CYBERWARFARE: RUSSIA’S ATTACKS ON THE 2018 AND 2020 ELECTIONS AND THE TRUMP ADMINISTRATION’S RESPONSE
Note: If you find my posts too long or too dense to read on occasion, please just read the bolded portions. They present the key points I’m making and the most important information I’m sharing.
This is my seventh post on computer hacking and cyberwarfare and part of my overview of New York Times cybersecurity reporter Nicole Perlroth’s outstanding book, This Is How They Tell Me the World Ends. [1] My first post summarized the book’s information on the scale of computer hacking, cybercrime, and cyberwarfare; the 2017 North Korean ransomware attack; and the 2009 U.S. National Security Agency (NSA) cyberwarfare attack on Iran. My second post covered the leaks from the NSA, electronic surveillance in the U.S., and the use of encryption to protect privacy. My third post described Russia’s cyberattacks on Ukraine. The fourth and fifth posts described China’s cyberattack on Google and Google’s response. The sixth post described Russia’s cyberattack on the 2016 U.S. election.
This post summarizes Russia’s attacks on the 2018 and 2020 U.S. elections and the responses of the Trump and Biden administrations.
Under the Trump Administration, concern for cyberwarfare and cybercrime seemed absent. For example, the Obama Administration had reached an agreement with China to stop its industrial espionage, however this ended when Trump began his very public trade war with China. Similarly, the Iran nuclear agreement worked to keep Iranian hackers at bay. Trump’s voiding of the nuclear deal resulted in levels of Iranian cyberattacks that were unprecedented. Furthermore, as Trump backed off both sanctions and rhetoric against Russia for its hacking and election interference, Russia continued to hack our election systems and infrastructure, as well as to spread division, distrust, and chaos through social and other media. Even Saudi Arabia, with no sanctions from the Trump Administration for its murder of Washington Post journalist Khashoggi, was emboldened to engage in cyber espionage targeting the U.S. Cybercriminals engaged in ransomware attacks on cities, towns, and other infrastructure with regularity – and with little response from the Trump Administration.
By 2018, Trump had eliminated the position of White House cybersecurity coordinator and had made it clear that he never wanted to hear anyone in his administration, including the director of Homeland Security, mention election interference or election security. As the 2018 elections approached, the Russian social media propaganda agency, the Internet Research Agency (IRA), was engaging in sophisticated election disinformation on social media. In the six months before the elections, it spent at least $10 million on its efforts to influence the U.S. elections and to sow division, distrust, and chaos.
Fortunately, in September 2018, Trump had ceded decision-making for offensive cyberattacks to the new director of the NSA, General Paul Nakasone, who also served as the head of the Pentagon’s Cyber Command. John Bolton, in his brief tenure as Trump’s national security advisor, had developed a new cyber strategy that gave the Cyber Command increased flexibility. So, in October, the Cyber Command posted warnings directly to the IRA’s computers threatening indictments and sanctions if Russia continued to meddle in the 2018 elections. Then, on Election Day, the Cyber Command shut down the Russian hackers’ computer servers and kept them offline for several days as votes were tabulated and certified. No one knows what might have happened if the Cyber Command had not done this, but the 2018 election results were processed without any serious glitches.
“By 2020, the U.S. was in the most precarious position it had ever been in the digital realm,” according to Perlroth.[2] More than 1,000 local governments had been hit with ransomware attacks over the previous year. Russian cybercriminals were getting billions of dollars because local governments and their insurers calculated that it was cheaper to pay the ransom than to have to recreate computer systems and data. Cybersecurity experts worried that the ransomware attacks were a smokescreen to probe municipal computers and develop the capability to disrupt voter and election related systems during the 2020 election. Some of these experts also thought the election hacking and interference in 2016 and 2018 might be trial runs for more extensive efforts planned for the 2020 elections. Apart from the elections, in September 2020, over 400 hospitals were the subject of ransomware attacks, coming, of course, at the worst possible time – in the middle of the pandemic.
In Congress, a number of efforts were made to address concerns about election security, including bills requiring paper trails for every ballot and rigorous post-election audits, banning voting machines from being connected to the Internet, and mandating that campaigns report contacts with foreign entities. These were largely uncontroversial security measures that generally had bipartisan support and were deemed critical by election integrity experts. However, Senator Mitch McConnell, the Republican Majority Leader, refused to let any election security bill move forward toward passage. Only after critics took to calling him “Moscow Mitch” did he relent and begrudgingly allow approval of $250 million to help states protect election infrastructure – a tiny amount of money when split among the 50 states (only $5 million each on average), especially given the seriousness of the threats their election systems were facing.
In early 2020, U.S. intelligence officials warned the White House and Congress that Russian hacking and election interference were working hard at promoting Trump’s re-election. Trump was so incensed that this information had been shared with Democrats that he fired his acting director of national intelligence and publicly dismissed the intelligence findings as misinformation. Beginning in August, Trump’s new head of intelligence refused to provide in-person briefings on election interference to Congress. The U.S. intelligence agencies had always been non-partisan, but the Trump administration increasingly manipulated their actions and statements to serve their political interests. Meanwhile, Microsoft revealed that in one two-week period Russian hackers had attempted to access 6,900 personal email accounts of politicians, campaign workers, and consultants of both parties.
During the 2020 election cycle, the Russians didn’t have to create “fake news” to foster distrust, division, and chaos; Americans, including President Trump, were providing plenty of such content on a daily basis. The Russian trolls simply worked to amplify, among other things, the vaccination debate, the lockdown protests, the misinformation about the benefits of mask wearing, and the blaming of the racial justice protests and any violence that occurred on violent, left-wing radicals.
As the 2020 election approached, the Cyber Command, the Cybersecurity and Infrastructure Security Agency (CISA) in the Department of Homeland Security, the NSA, and the FBI worked diligently to protect election infrastructure in the states and nationally, as well as to actively counterattack. Many of the officials involved figured it was likely that Trump would fire them for their hard work as soon as the election was over, but they persisted in doing their jobs. On Election Day, CISA officials briefed reporters every three hours and, in the end, Election Day came and went with no evidence of fraud, outside efforts to alter vote tallies, or even a ransomware attack.
Perlroth notes that while she would like to credit the work of our cybersecurity agencies for the uneventful Election Day, she feels that the 2020 election went as smoothly as it did, not because the Russians were deterred, but because they (and specifically Russian President Putin) concluded that their work here was done and had been successful. Discord, distrust, and chaos were being created by American actors without the need for Russian interference. If Putin’s goal, in the U.S. elections and otherwise, was to undermine American democracy and American influence in world diplomacy, he had probably succeeded beyond his wildest dreams.
Nonetheless, Russian cyber hacking continues. In 2020, Russia’s premier intelligence agency, SVR was responsible for the cyberattack via the Solar Winds security software, a highly sophisticated attack that affected many government agencies and large companies. It gave the Russians access to tens of thousands of users’ computer systems. (By the way, SVR was also the first hacker to gain access to the Democratic National Committee’s computers in 2016.)
In October 2021, the Russians engaged in another massive campaign to hack into computer networks in the U.S.Microsoft announced that it had notified 600 organizations that they had been targeted by SVR with about 23,000 attempts to illegally access their computer systems in October alone. It noted that the attacks were relatively unsophisticated and were or could have been blocked by basic cybersecurity practices. It also stated that, for comparison, there had been only 20,500 such attempts by all other international governmental actors over the past three years. [3]
This Russian cyberattack occurred only six months after President Biden imposed sanctions on Russian financial and technology companies in April 2021 as punishment for previous cyberattacks. At the time, he noted that the sanctions could have been more severe but that he was trying to de-escalate confrontation between the two superpowers.
My next post will review things that can be done to counter cybercrime and warfare at the individual and governmental levels.
[1] Perlroth, N. This Is How They Tell Me the World Ends. Bloomsbury Publishing, NY, NY. 2021.
[2] Perlroth, N. This Is How They Tell Me the World Ends. Bloomsbury Publishing, NY, NY. 2021. page 347
[3] Sanger, D.E., 10/26/21, “Russia tests US again with broad cybersurveillance,” The Boston Globe from The New York Times