Steve September 15, 2020
dark-web-voter-database-report-casts-new-doubts-on-russian-election-hack-narrative

Reprinted from The Grayzone with
the author’s permission.

A September 1 report
in the Moscow daily Kommersant on a “dark web” site offering a database
of personal information on millions of registered American voters undermines
one of the central themes of the Russia hysteria pervading US politics.

Democratic politicians and
corporate media pundits have long accepted it as fact that Russian intelligence
“targeted” US state election-related websites in 2016. But the Kommersant report
shows that those state registered voter databases were already available to
anyone in the public domain, eliminating any official Russian motive for hacking
state websites.

Kommersant reported
that a user on a dark web Forum known as Gorka9 offered free access to databases
containing the information of 7.6 million Michigan voters, along with the state
voter databases of Connecticut, Arkansas, Florida and North Carolina.

There are differences between
the Michigan database described by Gorka9 and the one that the State of Michigan
releases to the public upon request. Tracy Wimmer, the spokesperson for the
Michigan Secretary of State, said in an e-mail to Grayzone that when the Michigan
voter registration database is released to the public upon request, the state
withholds “date of birth (year of birth is included), driver’s license number,
the last four digitals of someone’s social security number, email address and
phone number….” However, Gorka9’s description of the Michigan data includes
driver’s license numbers, full dates of birth, social security numbers and emails.

In fact both un-redacted and
redacted state voter files are obviously widely available on the dark web as
well as elsewhere on the internet. Meduza, a Russian-language news site
based in Riga, Latvia, published
the Kommersant story along with an “anonFiles” download portal for access
to the Michigan voter database and a page from it showing that it is the officially
redacted version. The DHS and the FBI both acknowledged
in response
to the Kommersant story that “a lot of voter registration data
is publicly available or easily purchased.”

Joint
Statement from #CISAgov
and the @FBI on
U.S. Elections #Protect2020
pic.twitter.com/TcMBznikhz

— Cybersecurity and
Infrastructure Security Agency (@CISAgov) September
1, 2020

Criminal hackers have been
seeking to extract such personal information from online state personal databases
for many years – not only from voter registration databases but from drivers
license, health care and other databases. Oregon’s chief information security
officer, Lisa Vasa, told the Washington Post in September 2017 that her team
blocks “upwards of 14 million attempts to access our network every day.”

Ken Menzell, the legal counsel
to the Illinois state Board of Elections, told this writer in a 2017 interview
that the only thing new about the hack of the state’s voter database in 2016,
in which personal data on 200,000 Illinois registered voters was exfiltrated,
was that the hackers succeeded. Menzell recalled that hackers had been “trying
constantly” to get into every Illinois personal database ever since 2006.

The motive for the hackers
was simple: as observed
by Andrey Arsentiev
, the head of analytics and special projects at the private
security partnership, Infowatch, databases can be mined for profits on the dark
web, primarily by selling them to scam artists working on a mass scale. Gorka9
was offering state voter files for free because the owner had already squeezed
all the potential profit out of selling them.

For the Russian government, on the other hand, such databases would be of little
or no value. When FBI counterintelligence chief Bill Priestap was asked by a
member of the Senate Intelligence Committee in June 2017 how Moscow might use
personal voter registration data, the only explanation he could come up with
was that the Russian government and its intelligence agencies were completely
ignorant of the character of US state voter databases. “They took the data to
understand what it consisted of,” Priestap
declared
.

Priestap was obviously unaware
of the absurdity of the suggestion that the Russian government had no idea what
was in such databases in 2016. After all, the state voter registration databases
had already been released by the states themselves into the public domain, and
had been bought and sold on the dark web for many years. The FBI has steered
clear of the embarrassing suggestion by Priestap ever since.

Priestap’s inability to conjure up a plausible reason for Russia to hack US
election sites points to the illogical and baseless nature of the claims of
a Russian threat to the US presidential election.

DHS creates the Russian cyber campaign against state election sites

Back in 2016, the Department
of Homeland Security did its best to market the narrative of Russian infiltration
of American voting systems. At the time, the DHS was seeking to increase its
bureaucratic power by adding election infrastructure to its portfolio of cybersecurity
responsibilities, and exploiting the Russian factor was just the ticket to supercharge
their campaign.

In their prepared
statement
to the Senate Intelligence Committee in June 2017, two senior
DHS officials, Samuel Liles and Jeanette Manfra, referred to an October 2016
intelligence report published by the DHS Office of Intelligence and Analysis.
They stated it had “established that Internet-connected election-related networks,
including websites, in 21 states were potentially targeted by Russian government
cyber actors.” That “potentially targeted” language gave away the fact that
DHS didn’t have anything more than suspicion to back up the charge.

In fact DHS was unable to attribute
any attempted election site hack to the Russian government. On October 7, 2016,
in fact, DHS Secretary Jeh Johnson and Director of National Intelligence James
Clapper stated
explicitly
that they could not do so. Liles and Manfra appeared to imply
such an attribution, however, by associating DHS with a joint
assessment by CIA, FBI and NSA
released January 7, 2017, that contained
the statement, the “Russian intelligence obtained and maintained access to elements
of multiple US state or local electoral boards.”

But the meaning of that language
was deliberately vague, and the only additional sentence related to it stated,
“Since early 2014, Russian intelligence has researched US electoral processes
and related technology and equipment.” That was far from any finding that Russia
had scanned or hacked election-related websites.

In September 2017, under pressure from governors, DHS finally notified state
governments about the cyber incidents that it had included in its October 2016
intelligence report as examples of “potential” Russian targeting. Now, it abandoned
its ambiguous language and explicitly claimed Russian responsibility.

One state election official
who asked not to be identified told this writer in a 2018 interview that “a
couple of guys from DHS reading from a script” had informed him that his state
was “targeted by Russian government cyber actors.”

DHS spokesman Scott McConnell
issued a statement on September 28, 2017 that DHS “stood by” its assessment
that 21 states “were the target of Russian government cyber actors seeking vulnerabilities
and access to U.S. election infrastructure.” But McConnell also revealed that
DHS had defined “targeting” so broadly that any public website that a hacker
scanned in a state could be included within that definition.

The dishonest tactics the DHS
employed to demonstrate plausible evidence of “targeting” was revealed by Arizona
Secretary of State Michelle Reagan’s spokesperson Matt Roberts, who told this
writer in an interview, “When we pressed DHS on what exactly was targeted, they
said it was the Phoenix public library’s computer system.” Another 2016 hacking
episode in Arizona, which the FBI originally believed was a Russian government
job, was later
found to be a common criminal hack
. In that episode, a hacker had targeted
a local official with a phishing scheme and managed to steal their username
and password.

Ironically, DHS had speculated
in its initial intelligence report that “that cyber operations targeting election
infrastructure could be intended or used to undermine public confidence in electoral
processes and potentially the outcome.”

That speculation, reiterated
by corporate media, became a central feature of the Russiagate hysteria that
electrified the Democratic Party’s base. None of the journalists and politicians
who repeated the narrative stopped to consider how unsubstantiated claims by
the DHS about Russian penetration of the US election infrastructure was doing
just that – lowering public confidence in the democratic process.

The hysteria surrounding the
supposed Russian threat to elections is far from over. The Senate
Intelligence Committee report
released in July 2019 sought to legitimize
the contention by former Obama cyber security adviser Michael Daniel that Russia
“may have” targeted all fifty states for cyber attacks on election-related sites.
In explaining his reasoning to the Senate committee’s staff, Daniel said: “My
professional judgment was we have to work on the assumption [Russians] tried
to go everywhere, because they’re thorough, they’re competent, they’re good.”

The New York Times eagerly
played up that subjective and highly ideological judgment in the lede of a story
headlined,
“Russia Targeted Election Systems in All 50 States, Report Finds.’

As for DHS, it appeared to
acknowledge by implication in an October
11, 2018 assessment
excerpted in the Senate Committee report that it could
not distinguish between a state-sponsored hack and a criminal hack. This August,
the senior cybersecurity adviser for the Cybersecurity and Infrastructure Security
Agency (CISA), Matthew Masterson, said,
“We are not and have not seen specific targeting of those election systems that
has been attributable to nation-state actors at this time…. We do see regular
scanning, regular probing of election infrastructure as a whole, what you’d
expect to see as you run IT systems.”

Despite these stunning admissions,
DHS has faced no official accountability for deliberately slanting its intelligence
assessment to implicate Russia for common criminal hacking activity. No matter
how shoddy its origins and development have proven to be, the narrative remains
too politically useful to be allowed to die.

Gareth Porter, an investigative historian and journalist specializing in
US national security policy, received the UK-based Gellhorn Prize for journalism
for 2011 for articles on the U.S. war in Afghanistan. His new book is
Manufactured
Crisis: the Untold Story of the Iran Nuclear Scare
. He can be contacted
at [email protected].

Read More