Allegations of Russian meddling in the 2016 presidential election have raised lots of questions, from why so many Trump team members met with the Russian ambassador prior to inauguration day, to whether Moscow hacked any key party groups besides the Democratic National Committee.
But there’s one crucial uncertainty that’s perhaps been lost in the partisan wrangling over Russia’s actions: What is the US going to do when they try it again?
Because Russia is almost certain to repeat its efforts to undermine American voters’ faith in their electoral system, according to US officials. Why shouldn’t it? The Vladimir Putin regime appears happy with the way covert and overt techniques have worked so far.
Countering this unprecedented attempt at influence may require an equally unprecedented whole-government American response. According to experts, that could involve everything from better cyberdefense and more public exposure of hacking to a US-run debunking website devoted to the exposure of Russia-backed fake news. Common-sense measures at the personal level and efforts to strengthen democratic institutions at the public level also are needed, they say.
“I do believe it’s in our power to stop these Russian tactics, but what it will require is a very focused effort,” says Heather Conley, Europe program director for the Center for Strategic and International Studies and a co-author of the new report “Recalibrating US Strategy Toward Russia.”
In interviews and at hearings and think-tank conferences in Washington this month, officials and experts alike expressed a consensus that so far the known US response to Russian meddling has been limited and not entirely coherent.
Prior to November, the Obama administration seemed reluctant to name and shame Russia for meddling, for fear it would be criticized for attempting to influence the vote itself. Since January, the Trump administration seems most concerned that the subject might undermine the new president’s electoral legitimacy.
President Barack Obama did eventually expel dozens of Russian diplomats and impose some sanctions on Russia, while publishing a public summary of the attack on the DNC.
Still, on the whole “we have no organized response as a country. … Until we set boundaries, they are going to move as far as they can,” said Clint Watts, a former FBI agent and senior fellow at the Center for Cyber and Homeland Security at George Washington University, at a Senate Select Committee on Intelligence hearing Thursday.
Russia hasn’t been bothering to take its shoes off and try to sneak around quietly, either. It’s been “loud” in its efforts to hack the US election, leaving behind bits of code and other cyber-clues that make it relatively easy to attribute computer break-ins to Russian-linked groups.
This swagger may have been part of the point, said FBI Director James Comey in his March 20 appearance at the House Permanent Select Committee on Intelligence. Moscow may have counted on the US picking up on the intrusions, publicly informing voters, and subsequently “freaking people out,” said the FBI chief.
Given their success, they’ll be back to try and affect the 2018 midterms and then return again for the 2020 presidential election, according to Mr. Comey.
“One of the lessons they may draw from this is that they were successful because they introduced chaos and division and discord and sowed doubt about the nature of this amazing country of ours and our democratic process,” he said.
The Russian effort for the 2016 vote began ramping up in mid- to late-summer of 2015, according to experts. It was a hybrid composed of the covert hacking of the DNC and other targets, the dissemination of slanted or completely fake news via such means as automated social media bots, and overt propaganda covered by the state-controlled RT news channel and other Russian media outlets.
US intelligence detailed the hacking effort in declassified reports at the end of 2016. In sum, two Advanced Persistent cyber-threats deemed linked to Russia, APT28 and APT29, emailed a malicious link to more than 1,000 recipients, including multiple government officials. At least one person – presumably Clinton campaign chief John Podesta – bit on the link, in part due to faulty information provided by the campaign’s tech team.
In the end, Russian hacking groups – also known by nicknames such as “Fancy Bear” and “GeminiDuke” and “Eviltoss” – reportedly got access to sensitive systems at the DNC and elsewhere. They merrily rummaged about, “likely leading to the exfiltration of information from multiple senior party members,” according to a joint FBI and Department of Homeland Security report.
This is the origin of much of the stuff that unknown intermediaries passed to WikiLeaks and other outlets for dissemination to the wider world.
“The US Government assesses that information was leaked to the press and publicly disclosed,” the report drily notes.
But hacking was only one prong of the effort. Russia also used the older, historic tool of out-and-out fake news and twisted propaganda – albeit disseminated with modern social media methods.
The Incirlik incident
Consider the experience of Sen. Tim Kaine (D) of Virginia, Hillary Clinton’s running mate. He was the subject of a number of Russia-derived false stories during the campaign. At least three were so silly or unbelievable the mainstream media didn’t bother to mention them at all, Senator Kaine said in January at a Senate Armed Services Committee hearing.
Out of curiosity he looked at one of the stories on social media to see what kind of reaction it was producing. He was astonished to learn it had been shared 800,000 times.
“These are stories that most fourth graders would find incredible,” said Kaine at the HASC meeting.
Then there was the alleged Incirlik incident.
On the evening of July 30, 2016, RT and Sputnik News simultaneously released stories saying, falsely, that the US air base at Incirlik in Turkey was being overrun by terrorists. Russian news aggregators, trolls, and Russia-linked automated social media “bot” accounts quickly spread and amplified this story, including the assertion (also false) that there were nuclear missiles at the base that would be lost in the incursion.
More than 4,000 tweets in the story’s first 78 minutes were from accounts associated with Russian active propaganda measures, according to Clint Watts of the Center for Cyber and Homeland Security. Apparently based in many different places and communities, they used the same hashtags (#Nuclear) and keywords to try and spread the notion that a Benghazi-like attack was under way on a much larger scale. In reality, a small protest had simply gathered outside Incirlik’s gates.
“This pattern of Russian falsehoods and social media manipulation of the American electorate continued through Election Day and persists today,” wrote Mr. Watts in his prepared statement for the March 30 Senate Intelligence hearing. “Many of the accounts we watched push the false Incirlik story in July now focus their efforts on shaping the upcoming European elections, promoting fears of immigration or false claims of refugee criminality.”
So that’s what the US now faces. It’s a combination of old Soviet-era disinformation efforts and powerful modern communications and computer techniques.
'A whole-of-government approach'
Lawmakers and US officials say that countering Russia’s attacks on US political integrity will require a comprehensive use of all levels of national power. Cyberdefense is crucial but only part of the equation. Cyber-intrusions should not always be countered with cyber-based weapons.
“We must engage in a whole-of-government approach to counter Russia’s active measures,” said Sen. Richard Burr (R) of North Carolina, chairman of the Senate Select Committee on Intelligence, in a public hearing on the subject Thursday.
US operations need to improve in three areas: defense, detection, and deterrence, according to Ben Buchanan, a postdoctoral fellow at the Belfer Center Cybersecurity Project at Harvard University.
On defense, individuals should realize that if they have any kind of national role, their personal accounts might be Russian targets. They need to take basic steps such as two-factor authentication for computer access and activities and password managers so they don’t just reuse passwords, says Mr. Buchanan.
At the national policy level the US should spend the money to replace many of its aging legacy systems with systems built with security in mind. President Obama’s proposed IT modernization would be a good baseline from which to start, says Buchanan in an email response to a reporter’s questions.
On detection, it’s important for federal systems to have good network visibility so defenders can spot intruders once they gain access.
“No perimeter defense is perfect, and security professionals should assume that compromise will happen and focus on detecting and remediating it as fast as possible,” says Buchanan.
Deterrence could involve a wide range of responses. But the US must act in some manner if its deterrence in this area is to remain credible. “Naming and shaming” is perhaps one place to start. Indicting Russian, Chinese, or Iranian hackers would show that the US can determine who is behind intrusions and limit their ability to travel abroad.
Exploiting US weaknesses
Looking at the situation more broadly, the first line of defense should be to strengthen Western democratic institutions, says Ms. Conley of CSIS. After all, Russia’s main aim is to weaken US leadership abroad and pull more of Europe into its own sphere of influence. Resisting that requires strong and resilient government.
That could mean more financial transparency, to track illicit Russia-linked money flows into the US and other nations. It could mean more efforts to root out corruption and strengthen the independent judiciary in troubled nations.
“The Russians are just exploiting weaknesses that exist in our society,” says Conley. “We have very low trust factors in our leaders and institutions. This is a long-term rebuilding.”
Information literacy is a problem, she adds. In today’s friend-based news environment, where many people get their news from links sent along by social media, it’s much harder to verify truth than it was in the cold war era of three main TV networks.
Perhaps a school or community-based public education effort on the dangers of “fake news” is what’s needed.
“How do we get community leaders, civic leaders, school leaders involved?” Conley says. “You have to educate.”
Some experts have suggested a government-sponsored version of the Snopes debunking website, devoted to exposing Russia-created fake stories and countering Russia’s twist on news events. Others push for the restoration of an independent US Information Agency, a cold war era organization that was dedicated to cultural and news outreach in nations subject to Soviet influence.
Many urge the US to do more, whatever it is. The response so far to Russia’s active measures of influence hasn’t been adequate, they say.
“It’s time the United States reminds the world, that despite our day-to-day policy debates and political squabbles, we stand united, alongside our allies, in defending our democratic system of government,” said Watts of the Center for Cyber and Homeland Security in his opening statement at Thursday’s Senate intelligence hearing.