U.S. Intelligence Report on Russian Election Hacking Leaves Too Many Questions Unanswered

People like fake news. According to a study by MIT, they like it more than real news, and the fake news they like the most is fake political news. The MIT study found that fake news had a 70% better chance to be retweeted than real news. In addition, the more sensational the news, the faster it would be shared. This conclusion led one of the MIT researchers to remark that, “It seems pretty clear that false information outperforms true  information.”

Before, during, and after the 2016 election the American public was inundated with fake news. This false information was, according to the Select Committee on Intelligence, manufactured and delivered by operatives supported by the Russian government, more specifically, their Internet Research Agency (IRA). Their goal was to sow discord and undermine American democracy by interfering in the U.S. elections. They targeted both the extreme left and the extreme right to reach this goal. The Committee also “found that no single group of Americans was targeted by IRA information operatives more than African-Americans.” Their goal here was, apparently, to ramp up racial tensions.

The report states that the Russian government attempted to help the Trump campaign, but their statistics seem to give this angle only incidental support. “In just the last month of the campaign, more than 67 million Facebook users in the United States generated over 1.1 billion likes, posts, comments, and shares related to Donald, Trump. Over 59 million Facebook users in the United States generated over 934 million likes, posts, comments and shares related to Hillary Clinton.” The report claims that bots were responsible for about 20% of all activity. But does any of this really matter? Because, in the end, the report concludes that there was “no evidence that vote tallies were altered or that voter registry files were deleted or modified.” I would refer to this as a ‘soft hack’ where the main goal was psychological rather than physical.

But is this really true? Did the Russians have no noticeable impact on the 2016 elections? The report doesn’t seem to support its own conclusions. A few facts rise through the numerous redactions and manage to surface, and these need to be pointed out as we may see them emerge once again during the current run up to the 2020 election.

First of all the Russians began their undermining activities during the primaries where they “may have helped sink the hopes of candidates more hostile to Russian interests long before the field narrowed.” This meant the targeting of Marco Rubio, Ted Cruz, and Jeb Bush. We can expect that they are targeting primaries now and, quite likely, targeting candidates they don’t especially like.

The report gives important information as to how Russian operatives launched their attacks. They, apparently, “exploited the seams between federal authorities and capabilities, and protections for the states.” What this means is that the states were warned that they were being targeted but that “state election officials, who have primacy in running elections, were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor.” Later, it was clear from the report that state and local officials never took the warnings seriously and left themselves open to attacks. This is similar to what happened at the DNC where, although the FBI warned them they could be targeted for an attack, they took no precautions to protect themselves.

It now appears that some of these attacks were more successful than the report may want us to believe. It does admit that an Illinois Board of Elections’ voter registry website had data stolen from it. According to some sources, the Illinois voter registration system was shut down for 10 days and the personal information of 200,000 voters was stolen. The report claims that 21 states were “scanned” by Russian hackers but does not name which states these were.

Since the release of the report, however, we now know more about some of the states that were attacked and had breaches identified. In Arizona, malware was placed into the voter registration system. The report accidentally, in my opinion, suggests that this malware was designed to steal information from a database which could include usernames and passwords. (This was subsequently confirmed in an F.B.I. report.) Florida’s biggest county, Palm Beach County, was hit by a ransomware attack before the election. Georgia was recently found to have serious vulnerabilities dating back to 2014. There are conflicting reports on how deeply Wisconsin and California were breached. In Alaska, the main election server was breached on Election Day, but the extent of this hack has not been made public.

For me, the most alarming fact from this report is that at least 40 states and possibly all states showed, in their logs, some contact with criminal IP addresses. This does not mean that these contacts all resulted in successful hacks, but that can’t be entirely ruled out either. Intrusions were noted in 21 states but whether data was exfiltrated was not clear.

Russian Attribution

The attribution to Russia was done primarily though the identification of IP addresses commonly used by Russian operatives. Tools and techniques were also similar to those commonly employed by them. Much of the attribution section of the report is redacted so we will have to assume that they have high confidence in Russian attribution.

The report includes information on attacks that occurred during the midterm elections of 2018. Oddly, after studying these attacks, the committee concluded that “we have not attributed the activity to any foreign adversaries, and we continue to work to identify the actors behind these operations.” In other words, they leave the door open to the possibility of other nation-state involvement or even to involvement by non-state actors. The bottom line here is that the 2020 election may be more targeted than any previous election and not just by Russia.

But this attribution problem surfaced even in 2016. In one of the breached states, “DHS, and FBI in the spring and summer of 2016, struggled to understand who was responsible for two rounds of cyber activity related to election infrastructure. Eventually, one set of cyber activity was attributed to Russia and one was not.” They concluded “that the hacker had used a server In Russia, but that the FBI could not confirm the attack was tied to the Russian government. DHS and FBI later assessed it to be criminal activity, with no definitive tie to the Russian government.”

What puzzled the investigators most was why Russia didn’t take these attacks further than they did. They could have altered data, for example, but, for some reason, chose not to. The rather amorphous goal of sowing distrust in election results is possible, but if the databases were altered, if the registration data did not match the voter data, the attackers could have created an Election Day meltdown in certain districts. More disturbing, however, is the possibility that Russia or other malicious actors were just doing preliminary data gathering. That is, they were scanning election networks looking for vulnerabilities that they could exploit at a later date. Will 2020 be that later date?

One of the biggest problems the DHS encountered was making states take these threats seriously. In fact, many states resented the national government trying to ‘meddle’ in their elections. This is similar to what was seen during the Iowa Caucus when the Iowa Democratic Committee refused to let the government look at its reporting app. In 2016, Russian operatives targeted the primaries, wouldn’t we expect them to do it again and do it more effectively?

Ron Wyden, one of the main authors of the report, is now trying to push for a package of election security bills. It may be too little, too late, for as Wyden remarked, “I fear the 2020 election will make 2016 look like small potatoes.” It looks like we have something to look forward to.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s