The US midterm elections are at increasing risk of interference by foreign adversaries led by Russia, and cybersecurity experts warn the Trump administration isn’t adequately defending against the meddling.
At stake is control of the US Congress. The risks range from social media campaigns intended to fool American voters to sophisticated computer hacking that could change the tabulation of votes.
At least three congressional candidates have already been hit with phishing attacks that strongly resemble Russian sabotage in the 2016 campaign. Among them was Senator Claire McCaskill, a Missouri Democrat in one of the year’s most hotly contested races.
Facebook has shut down dozens of accounts and pages to stop what appeared to be a coordinated disinformation campaign.
Three months ahead of the election, President Donald Trump’s top national security officials are sounding the alarm. Five of them went to the White House podium to warn of interference and outline the government’s preparations, even as Trump himself continues to publicly raise doubts about Russia’s involvement in the 2016 election that he won. Dan Coats, the director of national intelligence, warned that a major Russian effort to undermine the November election is “only one keyboard click away.”
What would such an attack look like? Here are some of the major risks and an analysis of the damage they could do, according to experts in the field.
Russia sought to sway the vote in 2016 through disinformation campaigns and targeted hacking and leaking of information. Hackers are at it again, as shown in the phishing attacks on congressional candidates and suspect Facebook pages.
Even as Twitter and Facebook launch new initiatives to stop such meddling, hackers are adjusting to avoid—or at least delay—detection. Some of the suspect pages Facebook shut down in July had been operating for more than a year. One simple tweak their sponsors made: paying for ads in US and Canadian dollars instead of Russian rubles. Others include consistently obscuring network locations and the identities of ad buyers.
Meddling through social media remains a cheap and effective means to “throw fuel on already divisive fires that are burning,” said Michael Sulmeyer, the director of the Cyber Security Project at Harvard’s Belfer Center.
The polarized US political climate feeds the viral spread of incendiary material. That “exacerbates all of the false information and propaganda that can shape an information environment,” said Kara Frederick, a former member of Facebook’s counter-terrorism team.
It’s already happening and likely to spread. The strategy’s effectiveness boils down to whether American voters remain gullible enough to believe fake ads and news stories.
Elections only work in democracies if the public believes in the outcome. Russian hackers have already identified that trust as a point of attack elsewhere. In 2014, they attempted to fool television stations in Ukraine into broadcasting the wrong results to sow confusion.
Hackers need only to introduce uncertainty about whether votes will be counted accurately to weaken the legitimacy of elected leaders. Even an unsuccessful cyber attack could shake faith in the results.
“In some ways they’ve achieved the goal of achieving distrust,” said Christopher Painter, who served as the nation’s top cyber diplomat under President Barack Obama. “Even if they do nothing new, we are paranoid.”
If sowing confusion was the great achievement of Russian President Vladimir Putin’s 2016 campaign, this is the logical next step.