Summary
A newly declassified intelligence memorandum and investigative reporting have revealed that the vulnerabilities and foreign threats facing the 2020 US presidential election were more extensive than previously disclosed. The National Intelligence Council (NIC) assessed in January 2020 that Russia, China, Iran, and North Korea all possessed the capability to compromise US election infrastructure, with particular concern for internet-connected voter registration databases and the transmission of preliminary results. According to Just the News, China and Iran successfully accessed voter registration data in multiple states, with China also sending fake driver’s licenses to the US. Despite these breaches, senior officials publicly declared the 2020 election the most secure in US history, however, gaps in communication, politicization of intelligence, and persistent technical vulnerabilities continue to challenge the resilience of US elections.
Detailed Report
1. Nationwide Technical Vulnerabilities in Election Infrastructure
The US election system’s decentralized structure left it exposed to a range of technical vulnerabilities. The NIC memorandum, declassified by DNI Tulsi Gabbard, identified internet-connected voter registration databases as primary targets, with China and Iran later confirmed to have breached these systems in multiple states. Electronic tabulation systems faced risks from denial-of-service (DOS) attacks and man-in-the-middle attacks on results transmission, which could delay reporting and create public uncertainty. Voting machines, particularly the Dominion ImageCast X deployed statewide in Georgia and in 16 other states, were found to have nine critical vulnerabilities according to a June 2022 CISA advisory. These included outdated Android operating systems, smartcard authentication bypasses, and a Zip Slip vulnerability. Congressional testimony highlighted that up to 59% of election technology suppliers were based in China or Russia, raising supply chain concerns. At least 10 states had backend election management systems connected to the internet, and the dominance of a single vendor for electronic pollbooks created additional risks. The rapid expansion of mail-in voting during the pandemic further increased the attack surface for adversaries.
2. Foreign Interference: China, Iran, Russia, and North Korea
· China accessed voter registration databases in several states and sent fake driver’s licenses to the US, reportedly to aid Joe Biden’s campaign, as detailed by Just the News and the NIC memo. Microsoft reported that Chinese actors targeted non-campaign email accounts linked to the Biden campaign and attempted to compromise cellphones used by Donald Trump, JD Vance, and Kamala Harris’s associates. While the intelligence community assessed that China weighed direct interference, it ultimately concluded the costs outweighed the benefits for altering the presidential race. A confidential human source report on Chinese meddling was recalled before investigation, according to Just the News.
· Iran penetrated voter registration databases and sent threatening emails to Democratic voters in Alaska and Florida, impersonating the Proud Boys. The US sanctioned the IRGC, IRGC-QF, and five Iranian entities, and indicted Iranian hackers in November 2021.
· Russia continued Internet Research Agency troll farm operations, with Yevgeniy Prigozhin financing disinformation campaigns. Ukrainian parliamentarian Andrii Derkach was sanctioned as an active Russian agent. The SolarWinds breach, attributed to Russia’s SVR/APT29, and the DoppelPaymer ransomware attack on Hall County, Georgia, demonstrated persistent cyber threats, though no evidence was found of vote tally alteration.
· North Korea and non-state groups were assessed as having the capability to compromise election infrastructure, but no specific incidents were documented for 2020.
3. Handling and Communication Failures
The NIC briefed President Trump at the White House in February 2020, with CIA, FBI, and DHS officials present, on the extensive vulnerabilities and foreign threats. However, the public was never fully informed of the confirmed Chinese and Iranian database breaches. Chris Krebs, then director of CISA, publicly declared the 2020 election “the most secure in American history.” Christopher Porter, former National Intelligence for Cyber, criticized the suppression of intelligence findings and the politicization of the intelligence community’s response. The intelligence community’s analytic ombudsman concluded in January 2021 that analysts downplayed China’s actions due to political biases. According to Just the News, the CIA refused to release the declassified report despite a presidential order, and a confidential human source report on Chinese interference was recalled before investigation. The ODNI’s March 2021 assessment found unanimity on Russian and Iranian intentions but not on China’s. The Intelligence Community Inspector General, under Christopher Fox, launched a review of whistleblower complaints, including those raised by Porter.
4. Pennsylvania: A Case Study in Vulnerability and Reform
The Blue Ribbon Commission found that Pennsylvania’s transmission of preliminary results to public-facing websites was vulnerable to man-in-the-middle attacks, which could manipulate data in transit and create doubts about election security. The SURE voter registration system was identified as a critical asset, and by June 2020, all 67 counties had transitioned to paper ballots, providing a verifiable audit trail. The Luzerne County incident, where military ballots were mistakenly discarded, highlighted the need for improved training and procedures. Over 20 lawsuits challenged mail-in ballot procedures, but the Pennsylvania Supreme Court ruled that provisional ballots must be counted if mail-in ballots were invalid. CISA provided targeted support to rural jurisdictions to enhance cybersecurity and resilience.
5. Other Swing States: Michigan, Wisconsin, Georgia, and Arizona
· Michigan processed over 3.3 million absentee ballot requests, with 70,000 delayed in Detroit due to administrative bottlenecks. The Qualified Voter File underwent upgrades and penetration testing, and a risk-limiting audit with over 200 precinct hand-counts confirmed the results. Antrim County’s forensic analysis revealed outdated antivirus software, unencrypted drives, and shared passwords, underscoring persistent security gaps.
· Wisconsin’s MyVote absentee ballot system faced vulnerabilities, and a DOJ lawsuit sought access to voter data. Duplicate voter identifier issues affected over 874,000 records, with 141 confirmed duplicate voting cases. Voting machines were not internet-connected during voting, and audits confirmed result accuracy.
· Georgia’s statewide deployment of Dominion ICX machines was scrutinized after Princeton CITP identified critical flaws. The state delayed CISA-recommended remediation until after 2024. The FBI seized Fulton County ballots, and a full hand recount confirmed the results. The State Election Board issued a reprimand for procedural errors, and Hall County suffered a DoppelPaymer ransomware attack.
· Arizona saw 72% of ballots cast by mail. The Cyber Ninjas audit, despite controversy, confirmed the official results. The FBI subpoenaed Maricopa County data, and the DOJ sued for access to voter rolls.
Conclusion
The 2020 US presidential election exposed significant technical vulnerabilities and was the target of sophisticated foreign interference campaigns by China, Iran, and Russia. While no evidence emerged of vote tally alteration, the breaches of voter registration databases and the exploitation of procedural weaknesses underscored the need for continuous vigilance.