As experts try to determine the depth of foreign espionage operations during the 2016 race, everything is starting to look like a cyberattack—and that’s by design.
For months on Twitter, in digital news and on cable TV, self-appointed pundits have been jumping at the shadows of the Russian hacking attacks on several components of the 2016 election. Experts say that paranoia is not merely a devastatingly effective side effect, but often the entire point of an intelligence operation: It causes the public to fear the erosion of democracy and paralyzes investigators who could repair problems like America’s elderly and unsophisticated voting machines, since every new revelation seems to reveal further cracks in the system.
Bloomberg has reported that 39 states’ election systems were subject to hacking attacks, including the previously confirmed theft of information from voter rolls in Illinois. Department of Homeland Security officials have said that 21 states were targeted, but the agency refuses to investigate. Given those reports, paranoia feels almost prudent.
The cyberattacks have damaged confidence in American democracy and shifted focus to finger-pointing at a time when repairing voting infrastructure could not be more urgent, said computer scientist J. Alex Halderman of the University of Michigan.
“NSA put those pieces together in April 2017 [according to an agency report leaked by The Intercept],” Halderman tells TPM. “There are still components of this that, within the intelligence community, are only now being able to be understood. That’s alarming. We need the election system to give us evidence that the election has been won before it’s certified.”
Lack of trust can destroy the courage to do anything except read conspiracy theories on the internet and despair, Halderman said. “The doubt at some point becomes the story, because it becomes an indication that the system isn’t doing its job.”
Toni Gidwani, formerly the leader of analyst teams at the Defense Intelligence Agency and now director of research operations at ThreatConnect, said the attacks during the 2016 U.S. elections are consistent with the modus operandi of Russian intelligence services as they operate throughout Europe. Despair is often their goal, she said.
“It’s a valid objective to just inject doubt into the integrity of the system,” Gidwani told TPM. “Just by showing that these machines are vulnerable even if you don’t change a single vote, may create doubt that the system is valid.”
Worsened public confidence in government, she said, is a consistent objective in intelligence operations, especially from Russia. “It’s a much lower bar to achieve than concretely affecting the outcome [of the vote].”
It would be shocking, espionage expert Mark Galeotti told TPM, if Russian hacking teams weren’t scanning U.S. election systems for vulnerabilities.
“Spies’ jobs are to hoover up all the information they can,” said Galeotti, a visiting fellow at the European Council on Foreign Relations with a specialization in Russian security, and author of the upcoming “Vory: The Story of the Russian Mafia” from Yale University Press. “Let’s not pretend that the NSA isn’t trying to get into any Russian system it can, or any German, French or British system for that matter. It’s the nature of intelligence.”
In fact, even the theft of emails from the Democratic National Committee, Democratic Congressional Campaign Committee and other party operatives wasn’t completely beyond the pale–it was their distribution that crossed a red line, he argued.
“Russian cyberwarfare that we’ve seen so far has not really been cyberwarfare,” Galeotti said. “It’s phishing a few email addresses. None of this is really mission-critical stuff.”
In the disinformation campaign waged by Russia during the 2016 election, Galeotti sees the hand of both the GRU–likely the sponsor of the much discussed Fancy Bear hacking team–and its competitive sister agency, the FSB, which conducted operations through a less-discussed group called Cozy Bear. The GRU trained a disciplined internal team of hackers, he explained, while the FSB, more prone to risk-taking, acquired talented freelancers with threats, bribes, or some combination of the two, among them the recently arrested team behind the Yahoo hack.
“As I understand it, it wasn’t the GRU that said, ‘Let’s leak this,’ it was the FSB,” Galeotti said, referring to the stolen emails. The more cautious GRU acquired the emails, but “it was the FSB that pitched the idea of using it for a political operation, and there’s no question that it had sanction from the top,” he told TPM.
The resulting chaos means that much–too much–is now read as evidence of foreign intervention and subversion, even day-to-day information collection operations. Many experts in the field believe the problem is not that foreign powers are putting their puppets into office through stealing elections, but that election systems are low-hanging information fruit.
“I think the Russians have stumbled – probably accidentally, and not because they’re that much cleverer – onto the new kind of warfare, which is not kinetic,” said Galeotti.
“We are in this half-war-half-peace situation, which is very unlike the Cold War,” he continued. “Are we at war with the Russians, a non-shooting, non-kinetic political war? The Russians clearly think so, but the intelligence community has not been given permission to respond in kind.”