Sunday, October 23, 2016

VLADIMIR PUTIN'S RUSSIA: WILL IT ROCK AMERICA'S VOTE?

Why some cyber analysts fear Kremlin hackers can destroy Americans' faith in elections.


A voter fills out his ballot at the North Park Mall in Oklahoma City, Oklahoma on March 1. REUTERS/NICK OXFORD

The presidential vote won’t be rigged, but it may well be rocked–and not just by Donald Trump’s repeated threat to dispute the results if he loses.

The Republican challenger has already benefitted from foreign hacking, persuasively attributed to Russia, of the private, and often embarrassing, emails of Hillary Clinton’s staff and the Democratic National Committee. Now, say numerous cyber analysts, Russian hackers have the ability, and perhaps motivation, to infiltrate the nation’s voting booths and deliver a stunning blow to Americans’ already wobbling belief in the integrity of the electoral process.


“You only need to mess it up a little bit, and as soon as people don't have faith in it, the whole system can start to crumble,” says Ryan Duff, a former U.S. Air Force cyber tactician now working on information security in the private realm. “You don't even need to sway it one way. You just have to make people think it could happen.”

What could also undermine voters’ faith in the system: Friday’s massive attack on servers that denied customers’ access to some of the world’s biggest Web sites, including Twitter, Reddit, Netflix, Amazon, Airbnb, the New York Times and others. White House Press Secretary Josh Earnest said officials couldn’t yet provide “any information about who may be responsible for this malicious activity.”  

Elections officials worried that Friday’s attacks could suppress voter turnout, especially in swing states. Barbara Simons, the co-author of Broken Ballots: Will Your Vote Count? and a member of the board of advisers to the Election Assistance Commission, told the New York Times that the hack was “a strong argument for why we should not allow voters to send their voted ballots over the internet.”

An increasing number of Americans are already disposed to thinking the election could be rigged, according to a mid-August poll by the Gallup organization. Only 62 percent of Americans “are confident that votes will be accurately cast and counted in the coming election,” Gallup said. The figure represented a falloff of between 11 and 13 percent since Barack Obama was first elected, when Republicans began pounding the fraud theme. The GOP’s propaganda campaign—baseless, in the view of independent analysts—gave Russian hackers an opportunity to further exploit voters’ doubts with surreptitious “influence operations.”

“The risk is not so much the hacking of the voting machines themselves, (which have decent if not great checks), but rather going after the broader climate that surrounds an election,” says Peter Singer, a strategist at the New America think tank and author of Wired for War: The Robotics Revolution and Conflict in the 21st Century. The larger goal is “to sow doubt and disarray,” he tells Newsweek. “Indeed,” he adds, even if the Kremlin hasn’t had a hand in some of the hacks, it can further its goals by using “social media outlets and RT [Russia Today, another arm of Kremlin propaganda] to spread false information and claims about it happening.” Voters might conclude, "Ah, this happened in this one county in Ohio, so the results are wrong” everywhere, he says. “This is where Trump's ‘rigged’ talk is so utterly dangerous, and where it also fits in exactly with the Putin playbook.”

To most observers, the Kremlin’s evident pilfering of Democratic files has had only one immediate beneficiary—Donald Trump (and before him, Bernie Sanders). In the likely case that Russian hackers have penetrated the Trump camp’s private communications as easily as they evidently did the Democrats’, a number of possibilities exist. Among them: either they’ve not made them available yet to Wikileaks or other outlets, or they’re holding them in reserve, in the unlikely event Trump is elected.

In mid-October, veteran “ethical hacker” Scot Terban posed “three scenarios” on how Russia could throw the elections into chaos: by manipulating voter counts, voter rolls and voting machines.

In the first scenario, “the voting machine have been tampered with electronically or code has been inserted” manually via a thumb drive to produce wildly unexpected outcomes. The result: “Trust in the election system is diminished,” Terban wrote. Candidates and the public demand recounts, delaying the outcomes for months and further decimating faith in the reliability of the machines.

In the second scenario, voters show up at the polls and find that their party registration or personal data has been surreptitiously changed. Republicans are listed as Democrats and vice-versa. Addresses are incorrect or missing. They can’t vote. “To date there are no systems that I am aware of that will email you when a change is made to your voting status,” Terban wrote, asking, “and how many people check before they go to the polls?” Messing with American voters in such a way is not unheard of, he adds. It’s “a common tactic that has been used in gerrymandering,” or quietly redrawing districts in a way that disqualifies certain voters on election day.

The third scenario for paralyzing the American vote was tested by Russia in Ukraine, Terban wrote, “by inserting malware/code into the election machines in 2014 that effectively “bricked,” or shut them down.  

“If such an attack code were placed and propagated within the American voting systems,” he continued, “the disruption would cause the election to be halted and emergency measures taken,” like issuing emergency paper ballots where possible. Facing lengthy delays and long lines, most voters would walk away, he expects. “Trust in the electronic system would be degraded or destroyed.”

All these scenarios are guesses (or “thought experiments”) he admits. But the Kremlin has demonstrated a propensity for “information war,” or informatsionnaya voyna, from the earliest days of the 1917 Bolshevik Revolution, when it spread false rumors and created phony front groups to keep its adversaries off balance. The practice fell off after the collapse of the Soviet Union in 1991. But Vladimir Putin, a career KGB officer, rejuvenated the effort after an internal review found “deficiencies” in Russia’s 2008 invasion of Georgia. “We surrendered this terrain some time ago,” he was quoted as saying, “but now we are entering the game again.” Soon after, the Kremlin embraced the concept of a new warrior class to wage “a global information war.”

“The objective is... certainly, to create centres which would envisage so-called hacker attacks on enemy territory,” Igor Panarin, a leading Russian military authority, wrote in 2008, according to the U.K.-based Conflict Studies Center at Oxford University. The object would be to identify “critically important information entities of the enemy, including how to eliminate them physically, and how to conduct electronic warfare, psychological warfare, systemic counter propaganda, and net operations to include hacker training.”

Which makes the Kremlin effort no different than Washington’s array of cyber warriors who, in concert with Israel’s, reportedly disabled Iran’s nuclear centrifuges with the now notorious Stuxnet virus in mid-2010.  (“There has been no technical attribution, even to this day,” Ryan Duff notes.) But no confirmed reports of U.S. cyber-meddling in foreign elections have arisen, despite Putin’s claims of American interference in the 2012 Russian presidential election. Long before the internet, however, both the U.S. and Soviet Union covertly interfered in foreign elections around the world to promote their Cold War objectives.

The emphasis here is on covert: the stealthy hands of the CIA and KGB were supposed to stay hidden. But according to both Obama administration officials and independent cyber-sleuths, those who allegedly hacked the DNC and Clinton’s staff left electronic droppings that were traced back to Moscow.

On Thursday, Director of National Intelligence James Clapper repeated the administration’s October 7 statement that “recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the U.S. election process.”

Clapper told Defense One that the U.S. had “sufficient evidence, both forensic and otherwise, to reach the conclusion,” but refused to specify the names and addresses of Russian perpetrators in the same manner Washington had “named and shamed” Chinese hackers who broke into the Office of Personnel management’s files. Critics complain that the evidence is far from concrete, and that hackers using the NSA’s own stolen tools might have left tracks to deliberately implicate Moscow. But Clapper was firm. “I don’t think I need to say anything more about it, other than the fact the statement speaks for itself,” he said. “It was mainly addressed to the American electorate, not to any foreign nation-state.”

Meanwhile, U.S. elections, administered by state, county and local officials, have no national security standard to protect against intrusions, leaving many open to manipulation, security analysts complain.

Tyler Cohen Wood, a former Defense Intelligence Agency cyber deputy division chief, calls the lack of unified standards “a national security problem,” and proposed that the Department of Homeland Security be given the authority to establish and oversee new federal ones.

In September, Republican Representative Hank Johnson of Georgia introduced a bill that would require DHS to designate voting systems as critical infrastructure and  “limit the purchase of any new voting systems” to those that use “durable voter-verified paper ballots.” Such legislation has a slim chance of gaining traction, however, given the electorate’s anti-Washington mood and complaints about the performance of DHS—which oversees entities such as the much criticized Transportation Security Agency.

A one-system-fits-all national voting system might even make it easier for hackers to throw the whole process into chaos, Wood concedes. “It could, it most certainly could,” she tells Newsweek, but at present, “some states are much more vulnerable than others, and standardization could help prevent a compromise.”

With only days before the November 8 vote, many officials hear the Russian bear thrashing around in the Internet woods and wonder where and when it will attack again. The Obama administration, meanwhile, has vowed a “proportional” response to previous Russian hacks, raising the prospect of a first world cyber war.

To some, however, this new theater of combat is not much different from the Greeks’ deployment of a legendary wooden horse to gain entrance to Troy.  

“Nation state and industrial sabotage, political maneuvering, espionage, and counterespionage have existed as long as industry and nation-states have,” Lesley Carhart, an influential cyber war specialist, wrote in a mid-October blog post in which several experts weighed in, called “Nation State Threat Attribution.”

“It’s nothing new,” she wrote. “In some ways, it’s just gotten easier in the internet era."

No comments:

Post a Comment