current and former officials who spoke to TIME, hackers not only accessed voter databases, in at least one case they successfully altered data.

In one case, investigators found there had been a manipulation of voter data in a county database but the alterations were discovered and rectified, two sources familiar with the matter tell TIME. Investigators have not identified whether the hackers in that case were Russian agents.

The fact that private data was stolen from states is separately providing investigators a previously unreported line of inquiry in the probes into Russian attempts to influence the election.

The fact that the manipulation was "discovered and rectified" is not necessarily comforting. It shouldn't be possible to begin with, and I personally don't have much confidence that every potential breach has been discovered or rectified. I also expect it will happen again.

Investigators are reportedly looking into whether any of the data stolen in these breaches made its way to the Trump campaign.

My gut says it did. Much has been made of the data operation that fueled Trump's campaign, but we know Trump ran a bare-bones campaign with virtually no staff in wide swaths of the country. It seems reasonable to suspect that not all of the data acquired by Trump's allies was obtained through legitimate means. Access to the RNC's databases cannot explain all of it as the RNC ran a pathetic campaign in 2012.

We also know data obtained by Russian hackers was used against Democrats in Florida.

  • Badgerite

    This is the problem with the left ignoring the Russian cyber and financial involvement in the trump and GOP campaigns. This is a whole national apparatus (Russian intelligence) devoted to undermining the liberal or moderate vote in this country. Don’t count on that to change or get better unless it is investigated, punished and guarded against in the future. For all the hoopla about Corbyn, he did not actually win. May is the one who formed a government, not Corbyn. Macron, a centrist won and won big in France. And he won because France, as a nation, took steps to guard against the Russian interference that was unchecked here and possibly unchecked in England as well.

    • Scopedog

      Of course, what you said is right–but it will not penetrate the thick skulls of folks like Taibbi, Goodman, and Greenwald….who think that Russia and Putin are just the nicest dudes around while Hillary was Medusa herself.

      • Badgerite

        I know. But in actual fact, a lot of the information about the Russian intelligence cyber campaign to attack the American elections is coming from our allies abroad. They know it is real.

  • Dread_Pirate_Mathius

    The fact that the manipulation was “discovered and rectified” is not necessarily comforting. It shouldn’t be possible to begin with

    I don’t think you have any idea how insanely difficult cyber security is. This many different databases managed in this many different ways by this many different people (some of whom are, no doubt, technologically illiterate). There is absolutely no possible way to keep the whole thing secure. Anyone who says otherwise is either ignorant or lying.

    In a perfect world, of course, I agree. But this ain’t a perfect world. I’ve spoken here before about this. Remember, of course, that the number one vulnerability of any system is its users. And you’d be shocked how easy it is to get access to their credentials if you put your mind to it – it’s not some Hollywood technobabble “cracking the binary unix backdoor with a trojan worm” done by some guy in a trenchcoat and sunglasses blasting techno music. 99% of the time, it’s calling someone up, saying you’re from IT, and you need their password and they hand it to you on a platter. It’s users using the same password on all their sites. Or having reset answers on their wikipedia pages. It’s when they set their password to something easy to brute force / dictionary attack (I guarantee almost everyone here’s password is easy crack) and the hacker gets ahold of your hash (through 1001 different ways).

    Thinking that decentralized databases utilized by 1000’s of people are going to be completely secure is a pipe dream. If you – Ashby – put your mind to it, and are willing to risk jail, I bet you could get into one after a few weeks of serious effort.

    • muselet

      “Shouldn’t be possible” is unrealistic. However, it should be far more difficult than it is, even if that means irritating some of the lazier users of a voter database.

      –alopecia

      • ninjaf

        It’s not that they are necessarily lazy so much as gullible. Too many STILL don’t understand to never EVER give login info to anyone, even if they say they are from IT.

        • muselet

          Well, it’s both.

          Trying to remember a random string of alphanumeric characters is a bore—there are tricks for creating a strong but memorable password, but not everyone can be bothered—so people use memorable passwords. Memorable passwords are easy to crack. That’s what I mean by lazy. (The inexcusably lazy use PASSWORD or 123456 as their passwords, or some variation of their names.)

          As for gullible, you’re right. Just because a voice on the phone says it’s from IT doesn’t mean the voice is from IT.

          –alopecia

          • ninjaf

            Where I work, they have been doing random phishing tests for the last year or so — they send a fake phishing attempt email to everyone in the company. We have an “EXTERNAL” label/flag on all emails that are received from external sources. We also have a button in our email client that we click to simply report phishing attempts while we are in the email. They recently shared some stats on these tests and a little more than half of people failed these tests, even with these easy tools. Some of it is gullibility and some of it is people are too quick to click on things. If 50% of people are willing to click on a link in an unknown email, that makes any and all networks very vulnerable, even in the best of circumstances.

          • muselet

            That’s scary. Not particularly surprising, alas, but scary.

            –alopecia

    • JMAshby

      Yes, I know how difficult it is. I did not mean it should literally be impossible (no system is 100% hack-proof, and yes I’ll chose my words more carefully next time to please you), just that it appears to be far too easy. We actually have some pretty extensive experience with that (being hacked) right here on this website.

      The Obama administration sought to classify the election system as critical infrastructure so they could install more security, but Republican states rejected it.

      Our data security is lackadaisical at best.

      • We need a grass roots movement in all 50 states to put pressure on the counties to either enact some best practices in regards to cyber security or go to paper ballots. Of course, that would mean Dems have to get off their asses and care about something other than their pet issue. I won’t hold my breath.

    • Dread, you are absolutely, positively correct.

  • muselet

    Look for the majorities in both the House and Senate to studiously ignore this. Also, if this story gets any traction, we can expect a hilariously incoherent tweet-storm from Donald Trump.

    Meanwhile, our democracy slowly erodes.

    –alopecia

    • Dread_Pirate_Mathius

      My favorite tweet from the other day: I would pay a lot of money to watch Trump try to assemble a desk from Ikea.

    • Scopedog

      Yep–the Republican majorities won’t give a shit. Maybe a few GOPers will, but overall, the rest don’t care. Ryan and McConnell certainly don’t.

      Which is why taking back the House next year–and winning the Governor elections in NJ and VA and other elections at the state and local levels this year–are critically important. If the idiot Left wants to wait to push their St. Sanders in 2020, then they can go pound sand as far as I’m concerned.

      And finally…look, we have to be honest here. The GOP as it stands now as a political party must be destroyed, completely wiped out. If the moderates gain control and put it back to being a party of sane people who are the loyal opposition, then fine. But the party right now is too corrupt, too mean-spirited, too fucking dangerous for the country and the rest of the world. There is no truth to the “both parties are the same” claim, and if anyone believes it, they are fucking idiots.

  • Data crimes are like ringing a bell. You can’t un-ring it.

    • Adamwilber

      Last month my paycheck was 11 thousand dollars… All I was doing was easy online work at home for 3-4 hrs/daily that I discovered on the internet and they paid me 95 bucks every hour… Try it yourself
      ➜➜➜http://www.OnlineGlobalTopJobsMoneyCare/Wage/Home….
      ✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹✹op277…