The below link provides the first coverage I've seen of a break-in just uncovered that happened during the 2016 US elections regarding several Illinois towns not of large but of average size. Mostly involved is Galesburg, in far western Illinois about halfway between Chicago and Des Moines, Iowa. The county seat of Knox County, it has a population of about 32,000, making it not Wall Street or Sunset Boulevard but plain old ordinary whitebread middle America. Here's the story link:
Eric Shawn Story
The story indicates that Homeland Security found connections to voter registration computers in Galesburg through servers in the Netherlands operated by a Russian entity called the GRU. Notice that that isn't the FSB (the modern descendant of the famous KGB, which was the Soviet near-equivalent of the CIA). FSB is a civilian agency that would be the usual candidate for infiltration of foreign elections (see the Christopher Andrew books "The Sword And The Shield" and "The World Was Going Our Way" for data on that). But this time it's apparently Russian military intelligence, which is what (in Russian) GRU stands for. That would be a rough equivalent of our DIA, or Defense Intelligence Agency, probably adding the duties of our NRO (National Reconnaissance Office) which operates observation satellites and NGA (National Geospatial-Intelligence Agency), basically a huge combat cartography service.
There are two things to note here (beyond a timely reminder that as far as we know, no votes in any American election have been changed by any foreign state-sponsored operator). First, it's interesting that GRU is doing their own work as opposed to relying on another Russian agency for it. It could be that GRU doesn't trust FSB to give them accurate or complete material. So it's not just that there's a problem with Russia being interested in election activity in the US (along with many other allied and opposed countries, I'll guess). There could be a problem with multiple unrelated Russian entities that do their own intelligence gathering due to interagency competition like you see from time to time in the Pentagon. That could have many implications for catching these types in that one may see unrelated but current Russian signatures because one isn't looking at one Russian group but in fact at two or three separate ones.
Second, it's noted but not trumpeted in the story that what got broken into were computers holding voter registration records, not computer-based voting machine systems. There were earlier such stories; the Galesburg story is the latest. This indicates that the particular risk here was not about votes being changed, but about the risk of the list of registered voters being subject to deletion, addition or alteration as well as exfiltration. That last refers to downloading or copying the list for later action, which is apparently all that DHS thinks happened.
Regardless, the exposure is that local government systems are not the most closely guarded or up-to-date systems anybody has, and any interested party foreign or domestic has some chance to break in. If indeed no votes have been changed in any local, county, state or national election (as with courthouse fires in olden times), I must credit airgapping of networks and individual computers that are known risks, and can't be replaced or upgraded due to lack of funds. The plan might be "if they're protection risks just don't network them". That would be a good, cheap form of firewalling that would interest a manager with no budget. I mean, if these devices are still running 386 processors and Win2K, would you get on the internet with them?
