Page:Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election Volume 1.pdf/23

This page has been proofread, but needs to be validated.

COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY

DHS staff further recounted to the Committee that "Russia would have had the ability to potentially manipulate some of that data, but we didn't see that."^[1] Further, DHS staff noted that "the level of access that they gained, they almost certainly could have done more. Why they didn't … is sort of an open-ended question. I think it fits under the larger umbrella of undermining confidence in the election by tipping their hand that they had this level of access or showing that they were capable of getting it."^[2]
(U) According to a Cyber Threat Intelligence Integration Center (CTIIC) product, Illinois officials "disclosed that the database has been targeted frequently by hackers, but this was the first instance known to state officials of success in accessing it."^[3]

(U) In June 2017, the Executive Director of the Illinois State Board of Elections (SBE), Steve Sandvoss, testified before the Committee about Illinois's experience in the 2016 elections.^[4] He laid out the following timeline:

(U) On June 23, 2016, a foreign actor successfully penetrated Illinois's databases through an SQL attack on the online voter registration website. "Because of the initial low-volume nature of the attack, the State Board of Election staff did not become aware of it at first."^[5]
(U) Three weeks later, on July 12, 2016, the IT staff discovered spikes in data flow across the voter registration database server. "Analysis of the server logs revealed that the heavy load was a result of rapidly repeated database queries on the application status page of our paperless online voter application website."^[6]
(U) On July 13, 2016, IT staff took the website and database offline, but continued to see activity from the malicious IP address.^[7]
(U) "Firewall monitoring indicated that the attackers were hitting SBE IP addresses five times per second, 24 hours a day. These attacks continued until August 12^th [2016], when they abruptly ceased."^[8]

↑ (U) SSCI interview with DHS and CTIIC, February 27, 2018, p. 14.
↑ (U) Ibid.
↑ (U) CTIIC Cyber Threat Intelligence Summary, August 18, 2016.
↑ (U) SSCI Open Hearing on June 21, 2017. The Committee notes that, in his testimony, Mr. Sandvoss said Illinois still had not been definitively told that Russia perpetrated the attack, despite DHS's high confidence. The Committee also notes that DHS eventually provided a briefing to states during which DHS provided further information on this topic, including the DHS high-confidence attribution to Russia.
↑ (U) Ibid., p. 110.
↑ (U) Ibid.
↑ (U) Ibid., p. 111.
↑ (U) Ibid.

23
COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY

[1] (U) SSCI interview with DHS and CTIIC, February 27, 2018, p. 14.

[2] (U) Ibid.

[3] (U) CTIIC Cyber Threat Intelligence Summary, August 18, 2016.

[4] (U) SSCI Open Hearing on June 21, 2017. The Committee notes that, in his testimony, Mr. Sandvoss said Illinois still had not been definitively told that Russia perpetrated the attack, despite DHS's high confidence. The Committee also notes that DHS eventually provided a briefing to states during which DHS provided further information on this topic, including the DHS high-confidence attribution to Russia.

[5] (U) Ibid., p. 110.

[6] (U) Ibid.

[7] (U) Ibid., p. 111.

[8] (U) Ibid.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

Page:Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election Volume 1.pdf/23

Navigation menu

Search