In Georgia, a database used to verify voter signatures was blocked by Russian hackers in a ransomware attack that also included voter registration data online.
In California and Indiana, Russia's most formidable state hackers, a unit affiliated with the Federal Security Service [F.S.B.], buried their way into local networks and hit some electoral systems, although it is still unclear why.
In Louisiana, the National Guard was asked to stop cyberattacks on small government offices using tools previously only used in attacks by North Korea.
And on Tuesday night someone hacked the Trump campaign and defaced their website with a threatening message in broken English warning that more was to come.
None of these attacks were worth much. But from the sprawling war room of the United States Cyber Command to those overseeing the elections on Facebook, Twitter, Google and Microsoft, experts are looking closely for more "perception hacks". These are minor attacks that can easily be exaggerated into something larger and possibly used as evidence that the entire voting process is "rigged" as President Trump has claimed.
The phrase comes up every time Christopher Krebs, the Homeland Security official who is responsible for the security of the electoral systems, talks about the main weaknesses in these elections. His concern is not a massive attack, but a series of smaller ones, perhaps more concentrated in swing states, the effects of which are more psychological than real.
Perception hacks are just one of many issues that occupy election officials and cybersecurity experts in the final days of voting – and their concerns won't end on election day.
One theory gaining ground within American intelligence is that after the Russians have indicated they remain in key American systems despite reinforced defenses and new offensive operations by Cyber Command, they could suspend for the next week – until it is clear whether the vote will close.
According to this theory, the Russian game would be to ignite the flames of state-to-state election campaigns and generate or exacerbate fraud claims that would further undermine American confidence in the integrity of the electoral process.
The Iranians would continue their game book, which American intelligence officials view as vandalism rather than serious hacking, filled with threats in garbled English.
Stay informed about the 2020 election
However, American experts have warned local officials that on November 3, the Iranians could attempt to cripple or disfigure the websites of state secretaries, affecting reporting of the results and giving the impression of being inside the electoral infrastructure, even if they never were and the election results were not affected.
Here's a look at some of the potential threats and what has been learned behind the scenes so far in a year of cyber fighting.
Government officials try to reassure voters that voting machines are hard to hack on a large scale: they are almost entirely offline. States and counties use their own systems, and the breadth and variety of those systems, it is argued, make it nearly impossible for a single attack to attack all of them.
However, that does not eliminate the risk. At the University of Michigan, J. Alex Halderman turned his lab into an arcade of voting machine security holes and found ways to create "attacks that can spread from machine to machine like a computer virus and silently change election results."
Others point out that no one has to hack every state to wreak havoc. In a tight election, an attacker could target Atlanta, Philadelphia, Detroit or Milwaukee and delay reporting the results of a campaign field.
The other flaw in the claim to diversity as security, say electoral security experts, is the constellation of contractors supporting elections in multiple states and counties. "To claim that diversity protects elections is a logical mistake," said Harri Hursti, an election security advisor.
Mr. Hursti is concerned about a scenario where ballot scanners could be reprogrammed to read a vote for Joseph R. Biden Jr. as a vote for Mr. Trump, or vice versa.
"A single point of failure could endanger the electoral infrastructure in several counties and states," warned Hursti.
His concern is strictly cautious, but not unknown. Not long after the 2016 elections, a National Security Agency whistleblower announced that VR Systems, a Florida company that was providing check-in software to several states, including critical swing states such as Florida and North Carolina, had announced that prior to the Vote was compromised by Russian hackers. There is no evidence that access affects the final vote.
The constant drumbeat of cyberattacks and outside interference has forced states to take protective measures. States have been working to print paper backups of voter registration data and they have phased out machines that leave no paper backups.
Mr Krebs said that next week about 92 percent of all votes cast would be "linked" to some sort of paper record, a significant increase from four years ago.
Oct. 29, 2020, 2:01 p.m. ET
As mail-in ballots increase this year, machine voting as a percentage of the total vote will also decrease. The vulnerabilities that the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency focuses on include potential attacks on voter registration, verification and voting reporting systems, secretaries of state computer networks or power outages during elections.
These types of attacks would not change the number of votes. But if done artfully enough, especially in battlefield states or key districts within those states, they could be used to sow doubts about the legitimacy of the elections.
Some officials still wonder if that was the motivation for some of Russia's meddling in 2016, when hackers "scanned" registration databases in all 50 states, breached systems in Arizona and Florida, and in an unusually vociferous way stole voter registrations in Illinois nothing done with it.
Many of these vulnerabilities have been fixed thanks to an aggressive campaign by the Department of Homeland Security and states. But the vote is a local matter and there are still weaknesses, as Florida Governor Ron DeSantis discovered when he went to vote early in Tallahassee, the state capital. Someone – the police arrested a 20-year-old from Naples, Florida – had changed the governor's address in West Palm Beach.
That is why there is so much concern about a Russian group called Energetic Bear. Over the years the group believed to be a unit of the F.S.B. has breached American power grids, water treatment plants, a nuclear power plant in Kansas and, more recently, web systems at San Francisco International Airport.
And from September onwards it began to enter the systems of state and local governments. So far, intelligence officials have only breached two servers in California and Indiana.
The most immediate threat, according to the authorities, is ransomware attacks, which could freeze part of the voting system and delay results.
This is a sign of how concerned the intelligence community and the private sector are about ransomware that over the past month both Cyber Command and a Microsoft-run group of companies shut down servers around the world connected to TrickBot, a number of Tools That Are Used In Some Of The Most Sophisticated Ransomware Operations.
"The point here is to disrupt TrickBot operations during primary election activities," said Tom Burt, the Microsoft manager in charge of operations.
However, there is already evidence that the hackers behind TrickBot have switched to new tools, according to Mandiant, a cybersecurity firm. Over the past month and a half, researchers have found that the same people have sparked a spate of malicious new ransomware attacks that have taken American hospitals offline, just as coronavirus cases are increasing.
"They could use the same tools against anyone they wanted, be it elections or hospitals," said Kimberly Goody, cybercrime analyst at Mandiant.
A ransomware attack in Gainesville, Georgia last week locked voter signature verification systems, forcing electoral workers to do things the old-fashioned way of manually drawing registration cards and inspecting signatures.
The attack, which apparently was not aimed at the elections, but disrupted the electoral systems as collateral damage, exposed persistent vulnerabilities in Georgia, a major battlefield state.
Internal emails showed that the Georgian foreign minister had disabled two-factor authentication in the past few weeks after his voting software collapsed under the flood of early voters. Two-factor authentication, which prevents hackers from breaking into systems with a stolen password, was key to the Department of Homeland Security's electoral security strategy. In this case, emails show that the foreign minister simply disabled them.
Prepare for the aftermath
Mr Trump has already promoted the idea that mail-in ballots will be fraudulent and has tried to use small glitches in postal ballot distribution and return as evidence that the system cannot be trusted if the outcome is against directed at him.
The Cybersecurity and Infrastructure Security Agency recently released a "public notice" asking for information to be verified before it is believed or republished. But as some government officials admit, there is no cure for a president who repeats unproven rumors and conspiracy theories – except to contradict him directly.
"You have walked the line carefully," said Senator Angus King, regardless of Maine. "But the real test is coming."