A computer linked to Russian hackers tried to access Colorado’s voter registration database ahead of the 2016 election, but the effort proved unsuccessful, state officials confirmed for the first time Friday.
The secretary of state’s office, which oversees elections, matched a suspicious Internet protocol address flagged by the Department of Homeland Security as a potential bad actor to one used in October 2016 to scan the state’s database for potential vulnerabilities.
Colorado officials reported the behavior to homeland security officials at the time, but assured federal authorities that no breach was detected. The state’s election system is considered one of the most secure in the nation.
“It was basically, they scanned our front door to see, ‘Are there any vulnerabilities?’” said Colorado election director Judd Choate in an interview with The Colorado Sun. He said the would-be hacker “jiggled the lock and made sure the door was solid and said, ‘OK, I can’t get into this one, so I’m going to move on to another one.’”
Colorado was identified in September 2017 as one of 21 states potentially targeted by hackers linked to Russia in the fall of 2016, but many of the details about the interaction remained classified until now. “It was certain at the time, but we couldn’t tell you that,” Choate said.
The new information comes after the release Thursday of the Senate Intelligence Committee’s report that election systems in all 50 states were targeted by Russia in 2016 and the April investigation by special counsel Robert Mueller about interference in the election and Donald Trump’s campaign.
The Department of Homeland Security notified states to look out for suspicious behavior from a set of IP addresses in September and issued a second warning from an additional list of addresses in October. One of the addresses from the October warning matched a computer that sought to access Colorado’s election information.
The Senate report concluded the attempt to infiltrate the U.S. election system was more far reaching than previously known. It found no evidence exists that voter registration files were impacted, but could not rule out that it occurred.
In a statement after the report’s release, Secretary of State Jena Griswold said: “Colorado is one of the safest states to cast a vote in today.”
She pointed to the fact that the state keeps a paper record, does not connect its voting machines to the internet and conducts risk-limiting audits. The latter was implemented under Republican Secretary of State Wayne Williams, who lost reelection to Griswold in 2018.
“Securing elections infrastructure and ensuring that our elections are free from foreign interference are top priorities,” Griswold said in the statement. “We owe it to Coloradans and Americans to do everything we can to protect our elections infrastructure.”
The Senate report discloses that Russia asked an unnamed state for permission to let a Russian government official go inside a polling place in September 2016, but it was denied. Choate said the request did not come to Colorado.
But he said a Russian official vetted by multiple federal agencies did visit Colorado in 2018 to observe the state’s election as part of a trip organized by the Organization for Security and Co-operation in Europe. The Russian election official and a Bulgarian counterpart spent roughly two days visiting polling places in Colorado before moving to observe election procedures in Wyoming and Montana.
Choate said the foreign officials were cleared by OSCE, the State Department and DHS, and later helped prepare a public report for the European agency about U.S. elections.
“They were interested in how an election is run, not in the security aspect,” Choate said of the visit. The secretary of state’s office also has sent officials to Europe to monitor elections in recent years.
Since 2016, Colorado received $6.7 million to improve its election security procedures. So far, the secretary of state’s office has added new internal firewalls and hired two web developers to update voter registration database security procedures. The office also plans to test emergency communication software in 2019 that would allow state officials to send urgent messages to the county officials who run elections in Colorado.
“I feel great about 2020. I think our (information technology) team feels great going into 2020,” Choate said.