DHS investigation finds no evidence of 2016 election hacking in Durham

A report from the U.S. Department of Homeland Security closed the door on a multi-year saga of speculated foreign interference in Durham’s 2016 presidential election.

The DHS’ Cybersecurity and Infrastructure Security Agency concluded that hacking was not to blame for the technology malfunctions in certain Durham County precincts in the 2016 general election. 

Instead, according to a joint news release from the North Carolina State Board of Elections and the Durham County Board of Elections, investigators found that the issues were most likely the result of Durham County staff and poll worker error. An unfamiliarity with the electronic poll book (ePollbook) functions used for voter check-in—combined with a lack of adequate staff training and quality control by the technology provider, VR Systems—caused the malfunctions.

The federal investigation found “no artifacts suggesting malware on or remote access to” the ePollbooks and USB drives. 

The report is “compelling evidence that there were no cyberattacks impacting the 2016 election in Durham,” wrote Philip Lehman, chairman of the Durham County Board of Elections, in the statement.

Inside the DHS investigation’s findings

The ePollbooks, lists of eligible voters used by poll workers to check in people, presented poll workers at certain precincts with inaccurate information, including “erroneously identifying voters as having already voted, identifying registered voters as unregistered, and prompting poll workers to ask voters to present their ID when ID was not required under NC law,” the report said.

In response to these inaccuracies, the poll workers abandoned the ePollbooks in favor of paper check-in books, causing delays that inconvenienced voters. Even after showing current voter registration documents, dozens of voters were turned away after being told they were ineligible. 

Shortly after the election, Durham County hired Protus3, a Raleigh-based security consulting and investigative firm, to look into the mishaps. Protus3 concluded that “internal administrative error,” not external hacking, was behind some of the inaccuracies, according to the release. 

However, the state board ultimately decided that the limited scale and scope of the investigation rendered it inconclusive.

Patrick Gannon, the state board’s public information officer, said that after a top-secret National Security Agency report was leaked to The Intercept in 2017, North Carolina’s investigations division “ramped up” its own investigation. At that point, it also started talking to other law enforcement agencies, including DHS. 

Gannon asserted that although there was no evidence or confirmation of meddling, the state board continued to question its conclusions since there was not a full forensic analysis of the actual equipment used that day. 

Because of these lingering questions, and “because we wanted a more definitive conclusion,” Gannon said, the state reached out to DHS and CISA for assistance in May 2019. 

After months of forensic analysis on the technology in question—24 ePollbook laptops, 21 USB drives and two images of a desktop computer—the CISA “did not conclusively identify any threat actor activity,” according to the report. 

Gannon wasn’t surprised that the CISA found no suggestion of foul play or meddling.

“Over three years later,” he said, “we still have zero evidence that it was anything other than human error.”

However, the report did “identify aspects of the [Durham County board’s] security that could be improved” in the future. Specifically, areas where “defense-in-depth” protections and “system configurations” could be improved to help reduce the risk of compromise in the future. For security reasons, the specific recommendations were redacted from the publicly released report. 

Why did people suspect Russian hackers in the first place?

A New York Times article from 2017 put Durham at the center of the hype surrounding Russian election interference. The article acknowledges that there are multiple reasons for issues with the ePollbooks and other election software.

Susan Greenhalgh, vice president of policy and programs for the National Election Defense Coalition, was quoted in the article saying that the situation in Durham County “felt like tampering, or some kind of cyberattack.” 

Also contributing to the lingering questions was a leaked 2017 top-secret National Security Agency report that suggested Russian hackers had targeted VR Systems, which provides equipment to eight states. While the company wasn’t explicitly named, the NSA report contains references to one of their products. 

The apparent end goal, according to the report, was to gain access to the employee’s login credentials and “obtain information associated with election-related hardware and software applications.”

Special Counsel Robert Mueller’s report, released in 2019, revealed that Russian military intelligence agency had installed malware on the network of an unidentified “voting technology company.” Ben Martin, chief operating officer of VR Systems, acknowledged that the report might be referring to his company, but denied that it was hacked.

‘This is a new administration, and it’s a new day’

Derek Bowens, who assumed the position of director of elections for Durham County in 2017, explained that the county has implemented a substantial number of changes since the 2016 incident. 

“We’ve run smooth elections in 2017, 2018 and 2019 without delays,” he said.

After 2016, Gannon said that the majority of counties, including Durham, have “learned a lot” and are electing to use ePollbooks provided by the state board instead of ones provided by VR Systems. 

For voters who are concerned about a repeat in 2020, Bowens encourages them to rest easy. The county now uses the “latest and greatest technology”—new ePollbooks with encryptions—and has increased the intensity of its precinct trainings. 

They have an emergency backup plan in case of technical failures and identification issues. Should the technology malfunction, all Durham County precincts now have paper poll books with peel-off labels. Poll workers have been trained on how to make use of these in the case of an emergency. 

“This is a new administration [since 2016], and it’s a new day,” Bowens said. “We’ll conduct voting in the parking lot if we have to.”

Philip Lehman, chairman of the Durham County Board of Elections, did not respond to repeated requests for comment.


Share and discuss “DHS investigation finds no evidence of 2016 election hacking in Durham” on social media.