Information operations · Information Warfare · Russia

Russian Targeting of Election Infrastructure During the 2016 Election: Summary of Initial Findings and Recommendations

The unfortunate thing about this report is that it focused on cyber only and avoided linking these actions with any other Russian Information Warfare (IW) activity. Russian IW, however, is a whole of government program, with all parts of the Russian government participating and contributing as best they could and can – it continues to this day and shows no sign of slowing. The Russian IW program is seemingly not constrained by legal, ethical, or moral restrictions. The goal is to promote Russia and Russian national interests, often by undermining other governments and alliances. Sowing chaos and confusion in the West by flooding the West with fake news, false stories, propaganda, misinformation, and disinformation enables Russia to further their goals of weakening the West. 

As more findings are uncovered, dear readers, please remember to view Russian efforts holistically, as a whole of government effort by the Russian government. These efforts are often illegal, immoral, and unethical, by any civilized standard. They seek to take advantage of the free world’s commitments to free speech, to the ethical and moral rule of law, and to democracy in whatever form it may take.  

Russia has little to no hope of building themselves into a superpower reminiscent of the Soviet Union. Instead, they choose to use bluff, bravado, and threats to intimidate. They use propaganda, disinformation, misinformation, trolls, and fake news to sow chaos and confusion, to divide up along racial, religious, and other social and cultural lines. 

Also to be viewed holistically, the majority of this program is focused internally, inside of Russia, to cow and contain Russian citizens. Combined with overwhelming totalitarian techniques such as strict censorship, denial of freedom of speech to the opposition, not allowing protests, mass ballot stuffing, widespread false reporting, and strictly controlled media, Russia floods the Russian internet with trolls to avoid any appearance of dissent. 

Russia relies on the breadth of their program to avoid Westerners seeing the totality of their program, for surely Russia cannot have such a large program focused solely on destabilizing the West and maintaining strict control over their own citizens.  We see, however, that the program is about influence using all offices of government, cyber, leverage, selective leaks, compromising materials, even lawfare, to gain any and all advantage under the cover of denials, “prove it”, obfuscation, alternate theories, ridicule, and conspiracy theories. 

Viewed as a system of systems, this is a weapon of mass attempts of influence unlike any seen in the history of mankind. It does not seek to promote Russia as much as it means to undermine the West and maintain internal control. 

It must be stopped.  We are only taking baby steps to do so. To not at least neutralize Russian IW is to allow an unfriendly nation to undermine the very fabric of Western civilization. 

</end editorial>

US Senate Intelligence Committee report: Russian Targeting of Election Infrastructure During the 2016 Election: Summary of Initial Findings and Recommendations

May 8, 2018


In 2016, cyber actors affiliated with the Russian Government conducted an unprecedented, coordinated cyber campaign against state election infrastructure. Russian actors scanned databases for vulnerabilities, attempted intrusions, and in a small number of cases successfully penetrated a voter registration database. This activity was part of a larger campaign to prepare to undermine confidence in the voting process. The Committee has not seen any evidence that vote tallies were manipulated or that voter registration information was deleted or modified.

  • The Committee has limited information about whether, and to what extent, state and local officials carried out forensic or other examination of election infrastructure systems in order to confirm whether election-related systems were compromised. It is possible that additional activity occurred and has not yet been uncovered.

Summary of Initial Findings

  • Cyber actors affiliated with the Russian government scanned state systems extensively throughout the 2016 election cycle. These cyber actors made attempts to access numerous state election systems, and in a small number of cases accessed voter registration databases.
    • At least 18 states had election systems targeted by Russian-affiliated cyber actors in some fashion.1 Elements of the IC have varying levels of confidence about three additional states, for a possible total of at least 21. In addition, other states saw suspicious or malicious behavior the IC has been unable to attribute to Russia.
    • Almost all of the states that were targeted observed vulnerability scanning directed at their Secretary of State websites or voter registration infrastructure. Other scans were broader or less specific in their target.
    • In at least six states, the Russian-affiliated cyber actors went beyond scanning and conducted malicious access attempts on voting-related websites.2 In a small number of states, Russian-affiliated cyber actors were able to gain access to restricted elements of election infrastructure. In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter
      • (These numbers only account for state or local government targets. DHS did not include states which may have witnessed attacks on political parties, political organizations, or NGOs. In addition, the numbers do not include any potential attacks on third-party vendors. 2 In the majority of these instances, Russian government-affiliated cyber actors used Structure Query Language (SQL) injection – a well-known technique for cyberattacks on public-facing websites. registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals.)
  • The Committee found that in addition to the cyber activity directed at state election infrastructure, Russia undertook a wide variety of intelligence-related activities targeting the U.S. voting process. These activities began at least as early as 2014, continued through Election Day 2016, and included traditional information gathering efforts as well as operations likely aimed at preparing to discredit the integrity of the U.S. voting process and election results.
  • The Committee’s assessments, as well as the assessments of the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), are based on self-reporting by the states. DHS has been clear in its representations to the Committee that the Department did not have perfect insight into these cyber activities. It is possible that more states were attacked, but the activity was not detected. In light of the technical challenges associated with cyber forensic analysis, it is also possible that states may have overlooked some indicators of compromise.
  • The Committee saw no evidence that votes were changed and found that, on balance, the diversity of our voting infrastructure is a strength. Because of the variety of systems and equipment, changing votes on a large scale would require an extensive, complex, and state or country-level campaign. However, the Committee notes that a small number of districts in key states can have a significant impact in a national election.

Report at:,Recs2.pdf