Why some cyber analysts fear Kremlin hackers can destroy Americans' faith in elections.
A voter fills out his ballot at the North Park Mall in
Oklahoma City, Oklahoma on March 1. REUTERS/NICK OXFORD
The presidential vote won’t be
rigged, but it may well be rocked–and not just by Donald Trump’s repeated threat to dispute the results if he loses.
The Republican challenger has
already benefitted from foreign hacking, persuasively attributed to Russia, of the
private, and often embarrassing, emails of Hillary Clinton’s staff and the Democratic
National Committee. Now, say numerous cyber analysts, Russian hackers have the
ability, and perhaps motivation, to infiltrate the nation’s voting booths and
deliver a stunning blow to Americans’ already wobbling belief in the integrity
of the electoral process.
“You only need to mess it up a
little bit, and as soon as people don't have faith in it, the whole system can
start to crumble,” says Ryan Duff, a former U.S. Air Force cyber tactician now
working on information security in the private realm. “You don't even need to
sway it one way. You just have to make people think it could happen.”
What could also undermine voters’
faith in the system: Friday’s massive attack on servers that denied
customers’ access to some of the world’s biggest Web sites, including Twitter,
Reddit, Netflix, Amazon, Airbnb, the New York Times and
others. White House Press Secretary Josh Earnest said officials couldn’t yet
provide “any information about who may be responsible for this malicious
activity.”
Elections officials worried
that Friday’s attacks could suppress voter turnout, especially in swing states.
Barbara Simons, the co-author of Broken Ballots: Will Your Vote Count? and
a member of the board of advisers to the Election Assistance Commission, told
the New York Times that the hack was “a strong argument for
why we should not allow voters to send their voted ballots over the internet.”
An increasing number of
Americans are already disposed to thinking the election could be rigged,
according to a mid-August poll by the Gallup
organization. Only 62 percent of Americans “are confident that votes will be
accurately cast and counted in the coming election,” Gallup said. The figure
represented a falloff of between 11 and 13 percent since Barack Obama was first
elected, when Republicans began pounding the fraud theme. The GOP’s propaganda
campaign—baseless, in the view of independent analysts—gave Russian hackers an
opportunity to further exploit voters’ doubts with surreptitious “influence
operations.”
“The risk is not so much the
hacking of the voting machines themselves, (which have decent if not great
checks), but rather going after the broader climate that surrounds an
election,” says Peter Singer, a strategist at the New America think tank
and author of Wired for War: The Robotics Revolution and Conflict in
the 21st Century. The larger goal is “to sow doubt and disarray,” he
tells Newsweek. “Indeed,” he adds, even if the Kremlin hasn’t had a
hand in some of the hacks, it can further its goals by using “social media
outlets and RT [Russia Today, another arm of Kremlin propaganda] to spread
false information and claims about it happening.” Voters might conclude,
"Ah, this happened in this one county in Ohio, so the results are wrong”
everywhere, he says. “This is where Trump's ‘rigged’ talk is so utterly
dangerous, and where it also fits in exactly with the Putin playbook.”
To most observers, the
Kremlin’s evident pilfering of Democratic files has had only one immediate
beneficiary—Donald Trump (and before him, Bernie Sanders). In the likely case
that Russian hackers have penetrated the Trump camp’s private communications as
easily as they evidently did the Democrats’, a number of possibilities exist.
Among them: either they’ve not made them available yet to Wikileaks or other
outlets, or they’re holding them in reserve, in the unlikely event Trump is
elected.
In mid-October, veteran “ethical hacker” Scot Terban posed “three scenarios” on how Russia could throw the
elections into chaos: by manipulating voter counts, voter rolls and voting
machines.
In the first scenario, “the
voting machine have been tampered with electronically or code has been
inserted” manually via a thumb drive to produce wildly unexpected outcomes. The
result: “Trust in the election system is diminished,” Terban wrote. Candidates
and the public demand recounts, delaying the outcomes for months and further
decimating faith in the reliability of the machines.
In the second scenario, voters
show up at the polls and find that their party registration or personal data
has been surreptitiously changed. Republicans are listed as Democrats and
vice-versa. Addresses are incorrect or missing. They can’t vote. “To date there
are no systems that I am aware of that will email you when a change is made to
your voting status,” Terban wrote, asking, “and how many people check before
they go to the polls?” Messing with American voters in such a way is not
unheard of, he adds. It’s “a common tactic that has been used in
gerrymandering,” or quietly redrawing districts in a way that disqualifies certain voters on
election day.
The third scenario for
paralyzing the American vote was tested by Russia in Ukraine, Terban wrote, “by
inserting malware/code into the election machines in 2014 that effectively
“bricked,” or shut them down.
“If such an attack code were
placed and propagated within the American voting systems,” he continued, “the
disruption would cause the election to be halted and emergency measures taken,”
like issuing emergency paper ballots where possible. Facing lengthy delays and
long lines, most voters would walk away, he expects. “Trust in the electronic
system would be degraded or destroyed.”
All these scenarios are
guesses (or “thought experiments”) he admits. But the Kremlin has demonstrated
a propensity for “information war,” or informatsionnaya voyna, from the
earliest days of the 1917 Bolshevik Revolution, when it spread false rumors and
created phony front groups to keep its adversaries off balance. The practice
fell off after the collapse of the Soviet Union in 1991. But Vladimir Putin, a
career KGB officer, rejuvenated the effort after an internal review found
“deficiencies” in Russia’s 2008 invasion of Georgia. “We surrendered this terrain
some time ago,” he was quoted as saying, “but now we are entering the game
again.” Soon after, the Kremlin embraced the concept of a new warrior class to
wage “a global information war.”
“The objective is...
certainly, to create centres which would envisage so-called hacker attacks on enemy
territory,” Igor Panarin, a leading Russian military authority, wrote in 2008, according to the U.K.-based Conflict
Studies Center at Oxford University. The object would be to identify
“critically important information entities of the enemy, including how to
eliminate them physically, and how to conduct electronic warfare, psychological
warfare, systemic counter propaganda, and net operations to include hacker
training.”
Which makes the Kremlin effort
no different than Washington’s array of cyber warriors who, in concert with
Israel’s, reportedly disabled Iran’s nuclear
centrifuges with the now notorious Stuxnet virus in mid-2010. (“There has
been no technical attribution, even to this day,” Ryan Duff notes.) But no
confirmed reports of U.S. cyber-meddling in foreign elections have arisen,
despite Putin’s claims of American interference in the 2012 Russian
presidential election. Long before the internet, however, both the U.S. and
Soviet Union covertly interfered in foreign elections around the world to
promote their Cold War objectives.
The emphasis here is on
covert: the stealthy hands of the CIA and KGB were supposed to stay hidden. But
according to both Obama administration officials and independent cyber-sleuths,
those who allegedly hacked the DNC and Clinton’s staff left electronic
droppings that were traced back to Moscow.
On Thursday, Director of
National Intelligence James Clapper repeated the administration’s October 7 statement that “recent disclosures
of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the
Guccifer 2.0 online persona are consistent with the methods and motivations of
Russian-directed efforts. These thefts and disclosures are intended to interfere
with the U.S. election process.”
Clapper told Defense One that the U.S. had
“sufficient evidence, both forensic and otherwise, to reach the conclusion,”
but refused to specify the names and addresses of Russian perpetrators in the
same manner Washington had “named and shamed” Chinese hackers who broke into
the Office of Personnel management’s files. Critics complain that the evidence
is far from concrete, and that hackers using the NSA’s own stolen tools might have left tracks
to deliberately implicate Moscow. But Clapper was firm. “I don’t think I need
to say anything more about it, other than the fact the statement speaks for
itself,” he said. “It was mainly addressed to the American electorate, not to
any foreign nation-state.”
Meanwhile, U.S. elections,
administered by state, county and local officials, have no national security
standard to protect against intrusions, leaving many open to manipulation,
security analysts complain.
Tyler Cohen Wood, a former
Defense Intelligence Agency cyber deputy division chief, calls the lack of
unified standards “a national security problem,” and proposed that the
Department of Homeland Security be given the authority to establish and oversee
new federal ones.
In September, Republican
Representative Hank Johnson of Georgia introduced a bill that would
require DHS to designate voting systems as critical infrastructure and
“limit the purchase of any new voting systems” to those that use “durable
voter-verified paper ballots.” Such legislation has a slim chance of gaining
traction, however, given the electorate’s anti-Washington mood and complaints
about the performance of DHS—which oversees entities such as the much
criticized Transportation Security Agency.
A one-system-fits-all national
voting system might even make it easier for hackers to throw the whole process
into chaos, Wood concedes. “It could, it most certainly could,” she tells Newsweek,
but at present, “some states are much more vulnerable than others, and
standardization could help prevent a compromise.”
With only days before the
November 8 vote, many officials hear the Russian bear thrashing around in the
Internet woods and wonder where and when it will attack again. The Obama
administration, meanwhile, has vowed a “proportional” response to previous Russian
hacks, raising the prospect of a first world cyber war.
To some, however, this new
theater of combat is not much different from the Greeks’ deployment of a
legendary wooden horse to gain entrance to Troy.
“Nation state and industrial
sabotage, political maneuvering, espionage, and counterespionage have existed
as long as industry and nation-states have,” Lesley Carhart, an influential cyber war specialist, wrote in a mid-October blog post in which several
experts weighed in, called “Nation State Threat Attribution.”
“It’s nothing new,” she wrote.
“In some ways, it’s just gotten easier in the internet era."
No comments:
Post a Comment