WASHINGTON — The Department of Homeland Security on Thursday sought to clear up confusion over its assessment that 21 states had their election systems targeted by Russian government hackers, saying just because the hackers in some states didn’t directly scan election systems, it doesn’t mean they weren’t looking to break into them.
DHS spokesman Scott McConnell said in a statement to The Associated Press that hackers in an unspecified number of states looked for vulnerabilities to exploit in other government computer systems as a way to get into the election systems. The other networks were usually connected to the election systems or shared similarities. He declined to discuss specific states.
The release of additional information came after state officials in Wisconsin and California said they had received conflicting reports from DHS about which of their computer systems were targeted by hackers during the 2016 presidential campaign. And late Thursday, Texas denied that it was among the states that had been targeted.
Texas Secretary of State Rolando Pablos sent DHS a letter saying federal investigators got it wrong and there was no attempted hack on his agency’s website. Pablos wrote that his office “has determined conclusively that its agency website was not targeted and, furthermore, that DHS had relied on incorrect information.” He asked the department to “formally correct its erroneous notification.”
McConnell referred questions about Texas to his previous statement.
Last week, the department informed 21 states that their election systems had been targeted by “Russian government cyber actors,” and officials in those states subsequently released that information publicly. The formal notification came after months of state election officials voicing frustration that the department had left them and the public in the dark for so long. DHS has said that most systems weren’t breached, and there was no evidence that vote tallies or registration databases were altered.
Earlier this week, officials in Wisconsin and California said the Homeland Security Department provided additional information that they believed contradicted the department’s earlier notification. Specifically, those state officials said they were told that the Russian hackers targeted computers systems that weren’t related to their elections.
In California, the targeted system was the state’s Department of Technology, which the secretary of state says it does not use for its IT services. The secretary of state declined further comment on Thursday. In Wisconsin, it was the state’s Department of Workforce Development, which oversees job training and unemployment benefits.
Asked about the latest statement from DHS, Wisconsin Elections Commission spokesman Reid Magney said the agency was reviewing it. He had no further comment.
McConnell said the department stands by its initial assessment that 21 states were targeted by “Russian government cyber actors” looking for vulnerabilities in and access to election infrastructure. He noted that some of the intelligence used to make that determination cannot be shared publicly.
In the majority of the 21 states, DHS has said it only observed hackers scanning networks in preparation for breaking into the networks, not actual penetrations. But officials in Illinois have confirmed that hackers broke into the voter registration network for at least three weeks before being discovered in July 2016. Officials said there was no evidence that the hackers had changed any information.
The 21 states that told the AP last week that they had been targeted were: Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Florida, Illinois, Iowa, Maryland, Minnesota, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Texas, Virginia, Washington and Wisconsin.
Associated Press writers Todd Richmond in Madison, Wisconsin, and Paul J. Weber in Austin, Texas, contributed to this report.