When Russian hackers targeted the U.S. election infrastructure
Editor's Note: President Trump has been criticized by both sides of the aisle for his remarks Monday during a joint news conference in Helsinki with Russian president Vladimir Putin. At the news conference, Mr. Trump questioned the conclusion of U.S. intelligence agencies that Russia interfered in the 2016 election and appeared to accept President Putin's denial that any such meddling occurred.
A day later while meeting with lawmakers in the White House, the president said he misspoke.
"Let me be totally clear in saying that, and I've said this many times, I accept our intelligence community's conclusion that Russia's meddling in the 2016 election took place," Mr. Trump said Tuesday. "Could be other people also."
In April, 60 Minutes spoke to former U.S. officials who were on the front lines of the cyber attack on state election systems that they say was perpetrated by Russian government hackers.
The U.S. intelligence community has concluded there is no doubt the Russians meddled in the 2016 U.S. presidential election, leaking stolen e-mails and inflaming tensions on social media. While Congress and special counsel Robert Mueller investigate Russian interference, including whether the campaign of Donald Trump colluded with Russia, we have been looking into another vector of the attack on American democracy: a sweeping cyber assault on state voting systems that U.S. intelligence tied to the Russian government. Tonight, you'll find out what happened from the frontline soldiers of a cyberwar that was fought largely out of public view, on digital battlegrounds in states throughout the country.
The first shots were fired here in Illinois, not far from downtown Springfield, in a nondescript shopping center, the kind you'll find anywhere in the United States. There, in a repurposed supermarket, is the headquarters of the Illinois State Board of Elections.
Bill Whitaker: This doesn't look like a war zone.
Steve Sandvoss: No, it doesn't, actually.
Steve Sandvoss is the executive director. He told us, in his first television interview about the attack, that this office is on the front lines of a cyberwar.
Steve Sandvoss: We have-- a good I.T. department. But --
Bill Whitaker: No match for the Russian government.
Steve Sandvoss: Bows and arrows against the lightning, hate to say it.
Bill Whitaker: Bows and arrows against the lightning? Is that what it felt like?
Steve Sandvoss: At-- at first, yes.
He vividly remembers the call from his IT director on July 12th, 2016 just weeks after the Democratic National Committee announced that Russian hackers had infiltrated its computer network.
Steve Sandvoss: I picked up the phone. And it's like, "Steve, we got a problem." And I said-- "Okay, what happened?" He says, "We've been hacked." I said, "Oh my God."
A staffer noticed the server for the voter registration database, with the personal information of 7.5 million Illinois voters, had slowed way down. The IT team discovered a malicious attack -- a barrage of digital hits.
Steve Sandvoss: I suppose you could analogize it to a fast-growing tumor-- in the system. it was unlike anything we had ever seen.
Bill Whitaker: Did you determine what they were after?
Steve Sandvoss: It was of a very random nature.
Bill Whitaker: They weren't looking for all the Democrats or all the Republicans or all the people who lived in one district or another?
Steve Sandvoss: There was no rhyme or reason to it.
Steve Sandvoss showed us the voter registration website where the hackers exploited a security flaw to get in. His IT team determined the attackers had been in their system unseen for three weeks. They only noticed when the hackers suddenly ramped up their attack and, in just a couple of hours, scooped up bits of information on up to 90,000 voters, complete records of 3,500. His engineers upgraded the firewall and plugged the website holes. That stopped the data heist, but not the attack.
Steve Sandvoss: The hits continued-- even though they weren't penetrating. the logs revealed that-- about a million and a half hits were coming in.
Bill Whitaker: A million and a half--
Steve Sandvoss: Yes. Yeah, five queries per second for a period of-- approximately 30 days.
Bill Whitaker: This almost seems like they wanted to be noticed?
Steve Sandvoss: The only thing they didn't do is identify themselves as the Russians.
Sandvoss says he suspected the hackers wanted to sow doubt about the integrity of the vote. Illinois notified the FBI.
Anthony Ferrante: What Illinois discovered set off a chain of events that take us to today.
Former FBI agent Anthony Ferrante was director of Cyber Incident Response for President Barack Obama's National Security Council.
Bill Whitaker: When you go in to investigate this intrusion that the State of Illinois saw, what did you see?
Anthony Ferrante: The F.B.I. identified digital fingerprints left by the intruder Think of it as a crime scene where fingerprints are dusted and pulled, we do the same thing when investigating-- a computer intrusion.
Bill Whitaker: And your analysis pointed the finger at Russia?
Anthony Ferrante: It did indeed.
The Department of Homeland Security was so alarmed by what it saw the Russians doing, it took the unprecedented step of arranging a conference call with election officials from all 50 states. The FBI put out this flash alert. But the intelligence community wasn't prepared to publicly implicate Russia, so the call and the alert simply warned states to be on the lookout for the kind of malicious attack that had hit Illinois.
Bill Whitaker: Did information from other states start flooding in?
Anthony Ferrante: I would show up to work every single day and learn of two, three, four more states that had been actively targeted by the same actors. And it was after two or three weeks of this my colleagues and I said, "We have to believe that this is a large-scale, coordinated campaign to target every single state in the union."
Anthony Ferrante reported what he was learning to Michael Daniel, President Obama's cyber czar.
Bill Whitaker: What was the reaction when you saw this in the White House?
Michael Daniel: I think that was at the point we realized that we were playing a different game, that we had thought that we were dealing with the normal sort of espionage routine that was associated with presidential elections. And we now realized that we were potentially dealing with something way more serious.
60 Minutes obtained this previously undisclosed Department of Homeland Security internal document that details the scope of the Russian cyberattack - a snapshot of what investigators were seeing on October 28th, less than two weeks before the presidential election. The document shows hackers tried to get into 20 state election systems and an election IT provider in Nebraska. Hackers successfully infiltrated Illinois, a county election database in Arizona, a Tennessee state website, and an IT vendor in Florida.
Michael Daniel: But it was always our working assumption that we did not detect all of the potential Russian activity that was going on.
Bill Whitaker: There's other stuff that they might have done that we don't know?
Michael Daniel: It's entirely possible.
"We have to be prepared for wars without blood."
They quickly ruled out the Russians were tampering with voting machines. There are tens-of-thousands of them and they're not connected to the internet.
Michael Daniel: What seemed much more likely to us was causing chaos at the polls on election day. So if you intrude into a voter registration database, and you change two digits of everybody's address so that their voter ID doesn't match what's in the voter rolls when they show up at the polls.
Bill Whitaker: And that creates chaos?
Michael Daniel: Sure and those stories start to spread. Lines begin to-- to form. Election officials can't figure out what's going on you would only have to do it in a few places. And-- and it would almost feed on itself.
Compounding that worry: states were reluctant to accept cybersecurity help from Homeland Security. Under the Constitution, states run elections. Several pushed back against what they saw as federal intrusion, still unaware the threat was coming from Russia.
Bill Whitaker: Our system was under attack. Why not scream it from the top of the roof and let the states know that this was a serious and credible threat?
Anthony Ferrante: The Obama administration did not want to appear to be biased. We had a presidential candidate who was-- campaigning on the fact that the election was rigged and he wasn't certain he was going to get a fair shot at the presidency.
Donald Trump: And I'm afraid the election is going to be rigged, I have to be honest.
Anthony Ferrante: It was a very sensitive issue.
On October 7th, three months after the Illinois hack and one month before the election, the Obama administration decided it had enough evidence to call out the Russians. But there was no press conference, no pronouncement from the Oval Office, just this three-paragraph statement saying the Kremlin, "intended to interfere with the US election process."
Bill Whitaker: Did that statement get the reaction that you would hope for?
Michael Daniel: There were some other news events that happened around the release of that statement that tended to swamp some of it out.
Bill Whitaker: The Access Hollywood tape--
Michael Daniel: --wood tape, yes.
The hacked e-mails of Hillary Clinton's campaign chairman John Podesta were also leaked the same day. The press and the public paid little attention to the administration statement on Russian hacking. So the National Security Council did something never done before – contacted Russia on the cyber hotline, a communication channel added to the old nuclear hotline in 2013 to prevent cyber war.
Bill Whitaker: So what did the message say?
Michael Daniel: It basically said, "We know that you are carrying out these kinds of activities. And stop. (LAUGH) Knock it off."
Bill Whitaker: Was that tough enough?
Michael Daniel: So I think certainly--
Bill Whitaker: Stop?
Michael Daniel: The fact that this was the first time we had ever exercised this channel, which was supposed to be, you know, for very serious cyber incidents and cyber issues-- I think that, in and of itself, sent-- sent a message.
The Russians brushed it off. The administration was bracing for the worst. It drew up this election day response plan which called for war rooms at the White House, the FBI, and Homeland Security, and planned for the unprecedented deployment of "armed federal law enforcement agents" should a cyberattack cause complete breakdown at a polling place. On election day, the teams saw no signs the Russians tampered with the vote.
Bill Whitaker: Why do you think they didn't pull the trigger on election day?
Anthony Ferrante: I don't know. I don't know if we'll ever know.
Bill Whitaker: Do you think they would have succeeded in creating chaos?
Anthony Ferrante: Absolutely.
The agency charged with helping states protect elections from attack is the Department of Homeland Security, DHS. The agency has been criticized for a slow response. We tried repeatedly to interview Secretary Kirstjen Nielsen or one of her deputies but DHS denied all our requests. Instead, we were directed to the Secretary's recent testimony before the Senate Select Committee on Intelligence.
Secretary Kirstjen Nielsen: The threat of interference remains and we recognize that the 2018 midterm and future elections are clearly potential targets for Russian hacking attempts.
Secretary Nielsen told the senators DHS is offering to run security checks of state online election systems. It's also granting security clearances for state officials to receive classified cyber threat briefings. Many senators expressed frustration with the agency's response.
Senator Angus King: With the possible exception of North Korea's nuclear weapons, this is the most serious threat that our country faces today and we are not adequately dealing with it.
Senator Susan Collins: I hear no sense of urgency to really get on top this issue.
With the 2018 midterm elections fast approaching, 16 states have requested extensive, on site security checks from DHS. So far, the agency has completed only 8. Illinois, where it all began, had its primary two weeks ago and still hasn't gotten its security check.
Senator Kamala Harris: We have to be prepared for wars without blood.
Senator Kamala Harris, Democrat from California, and Republican Senator James Lankford of Oklahoma are on the Senate intelligence committee. Democrats and Republicans don't agree on much, but there's bipartisan agreement on the committee that our democracy is under attack.
Bill Whitaker: What was the Russians' end game?
Senator Kamala Harris: To disrupt our democracy to disrupt-- Americans' confidence in their government and their democracy, and in that way, weaken our standing in the world.
Senator James Lankford: This could be the Iranians next time, could be the North Koreans next time. This is something that's been exposed as a weakness in our system that we need to be able to fix that, not knowing who could try to test it out next time.
Senators Lankford and Harris are backing legislation to set minimum cyber security standards and streamline communication between states and the federal government. But even that modest bill has languished in the Senate.
Bill Whitaker: This does not seem like the kind of response that you would have to a nation under attack by a foreign power. Are we doin' enough?
Senator Kamala Harris: No. We're not doing enough. We're not doing nothing, but we are certainly not doing enough.
The senators say the U.S. needs a comprehensive strategy to fight cyber war but concede upgrading systems around the country by the 2020 presidential election will be a challenge. And the midterm elections are just seven months away.
Produced by Marc Lieberman and Ali Rawaf. Associate producer, LaCrai Mitchell.
Editor's Note: This story originally aired on April 8, 2018.