Russian Hackers Break Into 2 County Systems, Stoking Election Security Fears
Updated on Oct. 23 at 5:47 a.m. ET
Active Russian cyberattacks are targeting a wide swath of American government networks, including those involved with the ongoing election, federal authorities revealed Thursday.
The focus of the effort, from the notable Russian hacking group sometimes known as Energetic Bear or FireFly, includes "U.S. state, local, territorial, and tribal government networks, as well as aviation networks," according to a new bulletin from the FBI and the Cybersecurity and Infrastructure Security Agency.
It continued: "As this recent malicious activity has been directed at ... government networks, there may be some risk to elections information ... However, the FBI and CISA have no evidence to date that integrity of elections data has been compromised."
U.S. officials said separately that systems in two local government jurisdictions had been accessed, granting attackers admission to some limited data about voters. But they were also adamant that the attackers were not in a position to actually affect results.
"We're not aware of any activity that would put them in a position to come anywhere near a vote," said Chris Krebs, the director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
At a briefing Thursday afternoon, Krebs said he saw the announcement as more of a broad cybersecurity statement rather than one specifically focused on election security, since the attacker's intentions were not clear based on the broad number of agencies and organizations targeted.
Cyber attackers are "opportunistic," Krebs said, and in this case they were able to use vulnerabilities in the fairly simplistic county government infrastructures to move within a number of offices inside a single government. In at least one of the cases, that led them to some publicly available voting data.
"We don't have any reason to believe they were looking for election infrastructure or election-related information," Krebs said. "They just found themselves there."
Government officials do not usually announce the location of hacks, but The Washington Postreported Thursday that the counties breached are in California and Indiana.
Krebs added that it's possible, if not probable, that the group has breached more governments, but they haven't been discovered yet.
"I'm paranoid by nature, so I assume we'll find at some point some additional compromises," he said.
The announcement came one day after an in-person briefing by Director of National Intelligence John Ratcliffe and FBI Director Christopher Wray in which they warned about Russian interference as well as an Iranian scheme to intimidate voters with spoof emails.
The agencies involved have been warning for months, including with similar bulletins about cyber risks confronting U.S. elections infrastructure, which they have suggested likely would focus on systems adjacent to core operations — such as a website that shows results — as opposed to the casting and counting of ballots themselves.
Ratcliffe, Wray and others have warned about the prospect that influence-mongers could exploit the headlines about cyberattacks, and some potential real exploits, to make claims about compromised election systems that might not be legitimate.
"We've been working for years as a community to build resilience in our election infrastructure — and today that infrastructure remains resilient," Wray said Wednesday. "You should be confident that your vote counts. Early, unverified claims to the contrary should be viewed with a healthy dose of skepticism."
The bulletin Thursday alluded to the prospect that the network activity detected by U.S. authorities could enable attackers to access sensitive systems, including even by printing access badges.
And though American authorities said they've detected no disruptions, "the [attackers] may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize ... government entities."
It wasn't immediately clear how or whether the U.S. might respond to the Russian cyberattacks discussed Thursday afternoon, but earlier in the day the Treasury Department announced it has sanctioned a number of Iranian government entities in connection with what U.S. officials called their interference in the election.
Copyright 2021 NPR. To see more, visit https://www.npr.org.