The Register Citizen (Torrington, CT)
It just became a federal crime to hack U.S. elections
WASHINGTON — This week it became a federal crime to hack any elections systems used in a federal U.S. election.
Amazingly, prior to Tuesday, there was no federal law specifically governing election hacks. But on Tuesday, President Donald Trump signed into law a bipartisan bill to criminalize the offense.
The bill was introduced in the Senate in May 2019, by Sens. Richard Blumenthal, D-Conn., Lindsey Graham, R-S.C., and Sheldon Whitehouse, D-R.I.
“Although folks may be surprised, there has been no effective criminal sanction against foreign adversaries seeking to undermine our democracy,” said Blumenthal. “So the Department of Justice will now have tools to prosecute hackers who infiltrate our election infrastructure.”
The new law will be in effect for hacks on the 2020 election — for which voting is already underway — Blumenthal said. And critically, it will apply to hacks by domestic and foreign actors.
Hacks are already underway by Russia.
On Thursday, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency made a joint announcement that since Sept. 2020, Russian statesponsored hackers — known variously as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala — have targeted dozens of state and local governments and aviation networks, successfully compromised network infrastructure and took data from at least two servers. The FBI and CISA said they had no information showing the hackers disrupted government, elections or aviation operations, but they may be planning future disruptions, including by delegitimizing these organizations.
Gabe Rosenberg, communications director for Connecticut’s Secretary of the State, said the state has received no indication from federal authorities that Connecticut election systems were recent targets. The state has already taken implemented numerous protections that prevent an election hack attempt from being successful.
U.S. Rep. Jim Himes, D-Conn., a member of the House Intelligence Committee and an original sponsor of the election hacking legislation, said he generally assumes “our adversaries are poking around and trying to gain access into our critical infrastructure.” But if foreign actors actually altered operations of U.S. elections — or air traffic control, for that matter — that would be a different story, he said.
“The range of possibilities — and welcome to my world — is pretty ugly, everything from the Russians trying to break in to the voting software in Florida to them trying to blast out misinformation about polling locations and poll opening hours to them doing something like crashing the electrical networks somewhere,” Himes said. “We just hope that the Russians understand that is or is pretty close to an act of war.”
The further details on Russia’s ongoing efforts to
meddle in U.S. elections and government came after U.S. administration officials announced Wednesday Iran and Russia had obtained voter registration data — some of which was publicly available and easy to get — and Iran was using it to send thousands of fake, threatening emails to voters.
The emails purported to be from the far-right, white nationalist group the Proud Boys and they threatened that the voter should vote for Trump “or we will come after you.” They were sent to voters in Florida — a key battleground state — and Alaska, and maybe other places, too.
These emails and hacks are not isolated acts, said Matthew Schmidt, associate professor of National Security at the University of New Haven and an expert on Russia. They’re part of a larger game in which foreign adversaries ping U.S. military, diplomatic and governmental systems to provoke a reaction, create a distraction and draw down resources and time, he said.
“They are creating a psychological effect on our government by making our government respond and be worried,” Schmidt said. “The two things that everybody says are ‘oh my God are planes going to crash? And is our election legitimate now?’”
In 2016, Russia targeted voting infrastructure in all 50 states, with Russian hackers successfully gaining access to voter registration systems in several states. They also pumped out fake news, promoted conspiracy theories and shared misinformation on social media.
Blumenthal said his election briefings on current developments make “the Russian interference in 2016 look like child’s play.”
The Russians and Iranians know today that the transparency required of U.S. officials will mean news of their 2020 hacks will become public, Schmidt said. And the information will make the public scared.
“The Russians and the Iranians are hacking people by hacking systems,” he said. “They’re hacking our minds. They’re hacking our stress response systems.”
Schmidt said he expected Russians to be “functionally quiet” through the election, but active, pestering and probing. Their major goal is a Trump victory, he said, and a minor win is threatening the legitimacy of the election.
“It was only as recently as August, that the intelligence community came out and said that Russia would probably be trying to denigrate Vice President Biden in regards Ukraine,” said Sen. Mark Warner, D-Va., on Friday. “We saw the other day, the indications of Iran, potentially — pretending to be radical right wing groups. So this, this will come at us in a variety of ways and we need to be on guard. We should anticipate, and I think, expect that our adversaries will ramp up these last 11 days.”
For Russia, Iran and China, knowledge that their hackers might now come under U.S. federal indictment is some deterrent, but some foreign actors may be out of reach of the law, Himes said. But the law is “no substitute for the robust defense that we need,” he explained.
Connecticut has received about $15 million from the federal government in recent years to assess and upgrade state and local election system cyber security and even hire a misinformation specialist now fighting disinformation about voting in the state, Rosenberg said.
Himes said another critical step is for nations to negotiate international standards around cyberinfrastructure and hacking. That work is now underway at the United Nations. But he called the “key defender,” the individual citizen who is a careful consumer of information online.
“If you see something online that makes your head explode, step back,” Himes said. “That could be the result of an effort to manipulate you and you don’t want to be manipulated.”
Schmidt warned Russia is playing a “long-term game” with election interference that is not going away after this election.
“When Trump goes, if Trump goes, [Russia is] going to keep doing this,” he said. “Now this is standard operating procedure for their intelligence services for as far out as we can see.”