Insider threats will “likely be an issue” that election centers across the US will face in the coming weeks, according to a US intelligence memo viewed by WIRED. These threats, the memo warns, “could derail or jeopardize a fair and transparent election process.”
The bulletin cites the Department of Homeland Security’s definition of an insider threat: someone who “will use his or her authorized access, wittingly or unwittingly, to do harm to an entity.”
This stark warning was rolled into a situational awareness bulletin on the broader threat landscape faced by election centers heading into the 2024 election. It was published this month by Colorado Information Analysis Center (CIAC), Colorado’s counterterrorism center, which compiles intelligence from federal, state, and local agencies into threat reports shared with its law enforcement partners. This warning comes as election deniers across the US have assumed positions at all levels of the electoral system.
“The entire threat picture is elevated for this election,” Colorado’s Division of Homeland Security and Emergencies Management director Kevin Klein tells WIRED. “I think it’s fair to say that insider threats are a greater concern than in previous elections.”
“Due to the nature of the United States election process, many people are involved in administering or carrying out responsibilities that support elections, all of whom have a potential to be an insider threat,” states the bulletin, which was first obtained by Property of the People, a nonprofit focused on transparency and national security.
The intelligence bulletin outlines several examples of insider threat “red flag” behavior, including attempts to alter or destroy ballots, giving unauthorized personnel access to voting centers, accessing the computer network at odd hours, and turning off security cameras.
The bulletin doesn’t say why intelligence officials concluded that insider threats were likely this election. But since 2020, there has been a frenzied effort by election conspiracy theorists to install MAGA loyalists and election deniers as workers at all levels of the electoral process.
Countless conspiracy-fueled “election integrity” outfits have sprung up in recent years. Initially, most were focused on training Donald Trump loyalists as “poll watchers”—civilians who observe the democratic process and flag any concerns. Their ambitions have since broadened to include “poll workers,” seeking to install election deniers in positions responsible for administering the election in counties and cities around the US.
Many of these initiatives have direct links to Trump’s inner circle. An investigation published this summer by Rolling Stone and American Doom identified nearly 70 pro-Trump conspiracy theorists holding positions as election officials in key battleground counties. Trump’s former national security adviser Michael Flynn and far-right political strategist Roger Stone have been key advisers for an initiative called the America Project, which was bankrolled in part by election denier and Overstock CEO Patrick Byrne, and has sought to train activists in poll watching and election canvassing. Christian nationalist pastors who believe that God is working through Donald Trump have been traveling and rallying across swing states, seeking to recruit poll workers.
During the 2022 midterms, two “former” Proud Boys qualified to become poll workers in Miami-Dade County; a third was disqualified on account of his indictment for the January 6 Capitol riot. The same year, a Michigan woman with ties to the Proud Boys who urged rioters to “storm the gates” at the Capitol on January 6 was hired as an election worker by a county clerk’s office.
Earlier this year, MAGA election deniers orchestrated a takeover of Georgia’s state board of elections and introduced a slew of new rules, such as requiring election officials to conduct a “reasonable inquiry” into the results prior to certification and hand counting ballots cast at polling places on Election Day. The state board was recently blocked by Georgia’s Supreme Court from enacting its new rules.
Special election proceedings this summer in Glendale, a Milwaukee suburb, foreshadowed the kinds of scenes US counties might expect to see in the coming weeks. A group of partisan poll watchers created chaos when they contested every absentee ballot that was being cast, and reportedly turned “disruptive” when they were repeatedly reminded of the rules about meritless ballot challenges. Glendale’s Mayor told CNN: “It certainly gave us pause about what we’ll see later.”
“These documents are not typical election threat intelligence,” says Ryan Shapiro, executive director of Property of the People. “The documents are unmistakably the product of a radically heightened threat environment due to January 6 and Trump’s unambiguous incitement of his followers to election and immigration-related violence.”
What were once considered sleepy and mundane administrative roles in government have become the subjects of intense scrutiny in the past four years. Election workers across the US have reported death threats against them and their families, stalking, and harassment. The volume of threats against those workers was so significant that the Justice Department was compelled to form the “Election Threats Task Force” in 2021.
And the threats have been a major factor in what’s been the highest rate of election worker turnover seen in decades; at least 36 percent of local election offices have changed hands since 2020. By 2022, in 50 out of 67 counties in Pennsylvania, election chiefs had left their positions due to threats.
WIRED asked Klein, Colorado’s DHSEM director, whether these widely-publicized efforts by the far right to gain a foothold in the electoral process had informed their insider threat assessment. “I think you’d be foolish not to be concerned about that,” Klein said in response. “But that’s our job, to protect both the physical security of our election infrastructure and cyber security of our election infrastructure.”
“That means being aware that there are insider threats,” he added, “and sharing that information with clerks and local law enforcement, so they know what to be on the lookout for.”
WIRED recently reported that US intelligence had been quietly issuing warnings to government agencies for months about extremist plots to attack election infrastructure. In particular, they flagged online posts offering guides for blowing up ballot drop-boxes and evading law enforcement detection. Intelligence agencies are also monitoring “civil war” rhetoric online, and the potential for that type of speech to mobilize individuals towards election-related violence. Internally, intelligence officials have conceded that they currently “lack a complete threat picture” going into the election, due to extremists’ shift toward more heavily encrypted messaging platforms.
On cyber defense, another US intelligence memo, first reported by WIRED, suggests that the threat of cybercriminals targeting election infrastructure will ultimately outweigh threats posed by rival nations such as China, Russia, and Iran. “Since at least 2022, financially motivated cyber criminal attacks have delayed election-related processes using ransomware attacks or by driving victims to remediate an attack,” the memo says, while adding that nation-state actors often prefer conducting cyber-enabled espionage and malign influence campaigns over disrupting election systems directly.
Criminal hackers, meanwhile, have “probably intentionally disrupted or gained unauthorized access to US election-related networks,” the memo says, citing an internal review of DHS reporting.