Multiple law enforcement sources tell CBS News homeland security correspondent Jeff Pegues that more U.S. state election databases have been hacked than previously thought.
According to sources, a total of about 10 states have had their systems probed or breached by hackers, similar to what happened in Arizona and Illinois.
CBS News has learned that government officials are increasingly concerned about Russian efforts to disrupt or influence the 2016 presidential election.
Arizona and Illinois have already experienced attempted hacks of their voter databases and earlier this month, U.S. officials said they are expanding their inquiry because investigators believe additional states have also seen hackers successfully probe their election systems.
More than a half-dozen cybersecurity experts told CBS News’ Rebecca Shabad it’s clear Russia, which has among the best hackers in the world, is trying to influence the U.S. election and that the chances of more cyberattacks between now and Election Day are high.
Voter registration or voter roll databases might be one piece of election systems that could be susceptible to further attacks, experts told CBS. Officials in Arizona and Illinois said voters’ information was not meddled with, but it could be problematic if they break into the system and delete files.
“The real danger is whether they can delete voter registrations,” said Herbert Lin, a senior research scholar for cyber policy and security at Stanford University’s Center for International Security and Cooperation. “Let’s say they wanted to intervene on the side of [Donald] Trump. Then what you would do is find a way of invalidating the voter registrations, deleting the voter registrations of 10 percent of the Democrats in the state. That would make 10 percent of them ineligible to vote.”
Theoretically, another type of advanced attack, experts said, would be to target and modify software for voting machines so that it could affect what names are displayed or how votes are counted, though experts believe this would be too tricky to execute.
“You could, in theory, hack into that software and change it so that it would tally something differently. But again, those types of things are really hard to do just in terms of actually doing it, and doing it in an undetected way is much, much more difficult,” said Daniel Castro, vice president at the Information Technology and Innovation Foundation.
Some experts are concerned about states that use touch-screen voting machines that leave no paper trail. Five states are completely paperless: Delaware, Georgia, Louisiana, New Jersey and South Carolina. Nine other states have some counties that use paperless systems: Arkansas, Indiana, Kansas, Kentucky, Mississippi, Pennsylvania, Tennessee, Texas and Virginia.
States are already on the look-out for possible insecurities. Earlier this month, Washington state revealed that its online tool that allows voters to register, update personal information and view a voter guide was accidentally accessible through the website’s development code.
There was never a “security breach” or “hack of the voter system,” the secretary of state’s office said in an advisory, and it was quickly fixed. But the incident reinforces concerns that state election systems could be vulnerable to potential cyberattacks.
Experts told CBS News that the ultimate goal of these hackers is not to necessarily change the outcome of the election; their main objective is to de-legitimize the outcome by sowing doubt, uncertainty and suspicion through a series of cyberattacks.