Russia’s GRU intelligence agency attempted to hack the computers of voting officials across the country in the days before the 2016 presidential election, according to a top secret National Security Agency document that was leaked to the Intercept.

The attacks focused on voter registration systems rather than voting machines themselves, so there’s no evidence that the Russian government directly changed anyone’s vote. But there’s also a lot we can’t tell from the report about what the Russians might have accomplished — and whether they could have altered the election result, directly or indirectly.

We can speculate, though, on what the Russians could have done after they gained access to the election officials’ computers. For example, they could have deleted records for voters registered with one party to help candidates of the other party. Deleted voters would have still been able to vote, but they would have had to cast provisional ballots — a cumbersome process that could have discouraged some from casting their votes.

Attackers could also have simply caused registration systems to crash in precincts that were likely to vote heavily for one candidate over the other. That could have caused delays and long lines that would suppress turnout in those precincts.

At least one jurisdiction using EV Systems voting technology experienced serious glitches on election day: Durham, North Carolina. The voter registration system there malfunctioned, leading to long lines. Officials there say they don’t believe they were hacked — they say the problems they encountered appeared to be the result of user error. But Alex Halderman, a computer security expert at the University of Michigan, points out that if a sophisticated hacker were targeting American elections, it would do what it could to make any glitches appear to be accidents rather than deliberate sabotage.

The most alarming possibility, Halderman says, is that hackers could use access to these officials’ computers as a “stepping stone” to attack voting machines themselves.

To be clear, we have no evidence they did this, but the officials who manage voter registration records often work closely with those who manage voting machines themselves. So gaining access to voter registration systems could be a first step to hacking voting machines themselves.

“The Russians not only carried out this targeted leaking and information warfare style campaign to interfere with the election,” Halderman said, “they were also taking major steps down the route of trying to interfere with the mechanics of the election by targeting a voting system vendor and their customers who are election officials.”

Halderman argues that the report highlights the need for more investigation into Russian interference with the 2016 election as well as further steps to shore up America’s election infrastructure ahead of the 2018 and 2020 elections.

“I hope we learn more about this and it becomes part of a larger investigations into what’s going on,” says Joe Hall, chief technologist at the Center for Democracy and Technology. “If it was a dedicated campaign by the GRU, they're not going to settle for attacking one podunk vendor, they'll try many different things.”

In short, cybersecurity has become one of the biggest challenges to running a secure and trustworthy election. We have a lot more work to do to find out what happened in 2016 and how to make sure something even worse doesn’t happen in future elections.

The government arrested a suspected leaker within hours

The Intercept published its story, and a full copy of the report, on Monday afternoon. Within hours, the Justice Department announced that it had arrested 25-year-old contractor Reality Winner for leaking a classified document that corresponds to the document the Intercept obtained. The government claims that Winner confessed to the leak after being confronted by federal officials.

In a blistering tweetstorm, Washington Post investigative reporter Bart Gellman criticized the Intercept’s handling of the story. Gellman, who became famous in 2013 for breaking the Snowden disclosures alongside Intercept founder Glen Greenwald, argued that the Intercept endangered its source by telling the government the document was sent from Augusta, Georgia, (Winner lives in the area) and by providing the government with a photocopy of the document that could be forensically traced back to the printer that printed it.

How the attacks worked

According to the NSA, the Russian government began its hacking efforts by attempting to infiltrate an American election technology vendor that the Intercept says is a Florida-based company called VR Systems. The attackers used a “spear phishing” technique, sending personalized emails to several employees of the company to try to trick the employees into entering their passwords into a fake Google login form.

“It is unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data from the victim could have been exfiltrated,” the report says. “However, based on subsequent targeting, it was likely that at least one account was compromised.”

Next, the attackers posed as employees of the voting technology company to attack election officials in jurisdictions that used the company’s products. Using real documentation stolen from VR Systems, the hackers created malicious Microsoft Word documents that compromise a victim’s computer when they are opened. The documentation was for EVid, software that manages the voter checkin process at a polling place.

The attackers sent out malicious emails to 122 election officials around the country — America has a decentralized election system managed by thousands of state and local officials. The hackers hoped that by posing as a VR Systems employee and sending out what looked like real voting software documentation, they could avoid arousing the suspicions of election officials. “It is likely that the threat actor was targeting officials involved in the management of voter registration systems,” according to the NSA.

Unfortunately, this is as far as the leaked document goes in telling the story. We don’t know how many of those 122 election officials clicked on the malicious link and had their computers compromised. We don’t know if Russian spies did anything malicious once they gained access. It’s possible that most of the officials avoided clicking on the malicious links.

Experts say we need to do more to secure our elections

Both Halderman and Hall say the fact that the Russians were trying to build the capability to tamper with elections should give policymakers a sense of urgency about this issue. It’s a safe bet that this won’t be the last time that foreign powers try to manipulate the results of an American election, and there’s a lot more that can be done to hack-proof the election process.

The first step, Halderman says, is to ensure that 100 percent of votes are recorded in a voter-verified paper format. That could mean casting votes on a paper ballot and counting them with an optical-scan voting machine. Or it could mean having touchscreen machines print out a paper ballot that the voter checks before leaving the voting booth. Either way, this will allow election officials to conduct a meaningful audit of the results, ensuring that the electronic tally matches up with the paper record.

Next, both Halderman and Hall recommended that states establish routine and statistically rigorous recount procedures. Performing recounts automatically would avoid the situation in 2016, where the decision to do a recount was seen as calling into question the legitimacy of the election outcome. And modern techniques allow jurisdictions to perform statistically rigorous audits at a small fraction of the cost of a statewide recount. The problems is that most states haven’t changed their laws to allow officials to perform these kinds of audits.

The combination of paper ballots and automatic recounts not only makes it more likely that we’d find out if an election was hacked. It could also deter foreign governments from attempting to hack an election knowing that the attempt would likely be defeated.

Finally, Hall says that it might make sense to shift more election funding to the federal level. Given a choice between investing in fixing potholes or securing elections, Hall says, most local officials will spend money on potholes. Dedicated funding from the federal government would help to ensure that even smaller jurisdictions have the resources to properly equip and train their elections officials to maintain election security against foreign threats.