BOSTON (AP) — Russian interference has been minimal so far in the most tempestuous U.S. presidential election in decades. But that doesn’t mean the Kremlin can’t inflict serious damage. The vulnerability of state and local government networks is a big worry.
One troubling wildcard is the potential for the kind of ransomware attacks now affecting U.S. hospitals. Russian-speaking cybercriminals are demanding ransoms to unscramble data they've locked up. It’s uncertain whether they are affiliated with the Kremlin or if the attacks are timed to coincide with the election.
U.S. national security officials have repeatedly expressed confidence in the integrity of the election. And they report little actual election meddling of consequence from Moscow outside of disinformation operations. There have been phishing attempts aimed at breaking into the networks of political campaigns, operatives and think tanks, but no indication that valuable political information was stolen. That’s in contrast to the 2016 Russian hack-and-leak operation that U.S. officials say was aimed at boosting Donald Trump’s campaign.
“The big story so far is how little we have seen from Russia during the course of this election,” said Dmitri Alperovitch, former chief technical officer of Crowdstrike, the cybersecurity firm hired by Democrats to probe the 2016 hack-and-leak operation.
But U.S. intelligence officials still consider Russia the most serious foreign cyberthreat, and fear it might try to capitalize on turmoil in an election in which Trump has claimed without basis that the voting is rigged and has refused to commit to honoring the result.
State and local government networks remain highly vulnerable, and dozens have already been battered by ransomware attacks sown largely by a few Russian-speaking criminal gangs.
“If the elections are a mess and we won’t find out for weeks who won, that creates all sorts of opportunities for Russians and others to try to cause more divisions and more havoc and chaos,” Alperovitch said. Those go beyond disinformation operations — such as Kremlin attempts to smear former Vice President Joe Biden — which he considers "background noise.”
There are indications that Russian malware planted long ago is lurking hidden, awaiting activation should Russian President Vladimir Putin give the order.
Agents from Russia’s elite Energetic Bear hacking group have since September infiltrated dozens of state and local government networks, federal officials announced last week. They said there was no evidence that election infrastructure was targeted or violated.
Election officials fear a “blend” of overlapping attacks intended to undermine voter confidence and incite political violence: taking over state or local government websites to spread misinformation, crippling election results-reporting websites with denial-of-service attacks, hijacking officials’ social media accounts and making false claims about rigged voting.
So far, the highest-profile foreign meddling incident has been by Iran — a ham-fisted, quickly detected operation in which some Democratic voters received emails threatening them if they didn’t vote for Trump. U.S. officials said Iranians spoofed the sender addresses, purporting to be from the far-right Proud Boys.
On Friday, the FBI and DHS issued an advisory saying the Iranians had scanned state election websites at the end of September — researching their firewalls — and successfully obtained voter registration data in at least one state, using it in a amateurish propaganda video that almost nobody saw before YouTube took it offline. The advisory did not name the affected states or say if any voter registration data was altered.
There have been other incidents. Tuesday’s brief hacking of Trump’s campaign website — an apparent scam by someone seeking to collect cryptocurrency — is a taste of what could be in store. Another was a ransomware attack on Hall County, Georgia, that scrambled a database of voter signatures used to authenticate absentee ballot envelopes.
Election officials across the country have faced phishing attempts and scans of their networks but that’s considered routine and none have been publicly linked this election cycle to specific malware infections by foreign adversaries.
Election security officials say they worry more about misinformation mongers eroding confidence in the election than about the potential for vote-tampering.
“The goal is not necessarily to influence a race, but to break down democracy,” said Dave Tackett, chief information officer for West Virginia’s secretary of state. “My biggest concern is a hook that is already in that could explode.”
Such a hook would be malware bombs long hidden in government networks that Russia or another adversary could activate in the thick of a close election as ballot-counting continues past Tuesday due to the large number of mailed-in ballots.
In 2016, Kremlin agents didn’t act after infiltrating Illinois’ voter registration database and election operations in at least two Florida counties. It’s not clear they would show similar restraint this year.
“I do think they returned those arrows to their quiver and made them better for this year,” Peter Strzok, a former FBI agent who helped lead the 2016 election interference probe, said in an interview. He declined to elaborate.