Corruption, Crime, Issues

More states join Wisconsin and California in saying no election hack by Russia, dispute DHS finding of 21 states targeted


The Department of Homeland Security’s assessments that 21 states’ election systems were somehow targeted by Russian hackers has
fallen apart at the seams.

Image Credit: Public Domain

In Wisconsin and California, for example, the supposed targets were unrelated agencies including a department of workforce development that distributes unemployment benefits and another that handles information technology for state agencies but not for elections.

Now, it turns out that the activity reported initially as “targeting” was actually “scanning” of publicly faced government websites looking for vulnerabilities that do not even tabulate vote counts.

“In the majority of the 21 states targeted, only preparatory activity like scanning was observed,” said Department of Homeland Security spokesperson Scott McConnell. “In some cases, this involved direct scanning of targeted systems. In other cases, malicious actors scanned for vulnerabilities in networks that may be connected to those systems or have similar characteristics in order to gain information about how to later penetrate their target.”

That is a far cry from the Director of National Intelligence assessment published in January that stated, “Russian intelligence accessed elements of multiple state or local electoral boards.”

It was, however, more in line with the original joint assessment put out prior to the election in October 2016, which stated, “Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company.”

Then there was a big but in that 2016 finding: “However, we are not now in a position to attribute this activity to the Russian Government.”

With good reason. There are billions of bots crawling the Internet every day.  As noted by columnist James Lyne back in 2013, “Cybercriminals have automated scanning tools scouring the web looking for websites to infect to deploy their malicious code. Their target could be a personal blog, a small business website or a massive news site. Wherever there is a vulnerability they will happily capitalize on it to spread their wares.”

In other words, the “scans” these government websites received sound a whole lot like the same types of automated scans that happen thousands of times every week to almost every website on the web looking for vulnerabilities to install malware.

It’s like saying if rain hits your house today, it was “targeted” by the clouds. In the meantime, every building in your town got wet.

This sort of bogus reporting by DHS has rightly been met with healthy skepticism by state officials across the country, with others now joining Wisconsin and California to question the DHS finding. “We were not aware that they considered scanning as symptomatic of targeting,” Colorado director of technology and information services Trevor Timmons told Talking Points Memo.

The Talking Points Memo report also noted that such scans were common across each state’s computer networks, “A spokesperson for Iowa’s secretary of state described seeing 6,000 scans or attempted scans each day. The spokesperson for Oklahoma’s secretary of state said that state had half a million scans a year.”

The claim is practically laughable.

Without more specific information about what made these particular network scans exceptional as compared to all the other scans happening all over the web all the time, DHS is going to be hard-pressed to prove there was any nation-state strategic intent to do with the scans based on an IP address trace, let alone that these were attempts to somehow influence or obstruct the 2016 elections.

In fact, according to Incapsula, in 2016, 51 percent of all Internet traffic was bots, 55 percent of which were so-called “bad bots.” These encapsulate billions of requests every single day to websites. The programs operating these are very much automated. Good luck figuring out which ones were specifically targeting a website for any specific reason let alone who the culprits were.

For example, if a local police department’s website gets scanned by an IP address that traces back to China, and indeed, if similar bots are found on other publicly facing law enforcement websites across the fruited plain, do we conclude that foreign adversaries are attempting to obstruct criminal investigations?

Or in the case of Wisconsin, since it was the state unemployment office’s website that was supposedly “targeted” according to DHS, does that make our intelligence services believe there was a plot by Russia to interfere with the distribution of unemployment benefits?

These bots can do all sorts of harm. They’ll deposit malicious code into a website’s Chron jobs, comments sections, and so forth. There’s often no rhyme or reason about why a site will get infected. They’re just finding exploits because they can. The attacks range from simply defacing public websites, so-called “pwning,” to DDOS attacks to take down websites by overwhelming them with traffic, to engaging in identity theft by going after user data for more hardened cybercriminals, or just infecting local computers with adware to gather user data on customer preferences.

Divining intent from these types of breaches, when the code does get injected, is going to be more than problematic, let alone when it isn’t, as in the case of most of the 21 states.

Just looking at our Sucuri interface that protects Americans for Limited Government’s news site,, I can see about 500 blocked requests every single day. According to the software, in the past six months, 47.9 percent of the blocked requests were DDOS attacks being blocked, 17.7 percent were bad bot access being denied, 16.7 percent were spam comments, 7.5 percent were evasion attempts being denied and 2.8 percent were backdoor access being denied.

Just yesterday, Sucuri blocked requests from IP addresses in the U.S., China, Ireland, India, the UK, Lithuania, Romania, Syria, India, Sri Lanka and Thailand. Does this mean the intelligence services of each of these countries were attempting to hack Americans for Limited Government’s website? Are we some major threat? No. There is no pattern. These appear to be bots.

And in a shared server environment, as most websites are hosted in, we were not alone as the attacks and other scans focus in on ranges of IP addresses hosted across the web. It’s just part of the normal course of business on today’s Internet. There’s a lot of malware. But we already knew that.

The only thing unusual about all this is that it wound up in misleading government intelligence assessments purporting to show widespread Russian disruption of our election systems in 2016 where there may not have been any — probably to suit a narrative — that were then published, repeated and propagated. That’s the real scandal.

This is a guest post by Robert Romano Vice President of Public Policy at Americans for Limited Government.
  • Robert

    Any idiot that thinks that just because the voting machine is not hooked to the internet that it cannot be compromised should think about the malicious virus that was put into Iran’s nuclear system when they are not in any way connected to the internet. Sometimes it takes years to find the little bots and by that time they are inactive any way.
    The only safe way to have system without hacks is to go back to the paper ballot that is marked with an indelible pencil and put in a locked container with multiple locks, one for each political party.
    Any thing electronic is easy to fix in one way or the other.

    • TexasCoyote1

      I’m all in favor of paper ballots. We use them in the county I live in here in Texas. Our poll volunteers don’t seem to have any trouble counting them. :=)

      • Robert

        I do think that is the only safe way to have a vote that cannot be tampered with. also after the vote have the ballot box accompanied by one of each political party all the time until the vote tally has been confirmed, and under closed circuit video survelence like the courts have. I worked in intelligence for 26 years and I know how easy it is to rig something so it looks like it has never been bothered. You notice I do not trust anyone or anything.

Sign up for our FREE newsletter!

Sign up to receive daily updates, political news, action letters and additional messages from Conservative Republican News

View our Privacy Policy

Join our FREE Newsletter!