Almost all the attention that has been paid to Russian interference on the 2016 presidential election has focused on either the hacking (and subsequent release) of Democratic electronic communications or the targeted advertising and front-groups set up on social media. Beyond that, the focus has been on possible coordination of those efforts with members of the Trump campaign or family. It’s been an article of faith that the Russians may have persuaded some people to vote for Trump or not vote for Clinton, but they didn’t physically change any votes or tamper directly with the actual count.
In part, this is because the Intelligence Community has been consistent in saying that they’ve found no evidence that any votes were changed. Yet, they’ve also told us about Russian efforts to gain access to voting databases and the computers of elections officials. In these cases, we’ve been told that at worst the Russians gained the ability to tamper with voter registration rolls, but not to the voting machines or tabulators.
One thing I don’t think people have focused on enough is the matter of intent. At the end of October 2016, the Russians sent out phishing emails purporting to be from VR Systems, a Tallahassee-based vendor that “provided voter registration and poll book software to eight states in 2016.” What were the Russians hoping to accomplish?
The emails included a Word document attachment with malware included that, when downloaded, could give the Russians remote control over the recipients’ computers. The recipients were VR Systems clients. In other words, the recipients were elections officials responsible for the voter rolls.
There were a lot of software problems on election night in the Democratic stronghold of Durham, North Carolina and North Carolina was one of the states serviced by VR Systems. The problems were severe enough that “the state Board of Elections [agreed] to extend voting time in eight Durham County precincts.”
There is, as yet, no public evidence that there’s any connection between the phishing attack on VR Systems and the problems that arose in Durham County. But, assuming the two things are unrelated, what were the Russians thinking of doing if and when they gained control of these computers?
They didn’t make the effort for no reason.
Now, one way to change the result of an election is to change, say, a Clinton vote into a Trump vote, and that could be done without detection and remotely as has been demonstrated repeatedly by hackers serving with white hats. But far easier to do is to prevent people from voting at all, and to do it selectively. You can strike registered Democrats from the voter rolls, or you can just cause software problems that cause long lines in Democratic precincts, causing people to lose patience and go home without casting a ballot. All of these methods can be used, and all of them change the actual tally of votes.
Whether the Russians succeeded in changing voter rolls or introducing software problems or not, it certainly looks like that had the intention of doing so, and that alone should have Congress freaking out and looking for ways to guard against similar attempts in the future.
It’s also something people should focus on a bit more, as it’s likely the Russians had some help in figuring out that a vendor like VR Systems would be a good place to attack.