The Free Internet Project

Russian interference

Summary of Senate Intelligence Committee Report: “Russian Efforts Against Election Infrastructure”

On July 25, the Senate Select Committee on Intelligence published Volume I of a report on Russian Active Measures Campaigns and Interference.  The report stems from the committee’s bipartisan investigation into a wide range of Russian activities relating to the 2016 U.S. presidential election. Volume I reaffirmed the Intelligence Community Assessment (ICA)  that  Russian intelligence accessed elements of multiple state or local electoral boards prior to the 2016 presidential election. According to the Report, DHS concluded that the Russian government likely researched the electoral system in place in all 50 states. In fact, by September 2017, DHS concluded that 21 states were explicitly targeted by Russian government cyber actors.

The Committee determined that “scanning” of election-related state infrastructure was the most widespread activity conducted by the Russian government prior to the election. Scanning is a form of reconnaissance where an adversary searches for weaknesses, access points, and vulnerabilities. Dr. Samuel Liles, Acting Director of Cyber Division for the Office of Intelligence and Analysis, characterized these activities as “analogous to somebody walking down the street and looking to see if you are home. A small number of systems were unsuccessfully exploited, as though somebody had rattled the doorknob but was unable to get in . . . [however] a small number of the networks were successfully exploited. They made it through the door."

It should be noted that the Report provides no evidence that votes were changed, vote tallying systems were manipulated, or that any voter registration data was altered or deleted during the 2016 election cycle. Despite this, there is reason to believe that Russia will continue to escalate its interference in future elections. When testifying before the Committee, Michael Daniel, former Assistant and Cybersecurity Coordinator for President Obama, warned that mapping is done “so that [Russia] could actually understand the network [and] establish a presence so [they] could come back later and actually execute an operation.” Moreover, in an addendum providing the additional views of Senators Harris (D-CA), Bennet (D-CO), and Heinrich (D-NM), the Report states that “Russian operatives undoubtedly gained familiarity with our election systems and voter registration infrastructure—valuable intelligence that it may seek to exploit in the future.”

At the end of the Report, the Committee provided a comprehensive list of recommendations aimed at preventing Russia from interfering in future elections.

1.  Reinforce States' Primacy in Running Elections

The Committee recommends reinforcing the role of each state in administering elections while the federal government should ensure they receive the necessary resources and information. This recommendation received pushback from Senator Wyden (D-OR) who calls for mandatory, nation-wide cybersecurity requirements. Wyden argues that Congress's constitutional role in regulating federal elections is well-established and that the Russian attacks are too complex and too serious to be left solely to state and local officials. Wyden went so far as to say that “[w]e would not ask a local sheriff to go to war against the missiles, planes and tanks of the Russian Army. We shouldn't ask a county election IT employee to fight a war against the full capabilities and vast resources of Russia's cyber army.”

2.  Create Effective Deterrence

The Committee recommends that the U.S. establish an international cyber doctrine to limit certain cyber activity. This doctrine would be similar to the existing international norms and treaties about the use of technologies and weapons systems. The government should treat a violation of this doctrine would be viewed as a hostile act and will be responded to appropriately. The Committee made it clear that the U.S. “should not limit its response to cyber activity; rather, it should create a menu of potential responses that will send a clear message and create significant costs for the perpetrator.”

3.  Improve Information Gathering and Sharing on Threats

The Committee recommends that the federal government, state governments, and local governments should establish clear channels of communication between one another. While this may seem rather rudimentary on its face, one of the key components of information sharing about elections is security clearances for appropriate officials at the state and local level. Since the 2016 election, DHS has compiled a list of officials to contact in every state if there is a threat. In addition, DHS is seeking to obtain security clearances for up to three election officials per state. Lastly, federal officials are working to declassify information in order to provide the greatest possible warning to state and local officials without compromising our own national intelligence.

4.  Secure Election-Related Cyber Systems

Despite the expense, the Committee recommends that cybersecurity needs to become a higher priority for election-related infrastructure. To do this, election officials should work with DHS to evaluate the security of their election systems, voter registration systems, state records, and other pre-election activities. The Report stated that in 2016, “cybersecurity for electoral infrastructure at the state and local level was sorely lacking.” The Committee additionally recommends that DHS creates an advisory panel to give expert-level advice on how states and localities run elections. Using this advice, DHS should develop procedures and processes to evaluate and routinely provide guidance on relevant vulnerabilities associated with voting systems.

5.  Take Steps to Secure the Vote Itself

The Committee recommends that states act with urgency to replace outdated and vulnerable voting systems. At a minimum, any machine purchased going forward should have a voter-verified paper trail and remove (or render inert) any wireless networking capability. This is because paper ballots and optical scanners are the least vulnerable to cyber-attack. However, in order for paper ballots to be a legitimate means of tallying votes, there must be a secure chain of custody for those ballots. For this reason, the Committee recommends that states reexamine their safeguards against insertion of fraudulent paper ballots at the local level. Lastly, the Committee recommended that vendors of election equipment be briefed about the vulnerabilities in both the machines and the supply chains for the components of their machines.

6.  Assistance for the States

Finally, the Committee outlined its assessment of how the federal government can assist state and local governments in ensuring free and fair elections. State officials told the Committee the main obstacle to improving cybersecurity and purchasing more secure voting machines is cost. In March 2018, Congress appropriated $280 million in grants aimed at improving election security. Among other things, these funds will go toward replacing voting machines, hiring additional IT staff, updating software, and contracting with vendors to provide cybersecurity services. The Committee recommends that the Election Assistance Commission—the entity responsible for administering the grants—regularly report to Congress on how the states are using those funds, whether more funds are needed, and whether states have both replaced outdated voting equipment and improved cybersecurity.

Above all, this Report serves as a reminder that since 2014, Russia has been exploiting weaknesses in the American electoral system in order to sow discord and distrust among the American public. As former Deputy Director of the FBI, Andrew McCabe, told the Committee, the Russians “might not be effective the first time or the fifth time, but they are going to keep at it until they can come back and do it in an effective way." The committee plans to release several more installments of its report in the fall, focusing on the "Intelligence Community Assessment (ICA) of Russian interference, the Obama Administration’s response to Russian interference, the role of social media disinformation campaigns, and remaining counterintelligence questions."

Should tech companies do more for election security?: hard lessons from Russian social media warfare in 2016 U.S. elections

Bill Gates, founder of Microsoft, joined the growing number of high-profile individuals demanding that the U.S. government step up its regulation of big tech companies. In a June 2019 interview at the Economic Club of Washington, DC, Gates said, “Technology has become so central that governments have to think: What does that mean about elections?” Gates focused on the need to reform user privacy rights and data security.

This concern comes following the details of a Russian-led social media campaign to “sow discord in the U.S. political system through what it termed ‘information warfare’” outlined in Volume I Section II of the Mueller Report.  According to the Mueller Report, a Russian-based organization, known as the Internet Research Agency (IRA), “carried out a social media campaign that favored presidential candidate Donald J. Trump and disparaged presidential candidate Hillary Clinton.” As early as 2014, IRA employees traveled to the United States on intelligence-gathering missions to obtain information and photographs for use in their social media posts. After returning to St. Petersburg, IRA agents began creating and operating social media accounts and group pages which falsely claimed to be controlled by American activists. These accounts addressed divisive political and social issues in America and were designed to attract American audiences. The IRA's operation also included the purchase of political advertisements on social media in the names of American persons and entities.

Once the IRA-controlled accounts established a widespread following, they began organizing and staging political rallies within the United States. According to the Mueller Report, IRA-controlled accounts were used to announce and promote the events. Once potential attendees RSVP’d to the event page, the IRA-controlled account would then message these individuals to ask if they were interested in serving as an “event coordinator.” The IRA then further promoted the event by contacting US media about the event and directing them to speak with the coordinator. After the event, the IRA-controlled accounts posted videos and photographs of the event. Because the IRA is able to acquire unwitting American assets to contribute to the events, there was no need for any IRA employee to be present at the actual event.

Throughout the 2016 election season, several prominent political figures [including President Trump, Donald J. Trump Jr., Eric Trump, Kellyanne Conway, and Michael Flynn] and various American media outlets responded to, interacted with, or otherwise promoted dozens of tweets, posts, and other political content created by the IRA. By the end of the 2016 U.S. election, the IRA had the ability to reach millions of Americans through their social media accounts. The Mueller Report has confirmed the following information with individual social media companies:

  1. Twitter identified 3,814 IRA-controlled accounts that directly contacted an estimated 1.4 million people. In the ten weeks before the 2016 U.S. presidential election, these accounts posted approximately 175,993 tweets.
  2. Facebook identified 470 IRA-controlled accounts who posted more than 80,000 posts that reached as many as 126 million persons. IRA also paid for 3,500 advertisements.
  3. Instagram identified 170 IRA-controlled accounts that posted approximately 120,000 pieces of content.

Since the details of the IRA’s social media campaign were publicized, big tech companies have been subject to heightened levels of scrutiny regarding their effort to combat misinformation and other foreign interference in American elections. However, many members of Congress were pushing for wide-ranging social media reform even before the release of the Mueller Report.

In April 2018, Facebook Founder and CEO Mark Zuckerberg testified over a two-day period during a joint session of the Senate Commerce and Judiciary Committees and the House Energy and Commerce Committee. These hearings were prompted by the Cambridge Analytica scandal. Cambridge Analytica—a political consulting firm with links to the Trump campaign—harvested the data of an estimated 87 million Facebook users to psychologically profile voters during the 2016 election. Zuckerberg explained that, when functioning properly, Facebook is supposed to collect users’ information so that their advertisements can be tailored to a specific group of people that the third party wishes to target as part of their advertising strategy. In this scenario, the third-parties never receive any Facebook users’ data. However, Cambridge Analytica utilized a loophole in Facebook’s Application Programming Interface (API) that allowed the firm to obtain users’ data after the users accessed a quiz called “thisismydigitallife.” The quiz was created by Aleksandr Kogan, a Russian American who worked at the University of Cambridge. Zuckerberg explained to members of Congress that what Cambridge Analytica was improper, but also admitted that Facebook made a serious mistake in trusting Cambridge Analytica when the firm told Facebook it was not using the data it had collected through the quiz.

Another high-profile hearing occurred on September 5, 2018 when Twitter Co-Founder and CEO Jack Dorsey was called to testify before the Senate Intelligence Committee to discuss foreign influence operations on social media platforms. During this hearing, Dorsey discussed Twitter’s algorithm that prevents the circulation of Tweets that violate the platform’s Terms of Service, including the malicious behavior we saw in the 2016 election. Dorsey also discussed Twitter’s retrospective review of IRA-controlled accounts and how the information gathered is being utilized to quickly identify malicious automated accounts, a tool that the IRA relied heavily on prior to the 2016 election. Lastly, Dorsey briefed the committee on Twitter’s suspicion that other countries—namely Iran—may be launching their own social media campaigns.

With the 2020 election quickly approaching, these social media executives are under pressure to prevent their platform from being abused in the election process. Likewise, the calls for elected officials to increase regulation of social media platforms are growing stronger by the day, especially since Gates joined the conversation.

[Sources: Mueller Report, PBS, Washington Post, CNN, The Guardian, Vox I, Vox II]

FBI Confirms Russian Government Hacked Voting Data of Two Florida Counties

In the Mueller Report, Special Counsel Robert Mueller III concluded that the “Russian government interfered in the 2016 presidential election in sweeping and systematic fashion.” [Mueller Report link] While exposing the details of these Russian efforts, the Mueller Report identified one state in particular—Florida—as a key target of the Russian hackers (at p. 51). In Volume I of the Mueller Report, the Special Counsel’s Office indicated that the FBI believed the Russian government had gained access to voting data possessed by “at least one Florida county government.” In recent days, however, Florida Governor Ron DeSantis and other top officials learned in a series of confidential briefings that the FBI and Department of Homeland Security believe two Florida counties were hacked prior to the 2016 election.

According to the Mueller Report, a Russian intelligence service, known as GRU, sent spearphishing emails to over 120 email accounts used by Florida county officials responsible for administering the 2016 U.S. election. The spearphishing emails contained an attached document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU to access the infected computer. In spite of the breaches, the FBI have not found any evidence that there was any manipulation of voter data, vote counts, or election results in 2016.

Following the confidential briefings, a bipartisan choir of both officials and constituents demanded the identity of the counties that fell victim to Russian interference. In response, Gov. DeSantis acknowledged that he was required to accept the terms a non-disclosure agreement prior to being briefed by the FBI. The terms of the NDA reportedly prohibit DeSantis from confirming or repeating the confidential information to unauthorized individuals. Since publicizing this agreement, DeSantis has received significant criticism from an array of officials who believe the Governor should have pushed back at the request to agree to the NDA. However, the terms of a 2003 executive order require the FBI to obtain an NDA before people without security clearances, such as DeSantis and his staff, are briefed on sensitive or classified information.

Many advocates of government transparency have questioned DeSantis’s legal standing to sign an NDA on the matter due to the broad nature of Florida’s public record laws. Barbara Petersen, president of the First Amendment Foundation, said that a long line of past court rulings makes it clear that Florida officials cannot agree to keep a document confidential if it is shared with them, even if the official does not retain possession of the documents. However, Petersen concedes that an NDA would may be appropriate to protect confidential information given to DeSantis verbally.

With the next election approaching quickly, many Floridians are less worried about what happened in 2016 and more worried about how to prevent this meddling in the 2020 elections. Last year, the Florida Department of State distributed more than $14.5 million in cybersecurity grants for federal elections to the state’s Supervisors of Elections. In addition, the Supervisors of Elections were given $1.9 million dollars in state funding to purchase and install Albert network monitoring sensors. These sensors are used by election organizations to detect cyber threats and quickly alert officials when data may be at risk. Albert sensors were developed as a supplemental form of the DHS’s Einstein project, which focuses on detecting and blocking cyberattacks within federal agencies.

[Sources: Politico, Palm Beach Post, My Sun Coast, GovTech.com, Orlando Sentinel, Learn.cisecurity.org]

 

U.S. Cyber Command works with foreign nations to defend election security from Russian interference

On May 7, 2019, Maj. Gen. Charles L. Moore, the director of operations for Cyber Command, and other Cyber Command officers gave a rare briefing at its new Joint Operation Center.  According to the New York Times:  "American officials deployed last year to Ukraine, Macedonia and Montenegro, and United States Cyber Command officials said that their missions included defending elections and uncovering information about Russia’s newest abilities. Cyber Command will continue some of those partnerships and expand its work to other countries under attack from Russia, officials said Tuesday. The deployments, officials said, are meant to impose costs on Moscow, to make Russia’s attempts to mount online operations in Europe and elsewhere more difficult and to potentially bog down Moscow’s operatives and degrade their ability to interfere in American elections."

In an operation named "Synthetic Theology," Cyber Command took proactive measures to neutralize Russian efforts to interfere with the 2018 U.S. midterm elections by

  1. taking offline temporarily the Internet Research Agency, a Russian trollfarm and source of disinformation,
  2. sending direct messages to Russians propagating disinformation to identify them, and
  3. deploying U.S. officers in Ukraine, North Macedonia, and Montenegro to defend their networks and gather intelligence on Russian activities.  The commander of Cyber Command’s cyber national mission force, Brig. Gen. Timothy Haugh said the U.S. would continue such joint efforts with foreign countries.  [sources: cyberscoop and NYT]

FBI Director Wray Warns of Russian Interference in 2020 U.S. Elections

On April 26, 2019, FBI Director Christopher Wray warned of Russian interference in the 2020 U.S. elections.  The threat is significant and constant.  "“What has pretty much continued unabated is the use of social media, fake news, propaganda, false personas, etc. to spin us up, pit us against each other, to sow divisiveness and discord, to undermine America’s faith in democracy,” said Wray. “That is not just an election-cycle threat. It is pretty much a 365-day-a-year threat.” 

The FBI, Department of Homeland Security, and NSA have all allocated resources to counter the Russian threat: According to the New York Times: "In response to growing threats from Russia and other adversaries, the F.B.I. recently moved nearly 40 agents and analysts to the counterintelligence division, the senior bureau official said in an interview this month. Many of the agents will work on the Foreign Influence Task Force, a group of cyber, counterintelligence and criminal experts. Officials have made that task force, initially formed on a temporary basis before the midterm elections, permanent. The Department of Homeland Security made its midterm election task forces permanent, folding them into an election security initiative at their National Risk Management Center. And the National Security Agency and the United States Cyber Command have also expanded and made permanent their joint task force aimed at identifying, and stopping, Russian malign influence, officials said."

Mueller Report on Russian interference in 2016 election released

April 18, 2019 - The Report on the Investigation into Russian Interference in the 2016 Presidential Election by Special Counsel Robert S. Mueller, III was released, in redacted form, to the public today.  The Report concludes: "The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion."

"As set forth in detail in this report, the Special Counsel's investigation established that Russia interfere~ in the 2016 presidential election principally through two operations. First, a Russian entity carried out a social media campaign that favored presidential candidate Donald J. Trump and disparaged presidential candidate Hillary Clinton.

Second, a Russian intelligence service conducted computer-intrusion operations against entities, employees, and volunteers working on the Clinton Campaign and then released stolen documents. The investigation also identified numerous links between the Russian government and the Trump Campaign. Although the investigation established that the Russian government perceived it would benefit from a Trump presidency and worked to secure that outcome, and that the Campaign expected it would benefit electorally from information stolen and released through Russian efforts, the investigation did not establish that members of the Trump Campaign conspired or coordinated with the Russian government in its election interference activities."

Download the Mueller Report here

Pages