Report: Arizona voter database hacked by criminals in 2016, not Russia

PHOENIX — It has been nearly two years since the 2016 presidential election but the confusion surrounding a potential hack of Arizona’s election database during the campaign season continues.

A senior White House official told Reuters on Monday that a hack of the state’s election database was done by “suspected criminal actors and not the Russian government.”

But Arizona officials do not believe any votes were manipulated or changed.

The official was responding to an earlier report from CBS News’ “60 Minutes,” which found that Russian hackers “successfully infiltrated” computer systems “associated with” Arizona and three other states leading up to the 2016 election.

A previously undisclosed Oct. 28, 2016, assessment from the Department of Homeland Security that was cited in the “60 Minutes” report said hackers working for the Kremlin breached a county database in Arizona, but did not specify which one.

But the White House official, who spoke to the publication on the condition of anonymity, said the cyber attack on Arizona “was not perpetrated by the Russian government” and that media reports at times relied on “outdated or incomplete information and conflated criminal hacking with Russian government activity.”

The Federal Bureau of Investigation first reported in August 2016 that hackers breached the state’s election database, but no voter information was compromised.

Later that same year, Arizona Secretary of State Michele Reagan told CNBC that the source of the hack was an email that was designed to look like an internal employee email. She said she was told it appeared the email originated in Russia, but that was not certain.

Reagan said in 2017 that the state’s voter registration system was targeted by possible Russian agents for a second time in 2016, but it was not clear whether it was actually breached.

It was revealed in February that the Phoenix Public Library system was scanned by hackers, according to Department of Homeland Security officials.

A spokesman for Secretary of State Michele Reagan, Darron Moffatt, said Reagan’s office had not been told at the time that “any Arizona voting system has been compromised, nor do we have any reason to believe any votes were manipulated or changed.”

Reuters said it was not immediately able to confirm the authenticity of the Department of Homeland Security assessment. If it is authentic, it would have been issued less than two weeks before the November election.

Reagan told KTAR News 92.3 FM on Monday that her office was alerted in June 2016 that a Gila County computer that was linked to the voter registration database had been hacked and that the hack emanated from a server in Ukraine.

While the hack started from a Ukraine server, Reagan said the hack still could have been coming from anywhere.

“So we still don’t know who was responsible for that, if it was some low-level hacking that was coming from even within the United States. These are very, very hard to track,” she added.

But Reagan assured that hackers in the the June 2016 attack did not take or alter any information.

“Whenever we hear the word ‘hack’ in related to elections systems, it certainly is scary and it’s certainly something we’re constantly vigilant about, but the vote itself and the tabulation machines, none of those machines are online so it’s very, very hard to ‘hack’ those.”

“Now the voter registration system, where your data’s kept and my data’s kept and 3 million others, that is a treasure-trove of information and that is online. So we see entities probing that system every single day.”

Reagan said the goal of her office was to make sure every time someone tries to probe or scan the voter registration system, that the system is blocking those.

“Cyber security going forward is going to become even more important. The bad guys only need to be right one time and our systems need to be right every time.”

KTAR News’ Ali Vetnar contributed to this report. 

Follow @KTAR923