In the wake of Donald Trump’s upset victory, everyone is looking for a place to lay the blame. There’s the Democratic leadership, FBI director James Comey, Facebook, racist voters, and literal Nazis. And then there’s the suggestion that Russia hacked the election. Articles at least a month old about the cybersecurity of America’s electoral system are beginning to recirculate as people cast suspicious glances toward the Eastern Bloc.
One CNN article, from October 12, highlights a few election-related breaches that exposed the personal data of voters in Florida, Illinois, and Arizona. Another report from late September by the Associated Press cited Homeland Security sources who said that the voter-registration systems in more than 20 states had been targeted.
The first thing to note is that any large internet presence (Microsoft, Google, government infrastructure, DNS providers) is going to be a continual hacking target. Hackers often scan servers for vulnerabilities and open ports. Doing so requires them to send a signal to their intended target. The mere presence of a ping does not automatically indicate an actual data breach. It signifies an attempt. It’s like turning a doorknob to see whether or not it’s locked.
Of course, maybe voter-registration data was compromised. There is a lot of useful insight be gleaned from voter-registration data, personal information that can be used for things like identity theft. But it’s important to be specific here: Targeting voter registries, and harvesting the information of registered voters, is not the same as hacking an election. They’re both concerning, but not identical. The type of breaches described in these older, reinvigorated reports is more akin to the gargantuan hack of the U.S. Office of Personnel Management, suspected to be the work of Chinese state actors. That hack contained vast amounts of intelligence that foreign actors could use as leverage elsewhere. Voter registrations are highly concentrated stores of American personal data.
There is, as of now, no evidence that any voting systems were compromised on Election Day, merely speculation and theorizing. The speculation that Russia literally hacked into our voting system and added millions of fake ballots to swing the election is Hollywood fiction. As we said last week, the easiest, most effective way to swing a vote is through the coordinated release of damaging information, such as the DNC hack likely committed by Russia. We should be wary of foreign governments attempting to influence our elections, but it’s never going to be as simple as exclaiming, “We were hacked!” The trick is to understand precisely how.