While homeland security and intelligence officials continue to say we are not seeing the same level of online foreign election interference in the run-up to the midterms as we experienced in 2016, cybersecurity experts warn the U.S. is not necessarily in the clear.
... From the cyberwar room that the Department of Homeland Security runs round the clock in a bland office building in Arlington, Va., to Microsoft’s threat-assessment center at the other end of the country, in Redmond, Wash., every form of digital radar is being focused on Russia, especially its military-intelligence unit, formerly known as the G.R.U.
The National Security Agency, which failed to respond when Russian hackers were first seen inside the Democratic National Committee’s computer systems in the summer of 2015, has now taken to sending messages directly to Russian hackers, reminding them that they are being watched.
And still, the nervousness in all those places is palpable ahead of Tuesday’s election. While some say they believe President Vladimir V. Putin of Russia is sitting out this election — the scrutiny is intense, the argument goes, and 470 House and Senate races make it just too hard for the Russians to figure out their interests, much less manipulate the outcome.
Still, others find the quiet deeply disturbing, perhaps a sign of a plan to make a last-minute effort to convince voters that their ballots might not be counted, or counted correctly.
(...)
While there are few signs of pre-election intrusions into voter-registration systems, the social media campaigns never ended; some accelerated immediately after the 2018 elections ...
From Shane Huntley, former Australian intelligence officer and current head of Google's threat detection team:
“It’s like fighting the last war. When I was in the military academy people told us all the next wars were going to look like the first Gulf War. They didn’t. And in cyber, the next war won’t look like 2016.”
The Times names six things to look out for as election day approaches. The first is the rise of Iranian activity.
Intelligence officials and cybersecurity companies say the Iranians mostly appear to be copying techniques that they learned from watching the Russians, especially in social media.
(...)
“It’s still early days and while we have found no ties to the Iranian government, we can’t say for sure who is responsible,” Nathaniel Gleicher, the head of cybersecurity policy at Facebook, declared in a blog. In other words, Facebook was making clear that this year it’s awake and the mass purges of deliberate misinformation, nonexistent in the 2016 cycle, will accelerate.
The second is looking to Ukraine to see what may be next.
Every technique that Mr. Putin’s hackers, from the network break-in artists at the G.R.U. to the producers of fake social-media posts at the internet Research Agency in St. Petersburg, used in the United States they tested in Kiev and the Donbass, the separatist area where the Russians have been stoking civil war.
(...)
To get a sense of what is coming to the United States, [Yasmin Green, the director of research and development for Jigsaw, a unit of Alphabet, which is Google’s parent company] and Jigsaw’s chief executive, Jared Cohen, a former State Department official, visited Ukraine in recent weeks and found that it was still Mr. Putin’s petri dish, a place where sophisticated new experiments were underway to deluge separatist parts of the country with disinformation ahead of military actions and a presidential election next March. Ukraine is “always on the leading edge,” she concluded.
The third is the White House's attempt to distract from Russian hacking by claiming China is trying to interfere in the 2018 election without any evidence.
The fourth is keeping an eye on electronic voting machines and knowing the difference between a hack and the failures of outdated equipment.
One would think that after all the concerns in 2016, states and counties would have been racing to update their systems. “Most did almost nothing,” Douglas Lute, a former American ambassador to NATO and Army general, who has taken up the cause of reforming the election infrastructure, said in an interview. The $380 million that Congress allotted recently mostly went to funding assessments of vulnerabilities.
Yet while states and counties made changes, New Jersey, Delaware, Georgia, South Carolina and Louisiana still use no paper backup, and parts of Pennsylvania, a vital swing state, do not either. That has not changed since 2016, and it is unclear that it will be solved by 2020.
(...)
The Department of Homeland Security said there had been little evidence this year of the kind of “probes” into the voter registration systems that created such fear in 2016. But Election Day hasn’t arrived yet.
Fifth is the risk of a cyberattack on election day.
A last-minute attack on county or state voter-registration systems, just to knock them off-line, would create an uproar from voters who might show up at the polls and find they could not vote. A strike at power grids, turning out the lights at polling places, or just disrupting transportation systems could suppress turnout and lead to charges of manipulation.
(...)
... Come Wednesday, if there are still races that are too close to call, just a rumor campaign about possible election manipulation might be enough to cast doubt about the integrity of the results. And in the end, that’s what election disruption is all about — undermining the citizens’ confidence that their vote counts.
And finally, know that we may not know everything about the integrity of the 2018 elections until after they're done.
Months after the midterms are over, evidence of covert internet action that is currently going unnoticed may well surface. As the Russians and others embrace artificial intelligence techniques, and get better at targeting messages, they may well find ways to route around the phalanx of new social-media police. Ms. Green says that is unavoidable.
“It’s still retroactive,” she said of monitoring social media. “We haven’t figure out how to do this in real time.”
Mystery of the Midterm Elections: Where Are the Russians? (NYT)