Russia a greater election threat than Iran, U.S. officials say
WASHINGTON — While senior Trump administration officials said this week that Iran has been actively interfering in the presidential election, many intelligence officials said they remained far more concerned about Russia, which in recent days has hacked into state and local computer networks in breaches that could allow Moscow broader access to U.S. voting infrastructure.
The discovery of the hacks came as U.S. intelligence agencies, infiltrating Russian networks themselves, have pieced together details of what they believe are Russia’s plans to interfere in the presidential race in its final days or immediately after the election Nov. 3. Officials did not make clear what Russia planned to do.
FBI and homeland Security officials also announced Thursday that Russia’s state hackers had targeted dozens of state and local governments and aviation networks starting in September. They stole data from at least two unidentified victims’ computer servers and continued to crawl through some of the affected networks, the agencies said. Other officials said that the targets included some voting-related systems and that they may have been collateral damage in the attacks.
They added that the Russianbacked hackers had penetrated the computer networks without taking further action, as they did in 2016. But U.S. officials expect that if the presidential race is not called on election night, Russian groups could use their knowledge of the local computer systems to deface websites, release nonpublic information or take similar steps that could sow chaos and doubts about the integrity of the results, according to U.S. officials briefed on the intelligence.
Some U.S. intelligence officials view Russia’s intentions as more significant than the announcement Wednesday night by the director of national intelligence, John Ratcliffe, that Iran has been involved in the spreading of faked, threatening emails, which were made to appear as if they came from the Proud Boys, a right-wing extremist group.
The Treasury Department on Thursday announced sanctions against Iraj Masjedi, a former general in Iran’s Revolutionary Guard and the country’s ambassador to Iraq.
Officials briefed on the intelligence said Iran’s hackers mayhave simply assembled public information and then routed the threatening emails through Saudi Arabia, Estonia and other countries to hide their tracks. One official compared the Iranian action to playing single A baseball, while the Russians are major leaguers.
Russian hackers recently obtained access “in a couple limited cases, to election jurisdiction, an election-related network,” but it had “nothing to do with the casting and counting” of votes, Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency, said Thursday.
A hacking group believed to be operating at the behest of Russia’s Federal Security Service, the FSB — the successor to the Soviet-era KGB— has infiltrated multiple state and local computer networks in recent weeks, according to officials. The group, known to private researchers as Energetic Bear or Dragonfly, has hacked into U.S. nuclear, water and power plants and airports before.
The Russian hackers were able to get inside some election administrators’ systems and obtain access to voting information.
The officials fear that Russia could change, delete or freeze voter registration or poll book data, making it harder for voters to cast ballots, invalidating mail-in ballots or creating enough uncertainty to undermine results.
“It’s reasonable to assume any attempt at the election systems could be for the same purpose,” said John Hultquist, director of threat analysis at Fireeye, a security firm that has tracked the Russians. “This could be the reconnaissance for disruptive activity.”