Will Russian hackers affect this year’s US election?
By FRANK BAJAK and ADAM GELLER
Saturday, September 1
Nearly a year after Russian government hackers meddled in the 2016 U.S. election, researchers at cybersecurity firm Trend Micro zeroed in on a new sign of trouble: a group of suspect websites.
The sites mimicked a portal used by U.S. senators and their staffs, with easy-to-miss discrepancies. Emails to Senate users urged them to reset their passwords — an apparent attempt to steal them.
Once again, hackers on the outside of the American political system were probing for a way in.
“Their attack methods continue to take advantage of human nature and when you get into an election cycle the targets are very public ,” said Mark Nunnikhoven, vice president of cloud research at Trend Micro.
Now the U.S. has entered a new election cycle. And the attempt to infiltrate the Senate network, linked to hackers aligned with Russia and brought to public attention in July, is a reminder of the risks, and the difficulty of assessing them.
Newly reported attempts at infiltration and social media manipulation — which Moscow officially denies — point to Russia’s continued interest in meddling in U.S. politics. There is no clear evidence, experts said, of efforts by the Kremlin specifically designed to disrupt elections in November. But it wouldn’t take much to cause turmoil.
“It’s not a question of whether somebody is going to try to breach the system, to manipulate the system, to influence the system,” said Robby Mook, who managed Hillary Clinton’s presidential campaign and co-directs a Harvard University project to protect democracy from cyberattacks, in an interview earlier this year. “The question is: Are we prepared for it?”
Online targeting of the U.S. political system has come on three fronts — efforts to get inside political campaigns and institutions and expose damaging information; probes of electoral systems, potentially to alter voter data and results; and fake ads and accounts on social media used to spread disinformation and fan divisions among Americans.
In recent weeks, Microsoft reported that it had disabled six Russian-launched websites masquerading as U.S. think tanks and Senate sites. Facebook and the security firm FireEye revealed influence campaigns , originating in Iran and Russia, that led the social network to remove 652 impostor accounts, some targeted at Americans. The office of Republican Sen. Pat Toomey of Pennsylvania said hackers tied to a “nation-state” had sent phishing emails to old campaign email accounts.
U.S. officials said they have not detected any attempts to corrupt election systems or leak information rivaling Kremlin hacking before President Donald Trump’s surprise 2016 victory.
Still, “we fully realize that we are just one click away of the keyboard from a similar situation repeating itself,” Dan Coats, the director of national intelligence, said in July.
Michael McFaul, the architect of the Obama administration’s Russia policy, has said he believes Russian President Vladimir Putin perceives little benefit in a major disruption effort this year, preferring to keep his powder dry for the 2020 presidential contest.
But even if the upcoming elections escape disruption, that hardly means the U.S. is in the clear .
Trump’s decision in May to eliminate the post of White House cybersecurity coordinator confirmed his lack of interest in countering Russian meddling, critics say. Congress has not delivered any legislation to combat election interference or disinformation. Last week, a review of the bipartisan “Secure Elections Act” was canceled after Republican leaders registered objections, congressional staffers said.
The risks extend beyond the midterms.
“The biggest question is going to be how are you going to make sure that people actually trust the results, because democracy relies on credibility,” said Ben Nimmo, a researcher at the Atlantic Council. “It’s not over after November.”
Experts said it is too late to safeguard U.S. voting systems and campaigns this election cycle. But with two months to go, there is time enough to take stock of the Russian-sponsored interference that has come to light so far — and to assess the risks of what we don’t know.
In mid-2016, hackers found a way into the voter registration database at the Illinois State Board of Elections and spent three weeks poking around. After the breach was discovered, officials said the infiltrators had downloaded the records of up to 90,000 voters.
It’s not clear that anything nefarious was done with those records. But when special counsel Robert Mueller charged a dozen Russian intelligence agents with hacking this July, the indictment clarified the potential for damage. The hackers had, in fact, stolen information on 500,000 voters, including dates of birth and partial Social Security numbers.
“The internet allows foreign adversaries to attack Americans in new and unexpected ways,” Deputy Attorney General Rod Rosenstein said, in announcing the indictments.
The Illinois hack is the most notable case of foreign tampering with U.S. election systems to come to light. There has been no evidence of efforts to change voter information or tamper with voting machines, though experts caution hackers might have planted unseen malware in far-flung election systems that could be triggered later.
Potential problems are not limited to Illinois.
A week before the 2016 general election, Russian intelligence agents sent spear-phishing emails to 122 local elections officials who were customers of VR Systems, a Tallahassee, Florida-based election software vendor.
In addition to Illinois, at least 20 other state systems were probed by the same Russian military unit that targeted VR’s customers, federal officials said.
“My unofficial opinion is that we’re kind of fooling ourselves if we don’t think that they tried to at least make a pass at all 50 states,” said Christopher Krebs, the undersecretary for critical infrastructure at DHS.
In June 2017, the federal Election Assistance Commission informed dozens of local voting officials that hackers had attempted to penetrate the systems of a voting system manufacturer, presumed by many to be VR.
“Attempts have been made to obtain voting equipment, security information and in general to probe for vulnerabilities,” the EAC wrote officials. Despite those concerns, federal officials have moved slowly to share intelligence with officials who supervise elections. As of mid-August, 92 state officials had been given clearances.
Much of the machinery used to collect and tabulate votes is antiquated, built by a handful of unregulated and secretive vendors, with outdated software that makes them highly vulnerable to attacks, researchers said.
“If someone was able to compromise even a handful of voting machines I think that would be sufficient to cause people to not trust the system,” said Sherri Ramsay, a former National Security Agency senior executive.
This spring, a website used by Knox County, Tennessee, officials to display election-night results was knocked offline by an unidentified perpetrator. While the attack was little noticed, it would not be hard to replicate, experts said. Combined with a social media campaign alleging vote tampering, such mischief could cast a shadow over an election, they said.
Election officials have been sandboxing such scenarios for weeks as they prepare for November’s balloting.
There’s already a Russian playbook for thwarting an election: In Ukraine in 2014, the presidential contest was disrupted by a virus that scrambled election-management software, followed by a media disinformation campaign claiming a pro-Moscow candidate had won.
Democratic Sen. Claire McCaskill of Missouri is plenty busy this fall as she seeks re-election in a state that voted overwhelmingly for Trump. So when an attempt by Russian hackers to infiltrate her campaign came to light in July, she acknowledged it only briefly.
“While this attack was not successful, it is outrageous that they think they can get away with this,” McCaskill said. “I will not be intimidated. I’ve said it before and I will say it again, Putin is a thug and a bully.”
The failed hack, which included an attempt to steal the password of at least one McCaskill staffer through a fake Senate login website identified by Microsoft, is the most notable instance of attempted campaign meddling by Russia made public this year.
Microsoft executives said recently that the company had detected attempts by Russia’s GRU military intelligence agency to hack two senators. One was presumably McCaskill, but the others have not been identified.
The group behind that attempt, Fancy Bear, is the same one indicted July 13 and identified by Microsoft as the creator of fake websites targeting the Hudson Institute and the International Republican Institute, frequent critics of the Kremlin. Since the summer of 2017, Fancy Bear has aggressively targeted political groups, universities, law enforcement agencies and anti-corruption nonprofits in the U.S. and elsewhere, according to TrendMicro.
“Russian hackers appear to be broadening their target set, but I think tying it to the midterm elections is pure speculation at this point,” said Michael Connell , an analyst at the federally funded Center for Naval Analyses in Arlington, Virginia.
There have been other recent reports of U.S. congressional campaign websites targeted by hackers, but that doesn’t mean Russian agents are to blame. Experts said most are likely run-of-the-mill criminal cyberattacks seeking financial gain rather than political change.
But Eric Rosenbach, who served as assistant secretary of defense for global security during President Barack Obama’s administration and is now at Harvard, said the limited examples of Russian intrusion that have come to light may be only a tip to more significant, still hidden schemes.
“There probably have already been compromises of important campaigns in places where it could sway the outcome or undermine trust in the election,” Rosenbach said. “We might not see that until the very last moment.”
The risk is magnified by poor efforts to protect many campaign sites, said Josh Franklin, until last month the lead National Institutes of Standards and Technology researcher on voting systems security.
Nearly a third of the 527 House of Representatives campaigns examined by Franklin and fellow researchers had such poor cybersecurity they were graded worse than failing.
“We couldn’t go any further with our scan,” he said. “We were told that we would be in danger of being sued by the candidate campaigns.”
By the time a group called “ReSisters” began organizing a rally against white nationalism for Aug. 10, it had spent more than a year sharing left-wing posts about feminism, immigration and other hot-button topics.
“Confront + Resist Fascism,” the group urged on a Facebook event page for its “No Unite the Right 2” protest in Washington, D.C. Like-minded Facebook users posted information about transportation, materials and location so those interested could attend.
In late July, Facebook short-circuited the effort, shutting down the pages and accounts of ReSisters and 31 others. Despite appearing to speak for Americans, the company said, the accounts were planted by unidentified outsiders to fuel divisions among U.S. voters. Researchers at the Atlantic Council who examined the accounts said they acted in ways echoing Russian troll operations before the 2016 election, pointing to English on the pages speckled with grammatical mistakes typical of native Russian speakers.
“We face determined, well-funded adversaries who will never give up and are constantly changing tactics,” Facebook said. The outing of the sites is a reminder as November approaches that Russians and other foreign actors continue to use social media to try to influence U.S. politics.
Since the 2016 election, officials and researchers have learned much more about such infiltration. The May release by House Democrats of more than 3,500 ads placed on Facebook by Russian agents from 2015 to 2017 revealed a deliberate campaign to inflame racial divisions in the U.S. Facebook and other tech companies say they are working hard to combat such behavior. But it is not nearly enough, experts said.
The companies must be forced to act faster against Russian and other disinformation campaigns and be made more accountable , said Dipayan Ghosh, a fellow at Harvard’s Kennedy School of Government who has worked at both the White House and Facebook on tech policy including social media manipulation.
Ghosh said quantifying Russian disinformation on social media is difficult because they “are operating behind a commercial veil” of for-profit networks that are not subject to public scrutiny.
“The industry is currently accountable to nobody,” Ghosh said.
After Facebook was criticized for allowing a data-mining firm to collect information about millions of its users, CEO Mark Zuckerberg said he was open to regulation. But the “Honest Ads Act,” which would require online political ads to be identified as they are in traditional media, has stalled in Congress.
The bill’s sponsors include the late John McCain and Sen. Mark Warner, the Virginia Democrat who has pressed Facebook for change since the 2016 elections. Executives from Facebook, Twitter and Google are expected to testify before Warner and other members of the Senate Intelligence Committee this week.
Experts said they are uncertain of the effectiveness of Russian disinformation, complicating assessment of the threat it might now pose.
In 2016, Russian actors likely did the greatest damage by hacking and leaking emails from Hillary Clinton’s campaign and Democrats’ national organization, which were widely reported by the news media. But comparatively few American voters saw individual pieces of misinformation on social media, making it unlikely that it swayed votes , said Brendan Nyhan, a University of Michigan political scientist who has analyzed the scope and impact of the Russian operations.
“There’s still too much simplistic thinking about all-powerful propaganda that doesn’t correspond to what we know from social science about how hard it is to change people’s minds. I’m more concerned about the threat of intensifying polarization and calling the legitimacy of elections into question than I am about massive swings in vote choice,” he said.
Still, it is clear that Russian intelligence views its efforts as successful and their example has already stirred others, like Iran, to try similar strategies. Such efforts are bent on coloring U.S. politics even if they are not tied to a specific election, said Lee Foster, FireEye’s manager of information operations analysis.
“Where do you draw the line between efforts to influence the election or an election or efforts to influence U.S. domestic politics in general?” Foster said. “We can’t just think in the context of the next election. It’s not like this goes away after the midterms.”
Associated Press writers Barbara Ortutay in New York and Christina A. Cassidy in Atlanta contributed to this story.
Why Putin is an ally for American evangelicals
September 4, 2018
Professor of American Studies and International Affairs, George Washington University
Melani McAlister does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
Russian President Vladimir Putin attends a mass in his hometown of St. Petersburg, Russia, on Jan. 7, 2018.
The close relationship between American evangelicals and Russia has lately been discussed widely in the news media. In particular, the Justice Department unsealed a criminal complaint in July against a Russian woman, Maria Butina, for trying to use the National Prayer Breakfast, a star-studded affair, as a “back channel of communication” with prominent American religious and political leaders.
Among them is Franklin Graham, son of the well-known evangelist, Billy Graham, and head of the influential Billy Graham Evangelistic Association.
In 2015, Graham famously visited Russia, where he had a warm meeting with President Vladimir Putin. On that trip, Putin reportedly explained that his mother had kept her Christian faith even under communist rule. Graham in turn praised Putin for his support of Orthodox Christianity, contrasting Russia’s “positive changes” with the rise of atheistic secularism in the U.S.
But it was not always so. Once upon a time, American evangelicals saw the Soviet Union and other communist countries as the world’s greatest threat to their faith.
They carried out dramatic and illegal activities, smuggling Bibles and other Christian literature across borders. And yet, today, Russia is their crucial ally.
Starting in the 1950s, but intensifying in the 1970s and 1980s, U.S. and European evangelicals presented themselves as intimately linked to the Christians who were suffering at the hands of communist governments.
One evangelical group that emerged at this time was “Open Doors,” whose main aim was to work for “persecuted Christians,” around the world. It was founded by “Brother Andrew” Vanderbijl, a Dutch pastor who smuggled Bibles into the Soviet Union and Eastern Europe.
Brother Andrew and other evangelicals argued that what Christians in communist countries really needed was Bibles – an evangelical view of the centrality of personal Bible reading for the sustenance of the faithful. And Bibles were hard to come by. In 1978, Time magazine reported,
“A Christian’s chances of buying a Bible openly are currently good in Poland, erratic in East Germany, difficult in Czechoslovakia and Hungary…, extremely difficult in Romania, virtually impossible in the Soviet Union and Bulgaria. Buying a Bible is an out-and-out crime in Albania.”
He turned the smuggling into anti-communist political theater. As he headed toward the border in a specially outfitted vehicle with a hidden compartment that might hold as many as 3,000 Bibles, he prayed. According to one ad that ran in Christian magazines, he said:
“Lord, in my luggage I have forbidden Scriptures that I want to take to your children across the border. When you were on earth, you made blind eyes see. Now I pray, make seeing eyes blind. Do not let the guards see these things you do not want them to see.”
Vanderbijl’s memoir, “God’s Smuggler,” became a bestseller when it was published in 1967.
Taking Jesus to communist world
By the early 1970s, there were more than 30 Protestant organizations engaged in some sort of literature smuggling, and there was an intense, sometimes quite nasty, competition between groups.
Their work depended on their charismatic leaders, who often used sensationalist approaches for fundraising.
For example, in 1966, a Romanian pastor Richard Wurmbrand appearing before the Senate Judiciary Committee’s Internal Security subcommittee, stripped to the waist and turned to display his deeply scarred back.
A Jewish convert and Lutheran minister, Wurmbrand had been imprisoned twice by the Romanian government for his activities as an “underground” minister before he finally escaped to the West in 1964.
Standing shirtless before U.S. senators and the national news media, Wurmbrand testified, “My body represents Romania, my country, which has been tortured to a point that it can no longer weep. These marks on my body are my credentials.”
The next year, Wurmbrand published his book, “Tortured for Christ,” which became a bestseller in the U.S. He founded his own activist organization, “Jesus to the Communist World,” which also engaged in a good bit of attention-grabbing, intentionally reckless behavior.
In May 1979, for example, two 32-year-old men associated with the group flew their small plane over the Cuban coast, dropping 6,000 copies of a pamphlet written by Wurmbrand. After the “Bible bombing,” they lost their way in a storm and were forced to land in Cuba, where they were arrested and sentenced to 24 years in jail.
They served 17 months before being released in a general pardon of Americans in Cuban jails.
As I describe in my book “The Kingdom of God Has No Borders,” critics hammered these groups for such provocative approaches and hardball fundraising. One leading figure in the Southern Baptist Convention complained that the practice of smuggling Bibles was “creating problems for the whole Christian witness” in communist areas.
Another Christian activist, however, admitted that the activist groups’ mix of faith and politics was hard to beat and had the ability to draw “big bucks.” Indeed, as Time estimated, Bible smuggling groups raised US$30 million a year in the late 1970s – a bit over $100 million today.
After communism: Islam and homosexuality
These days, there is little in the way of swashbuckling adventure to be had in confronting communists. But that does not mean an end to the evangelical focus on persecuted Christians.
After 1989, advocates increasingly focused on Islam as the greatest supposed threat to Christians. That is one of the reasons, I believe, that Putin’s war against Chechen militants in the 1990s, and then his more recent intervention on behalf of Assad’s government in Syria, made him popular with Christian conservatives: They believed Putin was protecting Christians while waging war against Islamic terrorism.
Even Putin’s current policies of cracking down on evangelism do not seem to bother some of his conservative evangelical allies overly. When Putin signed a Russian law in June 2016 that outlawed any sharing of one’s faith in homes, online or anywhere else but recognized church buildings, some evangelicals were outraged, but others looked away.
This is in part because of his claim to be “defender of Christians,” but also because he is seen to be a partner in upholding conservative values on opposing LGBTQ+ rights and nontraditional views of the family. Franklin Graham was among those who waxed enthusiastically about Russia’s laws against “gay propaganda.” Other lesser known activists have been cultivating ties with Russian politicians as well as the Russian Orthodox Church.
In the 21st century, then, evangelical conservatives aren’t promoting their agenda by touting the number of Bibles transported across state lines, but rather on another kind of border crossing: the power of Putin’s reputation as a leader in the resurgent global Right.