Why would Russian hackers steal US voter data?

In Illinois, state officials said the hackers stole data from as many as 200,000 voter records.

First Look

A cyber assault on election databases in Arizona and Illinois this summer prompted the FBI to alert election officials nationwide to strengthen the security of their computer systems in the weeks before the Nov. 8 presidential election, a warning one person who works with state election officials called “unprecedented.”

The warning, issued on Aug. 18 in a flash alert from the agency's Cyber Division, was reported on Monday by Yahoo.

The FBI told Arizona officials in June that Russians were behind the attack, although they didn’t specify if the hackers were employed by the Kremlin or were just criminals, according to The Washington Post. In Illinois, Kyle Thomas, director of voting and registration systems for the state board of elections, said the hackers were most likely from a “foreign (international) entity,” he wrote in a Facebook message sent in July to all election authorities in the state.

If Russians were behind both incidents, they are the latest indications in Russian interest in US elections. It would also be further evidence of a shift in Russian tactics to meddle with the country’s political system.

Fiona Hill, director of the Brooking’s Institution Center on the US and Europe, told the Monitor Russia’s cyber focus has evolved.

“The Russians at one point a number of years ago were also focused on their economic aspirations,” said Dr. Hill, comparing them to the Chinese. “But now they’re back to the old political space and are very much working from the playbill of the KGB in the cold war days.”

The attack on their election databases drove Arizona and Illinois election officials to shut down their systems for about a week. In June, the FBI told Arizona Secretary of State Michele Reagan (R) they noticed a “credible” and “significant” threat, Matt Roberts, a spokesman for the secretary, told The Washington Post. However, the hackers managed to use malware to steal the username and password of just one election official in Gila County.

In Illinois, the infiltration was much larger. Hackers stole the personal data of up to 200,000 state voters, Ken Menzel, general counsel of the Illinois Board of Elections, told Yahoo News.

“This was a highly sophisticated attack most likely from a foreign [international] entity,” wrote Mr. Thomas, director of voting and registration systems for the Illinois state board of elections, in the Facebook post.

These two incidents were the impetus for the FBI and the Department of Homeland Security to warn election officials nationwide of possible cyber threats, and offer their assistance to these state entities to protect their systems.

An infiltration of voter databases could allow hackers to affect the outcome of elections, according to Politico.

“Having access to voter rolls, for example, could allow hackers to digitally alter or delete registration information, potentially denying people a chance to vote on Election Day,” writes Politico’s Cory Bennett and Eric Geller. “Or news of the attack could simply fuel further distrust in the U.S. election system, which Trump has repeatedly alleged is ‘rigged.’ ”

These incidents also come the same summer Russians are said to have leaked 20,000 emails stolen from the Democratic National Convention. The Kremlin has denied it was involved in the DNC email leak. But intelligence officials suspect two Russian intelligence agencies, the FSB and the GRU, were behind it, according to The New York Times. The FSB is the successor to the KGB, while the GRU is Russia's head military intelligence unit. President Obama has not publicly said the Kremlin was involved, but Obama noted outside experts and suggested why it would be in Russian President Vladimir Putin's interest to breach DNC emails.

Hackers have also targeted the computer systems of Republican presidential nominee Donald Trump and Republican party organizations, sources have told Reuters. 

However, some cyber experts are skeptical the attacks on state election systems fits into the modus operandi of the Kremlin. Hackers can sell information in voter databases, such as names, addresses, and phone numbers, for profit.

Nevertheless, experts say that the hacks of presidential campaigns and politicians are common, as Aiden Quigley reported for the Monitor in June:

Dave Aitel, a former NSA analyst who now runs Immunity, a security firm, said both Republican and Democratic campaigns have likely been targeted by hackers. Mr. Aitel told Wired that Russian, Chinese and Iranian hackers have likely been seeking information, and although CrowdStrike was successful in removing them for now, it is likely they will be back.

"People get confused because they assume they're after one thing. But this is about long-term collection, not any particular piece of information," Aitel told Wired. "It's the same thing we do: Let's suck this target completely dry and turn it into signals intelligence product. This is not a one-time event."