Russia is greater election threat than Iran, many officials say
Officials did not make clear what Russia planned to do, but they said its operations would be intended to help President Donald Trump, potentially by exacerbating disputes around the results.
While senior Trump administration officials said this week that Iran has been interfering in the presidential election, many intelligence officials said they remained far more concerned about Russia, which in recent days has hacked into state and local computer networks in breaches that could allow Moscow broader access to U.S. voting infrastructure.
The discovery of the hacks came as U.S. intelligence agencies, infiltrating Russian networks themselves, have pieced together details of what they believe are Russia’s plans to interfere in the presidential race in its final days or immediately after the election Nov. 3. Officials did not make clear what Russia planned to do, but they said its operations would be intended to help President Donald Trump, potentially by exacerbating disputes around the results, especially if the race is too close to call.
FBI and Homeland Security officials also announced Thursday that Russia’s state hackers had targeted
dozens of state and local governments and aviation networks starting in September. They stole data from at least two unidentified victims’ computer servers and continued to crawl through some of the affected networks, the agencies said. Other officials said the targets included some voting-related systems and that they might have been collateral damage in the attacks.
So far, there is no evidence that the Russians have changed any vote tallies or voter registration information, officials said. They added that the Russian-backed hackers had penetrated the computer networks without taking further action, as they did in 2016. But U.S. officials expect that if the presidential race is not called on election night, Russian groups could use their knowledge of the local computer systems to deface websites, release nonpublic information or take similar steps that could sow chaos and doubts about the integrity of the results, according to U.S. officials briefed on the intelligence. Such steps could fuel Trump’s unsubstantiated claims that the vote is “rigged” and that he can be defeated only if his opponents cheat.
Some U.S. intelligence officials view Russia’s intentions as more significant than the announcement Wednesday night by the director of national intelligence, John Ratcliffe, that Iran has been involved in the spreading of faked, threatening emails, which were made to appear as if they came from the Proud Boys, a right-wing extremist group.
The Treasury Department on Thursday announced sanctions against Iraj Masjedi, a former general in Iran’s Revolutionary Guard and the country’s ambassador to Iraq. The department said Masjedi had overseen training of pro-Iranian militia groups in Iraq and directed groups responsible for killing U.S. forces there.
Officials briefed on the intelligence said that Ratcliffe had accurately summarized the preliminary conclusion about Iran. But Iran’s hackers may have accomplished that mission simply by assembling public information and then routing the threatening emails through Saudi Arabia, Estonia and other countries to hide their tracks. One official compared the Iranian action to playing single A baseball, while the Russians are major leaguers.
Nonetheless, the Iranian and the Russian activity could pave the way for “perception hacks,” which are intended to leave the impression that foreign powers have greater access to the voting system than they really do. Federal officials have warned for months that small breaches could be exaggerated to prompt inaccurate charges of widespread voter fraud.
Officials say Russia’s ability to change vote tallies nationwide would be difficult, given how disparate U.S. elections are. The graver concern is the potential effect of any attack on a few key precincts in battleground states.
Russian hackers recently obtained access “in a couple limited cases, to election jurisdiction, an election-related network,” but it had “nothing to do with the casting and counting” of votes, Christopher
Krebs, director of the Cybersecurity and Infrastructure Security Agency, said Thursday.
A hacking group believed to be operating at the behest of Russia’s Federal Security Service, the FSB – the successor agency to the Soviet-era KGB – has infiltrated multiple state and local computer networks in recent weeks, according to officials and researchers. The group, known to private researchers as Energetic Bear or Dragonfly, has hacked into U.S. nuclear, water and power plants and airports before. While it has stopped short of shutting them down, the group is considered to be among Russia’s most formidable.
The Russian hackers were able to get inside some election administrators’ systems and obtain access to voting information. Officials were alarmed by the combination of the targets, the timing – the attacks began less than two months ago – and the adversary, which is known for burrowing inside the supply chain of critical infrastructure that Russia may want to take down in the future.
The officials fear that Russia could change, delete or freeze voter registration or pollbook data, making it harder for voters to cast ballots, invalidating mail-in ballots or creating enough uncertainty to undermine results.
“It’s reasonable to assume any attempt at the election systems could be for the same purpose,” said John Hultquist, director of threat analysis at FireEye, a security firm that has been tracking the Russian group’s foray into state and local systems. “This could be the reconnaissance for disruptive activity.”
Administration officials said the news conference reflected the urgency of the intelligence about Iran. But some saw politics at play. Ratcliffe’s focus on Iran would potentially benefit Trump politically.
“It is concerning to me that the administration is willing to talk about what the Iranians are doing – supposedly to hurt Trump – than what the Russians are likely doing to help him,” said Jeh Johnson, a former secretary of homeland security in the Obama administration. “If the Russians have in fact breached voter registration data, then the American people deserve to know from their government what it believes the Russians are doing with that data.”