Northwest Arkansas Democrat-Gazette
Russian tendrils seen in sites posing as Senate portal
Nearly a year after Russian government hackers meddled in the 2016 U.S. election, researchers at cybersecurity firm Trend Micro zeroed in on a new sign of trouble: a group of suspect websites.
The sites mimicked a portal for U.S. senators and their staffs. Emails to Senate users urged them to reset their passwords — an apparent attempt to steal them.
The attempt to infiltrate the Senate network and others reported recently point to Russia’s continued efforts to interfere in U.S. politics, which a Moscow official denies. There is no clear evidence, experts said, of Kremlin efforts specifically designed to disrupt elections in November.
Still, “we fully realize that we are just one click away of the keyboard from a similar situation repeating itself,” Dan Coats, the director of national intelligence, said in July.
Michael McFaul, architect of President Barack Obama’s Russia policy, has said he believes Russian President Vladimir Putin perceives little benefit in major disruption now, preferring to keep his powder dry for the 2020 presidential contest.
Experts said it is too late to safeguard U.S. voting systems and campaigns this election cycle. Trump’s recent decision eliminating the White House cybersecurity coordinator’s post confirmed his lack of interest in countering Russian meddling, critics say. Congress has not delivered any legislation to combat election interference or disinformation.
But there is time to take stock of interference that has come to light — and to assess the risks of what we don’t know.
In mid-2016, hackers got into Illinois’ voter registration database. Special counsel Robert Mueller’s indictment of a dozen Russian intelligence agents this July said the hackers had stolen information on 500,000 voters.
It is the most notable case of foreign tampering with U.S. election systems made public. There has been no evidence of efforts to change voter information or tamper with voting machines, but experts caution that hackers might have planted unseen malware in systems that could be triggered later.
“My unofficial opinion is that we’re kind of fooling ourselves if we don’t think that they tried to at least make a pass at all 50 states,” said Christopher Krebs, the undersecretary for critical infrastructure at the Department of Homeland Security.
Before the 2016 general election, Russian agents sent spear-phishing emails to 122 state and local elections officials who were customers of election software vendor VR Systems. At least 21 state systems were probed by the same Russian unit, officials said. But federal officials have moved slowly to share intelligence. As of mid-August, 92 state election officials had been given clearances.
Much of the machinery used to collect and tabulate votes is antiquated, built by a handful of unregulated and secretive vendors, the outdated software highly vulnerable to attacks, researchers say.
“If someone was able to compromise even a handful of voting machines I think that would be sufficient to cause people to not trust the system,” said Sherri Ramsay, a former National Security Agency senior executive.
Democratic Sen. Claire McCaskill of Missouri, seeking re-election in a state that voted overwhelmingly for Trump, provided little detail in July when an attempt by Russian hackers to infiltrate her campaign came to light.
“While this attack was not successful, it is outrageous that they think they can get away with this,” McCaskill said.
The failed hack, which included an attempt to steal the password of at least one McCaskill staff member through a fake Senate login website identified by Microsoft, is the most notable instance of attempted campaign meddling by Russia made public this year. Microsoft executives said recently that the company had detected attempts by Russia’s GRU military intelligence agency to hack two senators.
Since mid-2017, the group behind that attempt has aggressively targeted political groups, universities, enforcement agencies and others, according to Trend Micro.
“Russian hackers appear to be broadening their target set, but I think tying it to the midterm elections is pure speculation at this point,” said Michael Connell, an analyst at the federally funded Center for Naval Analyses in Arlington, Va.
Eric Rosenbach, assistant secretary of defense for global security during the Obama administration and now at Harvard University, said Russian intrusion that has come to light may be only a tip to larger, hidden schemes.
“There probably have already been compromises of important campaigns in places where it could sway the outcome or undermine trust in the election,” Rosenbach said. “We might not see that until the very last moment.”