Page:Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election Volume 1.pdf/16

This page has been proofread, but needs to be validated.

COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY

	web application and the election results website.^[1] If the penetration had been successful, actors could have manipulated the unofficial display of the election tallies.^[2] State officials believed they would have caught any inconsistency quickly.^[3] State 6 became aware of this malicious activity and alerted partners.^[4] DHS reported that GRU actors scanned State 6, then unsuccessfully attempted many SQL injection attacks. State 6 saw the highest number of SQL attempts of any state.
State 7	(U) According to State 7 officials, cyber actors using infrastructure identified in the August FLASH scanned public-facing websites, including the "static" election site.^[5] It seemed the actors were "cataloging holes to come back later," according to state election officials.^[6] State 7 became aware of this malicious activity after receiving an FBI alert.^[7] DHS reported GRU scanning attempts against two separate domains related to election infrastructure.^[8]
State 8	(U) According to State 8 officials, cyber actors using infrastructure identified in the August FLASH scanned a State 8 public election website on one day.^[9] State 8 officials described the activity as heightened but not particularly out of the ordinary.^[10] State 8 became aware of this malicious activity after receiving an alert.^[11] ^[12] ^[13]
State 9	(U) According to State 9 officials, cyber actors using infrastructure identified in an October MS-ISAC advisory^[14] scanned the statewide voter registration

↑ (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 6], November 17, 2017.
↑ (U) Ibid.
↑ (U) Ibid.
↑ (U) Ibid.
↑ (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 7], January 25, 2018.
↑ (U) Ibid.
↑ (U) Ibid.
↑ (U) DHS briefing for Committee staff on March 5, 2018.
↑ (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 8], February 2, 2018.
↑ (U) Ibid.
↑ (U) Ibid.
↑ (U) DHS briefing for Committee staff on March 5, 2018.
↑ (U) Ibid.
↑ (U) While the Committee was unable to review the specific indicators shared with State 9 by the MS-ISAC in October, the Committee believes at least one of the relevant IPs was originally named in the August FLASH because of technical data held by DHS which was briefed to the Committee.

16
COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY

[1] (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 6], November 17, 2017.

[2] (U) Ibid.

[3] (U) Ibid.

[4] (U) Ibid.

[5] (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 7], January 25, 2018.

[6] (U) Ibid.

[7] (U) Ibid.

[8] (U) DHS briefing for Committee staff on March 5, 2018.

[9] (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 8], February 2, 2018.

[10] (U) Ibid.

[11] (U) Ibid.

[12] (U) DHS briefing for Committee staff on March 5, 2018.

[13] (U) Ibid.

[14] (U) While the Committee was unable to review the specific indicators shared with State 9 by the MS-ISAC in October, the Committee believes at least one of the relevant IPs was originally named in the August FLASH because of technical data held by DHS which was briefed to the Committee.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

Page:Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election Volume 1.pdf/16

Navigation menu

Search