Will Russian Hackers Affect this Year's US Election?

Nearly a year after Russian government hackers meddled in the 2016 US election, researchers at cybersecurity firm Trend Micro zeroed in on a new sign of trouble: a group of suspect websites. The sites mimicked a portal used by US senators and their staffs, with easy-to-miss discrepancies. Emails to Senate users urged them to reset their passwords, an apparent attempt to steal them.

Once again, hackers on the outside of the American political system were probing for a way in.

"Their attack methods continue to take advantage of human nature and when you get into an election cycle the targets are very public," said Mark Nunnikhoven, vice president of cloud research at Trend Micro.

Now the US has entered a new election cycle. And the attempt to infiltrate the Senate network, linked to hackers aligned with Russia and brought to public attention in July, is a reminder of the risks, and the difficulty of assessing them. Newly reported attempts at infiltration and social media manipulation, which Moscow officially denies, point to Russia's continued interest in meddling in US politics. There is no clear evidence, experts said, of efforts by the Kremlin specifically designed to disrupt elections in November. But it wouldn't take much to cause turmoil.

"It's not a question of whether somebody is going to try to breach the system, to manipulate the system, to influence the system," said Robby Mook, who managed Hillary Clinton's presidential campaign and co-directs a Harvard University project to protect democracy from cyberattacks, in an interview earlier this year. "The question is: Are we prepared for it?"

Online targeting of the US political system has come on three fronts, efforts to get inside political campaigns and institutions and expose damaging information; probes of electoral systems, potentially to alter voter data and results; and fake ads and accounts on social media used to spread disinformation and fan divisions among Americans.

In recent weeks, Microsoft reported that it had disabled six Russian-launched websites masquerading as US think tanks and Senate sites. Facebook and the security firm FireEye revealed influence campaigns, originating in Iran and Russia, that led the social network to remove 652 impostor accounts, some targeted at Americans. The office of Republican Sen. Pat Toomey of Pennsylvania said hackers tied to a "nation-state" had sent phishing emails to old campaign email accounts.
US officials said they have not detected any attempts to corrupt election systems or leak information rivaling Kremlin hacking before President Donald Trump's surprise 2016 victory.

Still, "we fully realise that we are just one click away of the keyboard from a similar situation repeating itself," Dan Coats, the director of national intelligence, said in July.

Michael McFaul, the architect of the Obama administration's Russia policy, has said he believes Russian President Vladimir Putin perceives little benefit in a major disruption effort this year, preferring to keep his powder dry for the 2020 presidential contest.

But even if the upcoming elections escape disruption, that hardly means the US is in the clear.

Trump's decision in May to eliminate the post of White House cybersecurity coordinator confirmed his lack of interest in countering Russian meddling, critics say. Congress has not delivered any legislation to combat election interference or disinformation. Last week, a review of the bipartisan "Secure Elections Act" was canceled after Republican leaders registered objections, congressional staffers said.

The risks extend beyond the midterms
"The biggest question is going to be how are you going to make sure that people actually trust the results, because democracy relies on credibility," said Ben Nimmo, a researcher at the Atlantic Council. "It's not over after November."
Experts said it is too late to safeguard US voting systems and campaigns this election cycle. But with two months to go, there is time enough to take stock of the Russian-sponsored interference that has come to light so far, and to assess the risks of what we don't know.

In mid-2016, hackers found a way into the voter registration database at the Illinois State Board of Elections and spent three weeks poking around. After the breach was discovered, officials said the infiltrators had downloaded the records of up to 90,000 voters.

It's not clear that anything nefarious was done with those records. But when special counsel Robert Mueller charged a dozen Russian intelligence agents with hacking this July, the indictment clarified the potential for damage. The hackers had, in fact, stolen information on 500,000 voters, including dates of birth and partial Social Security numbers.

"The internet allows foreign adversaries to attack Americans in new and unexpected ways," Deputy Attorney General Rod Rosenstein said, in announcing the indictments.

The Illinois hack is the most notable case of foreign tampering with U.S. election systems to come to light. There has been no evidence of efforts to change voter information or tamper with voting machines, though experts caution hackers might have planted unseen malware in far-flung election systems that could be triggered later.

Potential problems are not limited to Illinois.
A week before the 2016 general election, Russian intelligence agents sent spear-phishing emails to 122 local elections officials who were customers of VR Systems, a Tallahassee, Florida-based election software vendor.
In addition to Illinois, at least 20 other state systems were probed by the same Russian military unit that targeted VR's customers, federal officials said.

"My unofficial opinion is that we're kind of fooling ourselves if we don't think that they tried to at least make a pass at all 50 states," said Christopher Krebs, the undersecretary for critical infrastructure at DHS.

In June 2017, the federal Election Assistance Commission informed dozens of local voting officials that hackers had attempted to penetrate the systems of a voting system manufacturer, presumed by many to be VR.

"Attempts have been made to obtain voting equipment, security information and in general to probe for vulnerabilities," the EAC wrote officials. Despite those concerns, federal officials have moved slowly to share intelligence with officials who supervise elections. As of mid-August, 92 state officials had been given clearances.

Much of the machinery used to collect and tabulate votes is antiquated, built by a handful of unregulated and secretive vendors, with outdated software that makes them highly vulnerable to attacks, researchers said.

"If someone was able to compromise even a handful of voting machines I think that would be sufficient to cause people to not trust the system," said Sherri Ramsay, a former National Security Agency senior executive. This spring, a website used by Knox County, Tennessee, officials to display election-night results was knocked offline by an unidentified perpetrator. While the attack was little noticed, it would not be hard to replicate, experts said. Combined with a social media campaign alleging vote tampering, such mischief could cast a shadow over an election, they said.

Election officials have been sandboxing such scenarios for weeks as they prepare for November's balloting.
There's already a Russian playbook for thwarting an election: In Ukraine in 2014, the presidential contest was disrupted by a virus that scrambled election-management software, followed by a media disinformation campaign claiming a pro-Moscow candidate had won.

Democratic Sen. Claire McCaskill of Missouri is plenty busy this fall as she seeks re-election in a state that voted overwhelmingly for Trump. So when an attempt by Russian hackers to infiltrate her campaign came to light in July, she acknowledged it only briefly.

"While this attack was not successful, it is outrageous that they think they can get away with this," McCaskill said. "I will not be intimidated. I've said it before and I will say it again, Putin is a thug and a bully."

The failed hack, which included an attempt to steal the password of at least one McCaskill staffer through a fake Senate login website identified by Microsoft, is the most notable instance of attempted campaign meddling by Russia made public this year.
Microsoft executives said recently that the company had detected attempts by Russia's GRU military intelligence agency to hack two senators. One was presumably McCaskill, but the others have not been identified.

The group behind that attempt, Fancy Bear, is the same one indicted July 13 and identified by Microsoft as the creator of fake websites targeting the Hudson Institute and the International Republican Institute, frequent critics of the Kremlin. Since the summer of 2017, Fancy Bear has aggressively targeted political groups, universities, law enforcement agencies and anti-corruption nonprofits in the US and elsewhere, according to TrendMicro.

"Russian hackers appear to be broadening their target set, but I think tying it to the midterm elections is pure speculation at this point," said Michael Connell , an analyst at the federally funded Center for Naval Analyses in Arlington, Virginia.
There have been other recent reports of U.S. congressional campaign websites targeted by hackers, but that doesn't mean Russian agents are to blame. Experts said most are likely run-of-the-mill criminal cyberattacks seeking financial gain rather than political change.

But Eric Rosenbach, who served as assistant secretary of defense for global security during President Barack Obama's administration and is now at Harvard, said the limited examples of Russian intrusion that have come to light may be only a tip to more significant, still hidden schemes.

"There probably have already been compromises of important campaigns in places where it could sway the outcome or undermine trust in the election," Rosenbach said. "We might not see that until the very last moment."
The risk is magnified by poor efforts to protect many campaign sites, said Josh Franklin, until last month the lead National Institutes of Standards and Technology researcher on voting systems security.

Nearly a third of the 527 House of Representatives campaigns examined by Franklin and fellow researchers had such poor cybersecurity they were graded worse than failing.

"We couldn't go any further with our scan," he said. "We were told that we would be in danger of being sued by the candidate campaigns."

Since the 2016 election, officials and researchers have learned much more about such infiltration. The May release by House Democrats of more than 3,500 ads placed on Facebook by Russian agents from 2015 to 2017 revealed a deliberate campaign to inflame racial divisions in the US Facebook and other tech companies say they are working hard to combat such behavior. But it is not nearly enough, experts said.

The companies must be forced to act faster against Russian and other disinformation campaigns and be made more accountable, said Dipayan Ghosh, a fellow at Harvard's Kennedy School of Government who has worked at both the White House and Facebook on tech policy including social media manipulation.

Ghosh said quantifying Russian disinformation on social media is difficult because they "are operating behind a commercial veil" of for-profit networks that are not subject to public scrutiny.

"The industry is currently accountable to nobody," Ghosh said.

After Facebook was criticized for allowing a data-mining firm to collect information about millions of its users, CEO Mark Zuckerberg said he was open to regulation. But the "Honest Ads Act," which would require online political ads to be identified as they are in traditional media, has stalled in Congress.

Experts said they are uncertain of the effectiveness of Russian disinformation, complicating assessment of the threat it might now pose.

In 2016, Russian actors likely did the greatest damage by hacking and leaking emails from Hillary Clinton's campaign and Democrats' national organization, which were widely reported by the news media. But comparatively few American voters saw individual pieces of misinformation on social media, making it unlikely that it swayed votes, said Brendan Nyhan, a University of Michigan political scientist who has analyzed the scope and impact of the Russian operations.

"There's still too much simplistic thinking about all-powerful propaganda that doesn't correspond to what we know from social science about how hard it is to change people's minds. I'm more concerned about the threat of intensifying polarization and calling the legitimacy of elections into question than I am about massive swings in vote choice," he said.

Still, it is clear that Russian intelligence views its efforts as successful and their example has already stirred others, like Iran, to try similar strategies. Such efforts are bent on coloring US politics even if they are not tied to a specific election, said Lee Foster, FireEye's manager of information operations analysis.

"Where do you draw the line between efforts to influence the election or an election or efforts to influence US domestic politics in general?" Foster said. "We can't just think in the context of the next election. It's not like this goes away after the midterms."

Security Week:

You Might Also Read: 

Bots & Ballots Make A Sophisticated Threat:

Is Technology Undermining Democracy?:

 

« Britain Plots Cyber Revenge On Russia For Novichok Poisonings
The Rise of AI Driven DDoS Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

QNAP Systems

QNAP Systems

QNAP Systems, Inc. delivers world class network attached storage (NAS) and network video recorder (NVR) solutions.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

Second Nature Security (2NS)

Second Nature Security (2NS)

2NS provide vulnerability assessment, penetration testing, security audit, application and network security and secure software development processes.

Kenexis

Kenexis

Kenexis is a consulting engineering firm providing services for process hazards analysis, fire and gas mapping, and industrial cybersecurity.

Heimdal Security

Heimdal Security

Heimdal Security provides proactive protection against cyber threats including ransomware, exploit kits and financial malware.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

Appvisory

Appvisory

Appvisory by MediaTest Digital is the leading Mobile Application Management-Software in Europe and enables enterprises to work secure on smartphones and tablets.

Zivaro

Zivaro

Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments.

Pentesec

Pentesec

Pentesec is a security specialist offering professional services, managed security services and expertise within an extensive range of security technologies.

Cigent Technology

Cigent Technology

Cigent keeps the most valuable asset in your organization safe—your data. Our advanced endpoint and managed network security solutions prevent ransomware and data theft.

Sixteenth Air Force (Air Forces Cyber)

Sixteenth Air Force (Air Forces Cyber)

Air Forces Cyber provides mission integration of Information Warfare at operational and tactical levels, creating dilemmas for adversaries in competition and, if necessary, future conflicts.

Red Access

Red Access

Red Access provides the first SaaS-based platform to protect web browsing from cyber threats on any browser and any in-app while ensuring frictionless user experience.

SilverEdge Government Solutions

SilverEdge Government Solutions

SilverEdge is a next generation provider of innovative and proprietary cybersecurity, software, and intelligence solutions for the Defense and Intelligence Communities.

Red Maple Technologies

Red Maple Technologies

Started and run by engineers from the UK Intelligence and Defence communities, Red Maple is a technical consultancy and product company.

CyFlare

CyFlare

CyFlare’s security platform integrates your tools with ours – delivering true positives, automated remediation, and interactive analytics built for security management teams.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.