Russia President Vladimir Putin Photograph:( AFP )
Speaker Nancy Pelosi also voiced scepticism of Ratcliffe’s announcement. 'Russia is the villain here,' she said before a briefing from intelligence officials. 'From what we have seen in the public domain, Iran is a bad actor but in no way equivalent.'
WASHINGTON —While senior Trump administration officials said this week that Iran has been actively interfering in the presidential election, many intelligence officials said they remained far more concerned about Russia, which in recent days has hacked into state and local computer networks in breaches that could allow Moscow broader access to U.S. voting infrastructure.
The discovery of the hacks came as U.S. intelligence agencies, infiltrating Russian networks themselves, have pieced together details of what they believe are Russia’s plans to interfere in the presidential race in its final days or immediately after the election Nov. 3. Officials did not make clear what Russia planned to do, but they said its operations would be intended to help President Donald Trump, potentially by exacerbating disputes around the results, especially if the race is too close to call.
FBI and Homeland Security officials also announced Thursday that Russia’s state hackers had targeted dozens of state and local governments and aviation networks starting in September. They stole data from at least two unidentified victims’ computer servers and continued to crawl through some of the affected networks, the agencies said. Other officials said that the targets included some voting-related systems and that they may have been collateral damage in the attacks.
So far, there is no evidence that the Russians have changed any vote tallies or voter registration information, officials said. They added that the Russian-backed hackers had penetrated the computer networks without taking further action, as they did in 2016. But U.S. officials expect that if the presidential race is not called on election night, Russian groups could use their knowledge of the local computer systems to deface websites, release nonpublic information or take similar steps that could sow chaos and doubts about the integrity of the results, according to U.S. officials briefed on the intelligence. Such steps could fuel Trump’s unsubstantiated claims that the vote is “rigged” and that he can be defeated only if his opponents cheat.
Some U.S. intelligence officials view Russia’s intentions as more significant than the announcement Wednesday night by the director of national intelligence, John Ratcliffe, that Iran has been involved in the spreading of faked, threatening emails, which were made to appear as if they came from the Proud Boys, a right-wing extremist group.
The Treasury Department on Thursday announced sanctions against Iraj Masjedi, a former general in Iran’s Revolutionary Guard and the country’s ambassador to Iraq. The department said Masjedi had overseen training of pro-Iranian militia groups in Iraq and directed groups responsible for killing U.S. forces there.
Officials briefed on the intelligence said that Ratcliffe had accurately summarized the preliminary conclusion about Iran. But Iran’s hackers may have accomplished that mission simply by assembling public information and then routing the threatening emails through Saudi Arabia, Estonia and other countries to hide their tracks. One official compared the Iranian action to playing single A baseball, while the Russians are major leaguers.
Nonetheless, the Iranian and the Russian activity could pave the way for “perception hacks,” which are intended to leave the impression that foreign powers have greater access to the voting system than they really do. Federal officials have warned for months that small breaches could be exaggerated to prompt inaccurate charges of widespread voter fraud.
Officials say Russia’s ability to change vote tallies nationwide would be difficult, given how disparate U.S. elections are. The graver concern is the potential effect of any attack on a few key precincts in battleground states.
Russian hackers recently obtained access “in a couple limited cases, to election jurisdiction, an election-related network,” Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency, said Thursday. But he was careful to note that the breaches had “nothing to do with the casting and counting” of votes.
The hackers believed to be operating at the behest of Russia’s Federal Security Service, the FSB — the successor agency to the Soviet-era KGB — have infiltrated dozens of state and local computer networks in recent weeks, according to officials and researchers. But Krebs said the attacks appeared to be “opportunistic” in nature, a scattershot break-in of vulnerable systems rather than an attempt to zero in on key battleground states.
But officials were alarmed by the combination of the targets, the timing — the attacks began less than two months ago — and the adversary, which is known for burrowing inside the supply chain of critical infrastructure that Russia may want to take down in the future.
The officials fear that Russia could change, delete or freeze voter registration or pollbook data, making it harder for voters to cast ballots, invalidating mail-in ballots or creating enough uncertainty to undermine results.
“It’s reasonable to assume any attempt at the election systems could be for the same purpose,” said John Hultquist, director of threat analysis at FireEye, a security firm that has been tracking the Russian group’s foray into state and local systems. “This could be the reconnaissance for disruptive activity.”
Krebs said so far Russia was not as active as Iran, and its targeting was imprecise. “They’re broadly looking to scan for vulnerabilities, and they’re working opportunistically,” he said.
Current and former officials said there was little doubt that Russia remained a greater threat and questioned why the focus was on Iran on Wednesday, though they acknowledged that Iran’s interference was real and troubling.
Administration officials said the news conference reflected the urgency of the intelligence about Iran. But some saw politics at play. Ratcliffe’s focus on Iran would potentially benefit Trump politically.
“It is concerning to me that the administration is willing to talk about what the Iranians are doing — supposedly to hurt Trump — than what the Russians are likely doing to help him,” said Jeh Johnson, a former secretary of homeland security in the Obama administration. “If the Russians have in fact breached voter registration data, then the American people deserve to know from their government what it believes the Russians are doing with that data.”
A senior official briefed on the intelligence said U.S. spy agencies had been tracking the Iranian group responsible for the spoofed emails for some time. As a result, the government was able to quickly debunk the falsified Proud Boys emails and identify Iran as the culprit.
Iran’s hackers appear to have scanned or penetrated some state and local networks, government officials said Thursday. But security experts said the Proud Boys email campaign that the government attributed to Iran did not appear to be based on hacked materials and instead relied on publicly available information that Florida officials regularly distribute.
“This was an email sent from a nonexistent domain using publicly available information,” said Kevin O’Brien, chief executive of GreatHorn, a cybersecurity firm. “There was no hack here. Your name, your party affiliation, your address and email address are all, generally speaking, public information.”
O’Brien said the information presented publicly had not persuaded him that Iran was culpable.
Speaker Nancy Pelosi also voiced scepticism of Ratcliffe’s announcement. “Russia is the villain here,” she said before a briefing from intelligence officials. “From what we have seen in the public domain, Iran is a bad actor but in no way equivalent.”
So far, the FSB’s hackers have not zeroed in on swing states, where a hack that affects digital disenfranchisement could have maximum effect; they have taken a scattershot approach instead, hitting systems in multiple states, including some battlegrounds. Experts said they might be just testing to see where they could get in, like a thief trying every doorknob in the neighborhood.
“My concern is not that they are pinpointing individual races but are gaining access where they can for some disruption down the road,” Hultquist said.
The threat is similar to the one that officials have highlighted from ransomware attacks, which hold data hostage until victims pay to have access restored. Likewise, officials and researchers believe the Russian attacks would not necessarily change vote tallies but could make voter data inaccessible or delete or change voters’ registration data to disenfranchise voters or cause the kind of confusion and delays that would undermine U.S. confidence in the election.
In recent years, Homeland Security officials have made a concerted effort to secure voter registration systems and to ensure that election officials have paper copies of voter information in case of disruptions.
But they have further to go. In Gainesville, Georgia, this week, a ransomware attack held city systems hostage, including an online map with polling locations and the database used to verify voters’ signatures on mail-in ballots.
Officials and experts believe the greatest defense against a coordinated cyberattack on the election is not so much how secure these voting system are but how disparate.
“You can’t just ‘hit the election,’” said Eric Chien, a cybersecurity director at Symantec, now part of Broadcom, which was among the first to detail the Stuxnet attacks by the United States and Israel on Iran’s nuclear program a decade ago. “The soft targets are really the state and local election committees, local websites that provide information about polling places and hold voter registration data.”