CISA and FBI say there have been no hacks on voter databases

The Cybersecurity and Infrastructure Security Agency and the FBI confirmed they have not seen evidence of cyber attacks on registration databases or on any voting systems so far this year.

The joint statement, released Tuesday, came after a Russian news outlet falsely claimed that Michigan voter databases had been dumped on a dark web platform. While the near-panic of the Russian report was not ideal, it did lead to the very important update from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI: The hack, or any others, never happened.

The Russian news outlet first published the report Tuesday, which quickly got picked up by domestic news outlets. Julia Ioffe, a correspondent for GQ Magazine, posted a link to the report on her Twitter feed.

Russian journalists have discovered data from Michigan voter data rolls—including the personal info of 7.6 million Michigan voters—on a Russian hackers’ platform. It also includes voter info from other swing states, including Florida and NC https://t.co/EIiWioTbkF

— Julia Ioffe (@juliaioffe) September 1, 2020

Some infosec experts called attention to it as well, which added fuel to the fire. Dmitri Alperovitch, co-founder and former CTO of Crowdstrike, posted a now-deleted tweet that was similar to Ioffe's. However, he made an update later in the day:

UPDATE: I have confirmed that at least for some of the released databases, the released fields are considered public info in those states. Non public info (such as SSN) are not released. This may not be a hack after all https://t.co/8PlocH9oOy

— Dmitri Alperovitch (@DAlperovitch) September 1, 2020

To quell the uncertainty, Michigan responded.

"Public voter information in Michigan and elsewhere is accessible to anyone through a FOIA request. Our system has not been hacked. We encourage all Michigan voters to be wary of attempts to 'hack' their minds, however, by questioning the sources of information and advertisements they encounter and seeking out trusted sources, including their own local election clerk and our office," the Michigan Department of State wrote in an advisory. Cybersecurity expert Alex Stamos took to Twitter to share his thoughts on the deceptive report about voter databases as well.

We gotta be careful about jumping at shadows and legit reporters and experts should be careful about what credit we give our adversaries without them earning it. This kind of paranoia is one of the goals of Russia’s influence operations.

— Alex Stamos (@alexstamos) September 1, 2020

Disinformation, especially that stemming from foreign adversaries, is a common fear among voters when it comes to 2020 election security. During a virtual voting simulation last month by Cybereason, dubbed Operation Blackout, one lesson learned was that having clear channels of information or disinformation was very important for affecting public sentiment for both sides.

Mark Testoni, CEO of SAP National Security Services, said it's essential to be vigilant during election times.

"Awareness and preparation seems a lot better than in the 2016 election," Testoni said. "It's important to make sure the citizens are aware of those kinds of things -- an attempt to influence. There should be a general awareness of things happening on the social media side, too."

Jeremy Grant, president of Better Identity Coalition, spoke to the growing importance of CISA during a virtual roundtable last month on e-voting.

"There's great work being done at CISA with the Department of Homeland Security to focus on election security," Grant said during the roundtable. "This is a top priority right now. They've invested quite a bit in working with the states, in talking about how to help them harden their election infrastructure, which in many cases had no cybersecurity protections at all."