Russia, Iran Targeted 2020 Election
3rd Party Risk Management
,
Critical Infrastructure Security
,
Cyberwarfare / Nation-State Attacks
Review Confirms Disinformation Campaigns, But No Signs Hackers Altered Vote Tallies
A pair of U.S. intelligence agency reports released Tuesday conclude that Russia and Iran attempted to interfere in the 2020 presidential election via disinformation campaigns. But they found no attempt by foreign hackers to directly manipulate vote tabulations or results.
See Also: Live Webinar | Mitigating the Risks Associated with Remote Work
The reports – one from the Office of the Director of National Intelligence and the other from the Department of Homeland Security – do note, however, that hackers from Russia, China and Iran cracked the security of networks associated with campaigns and candidates and accessed some data.
“We identified several incidents when Russian, Chinese and Iranian government-affiliated actors materially impacted the security of networks associated with or pertaining to U.S. political organizations, candidates and campaigns during 2020 federal elections,” according to the DHS report, which includes information from the Justice Department, FBI and Cybersecurity and Infrastructure Security Agency, or CISA, which has responsibility for securing national elections.
Might foreign disinformation campaigns have manipulated voters’ ultimate choice of presidential candidate? Both reports note that their purview is limited only to attempts to hack voting infrastructure. The DHS report, for example, states that its investigation “did not address the effect of foreign government activity on public perception or the behavior of any voters, nor did it address the impact of non-state foreign actors like cybercriminals.”
No Evidence of Vote Hacking
Despite the hacking and disinformation campaigns, the reports conclude that no vote tallies or ballots were directly manipulated.
“We – the Department of Justice, including the FBI, and Department of Homeland Security, including CISA – have no evidence that any foreign government-affiliated actor prevented voting, changed votes, or disrupted the ability to tally votes or to transmit election results in a timely manner; altered any technical aspect of the voting process; or otherwise compromised the integrity of voter registration information of any ballots cast during 2020 federal elections,” the DHS report concludes.
The reports also back the assertion by former CISA Director Christopher Krebs that the 2020 election was “the most secure in American history.” A few weeks after the vote, Krebs was fired by President Donald Trump (see: Fired CISA Director Refutes Election Fraud Allegations).
Austin Berglas, who was an assistant special agent in charge of cyber investigations at the FBI’s New York office and is now the global head of professional services at cybersecurity firm BlueVoyant, notes that while the report backs previous government statements about how nation-states may use cyber to interfere in elections, it’s now up to the government to takes steps to keep this from happening again.
“Although the findings in this report should be seen as a success, the United States government needs to take the lessons learned – from this and past elections – and continuously improve upon our national security, knowing that our adversaries are spending every waking hour trying to infiltrate our infrastructure and influence our way of life,” Berglas says.
Russia: ‘Influence Narratives’
The ODNI finds with “high confidence” that Russia tried to manipulate the outcome of the vote to produce the results that the leaders of that country wanted.
Specifically, Russia and President Vladimir Putin favored the candidacy of Trump, and hackers and others working on behalf of the government tried to “denigrate” then-candidate Joe Biden and the Democratic Party as well as undermine public confidence in the election process while stoking social and political differences among American citizens, according to ODNI.
“A key element of Moscow’s strategy this election cycle was its use of people linked to Russian intelligence to launder influence narratives including misleading or unsubstantiated allegations against President Biden through U.S. media organizations, U.S. officials, and prominent U.S. individuals, some of whom were close to former President Trump and his administration,” the report says.
Tom Kellermann, head of cybersecurity strategy for VMware and a member of the Cyber Investigations Advisory Board for the U.S. Secret Service, says that for Russia, “undermining the institutions of democracy via technology is the cornerstone of their strategy.”
In an interview with ABC News on Tuesday, Biden said that Putin would “pay a price” for interfering in U.S. elections.
Iran: ‘Influence Campaign’
Iran attempted to carry out its own “multi-pronged covert influence campaign,” according to ODNI. And while Iran and hackers associated with the country did not favor one candidate, the country’s leadership attempted to undermine Trump’s reelection, while also sowing doubts about democratic institutions and the election’s outcome (see: Election Interference: Feds Detail Iran’s Alleged Campaign).
“We assess that Supreme Leader Khamenei authorized the campaign and Iran’s military and intelligence services implemented it using overt and covert messages and cyber operations,” according to ODNI.
China: No Disinformation Seen
China decided it was not in the country’s best interest to attempt to either influence the election or manipulate votes to the extent that Iran and Russia tried, the ODNI report finds.
“China sought stability in its relationship with the United States, did not view either election outcome as being advantageous enough for China to risk getting caught meddling, and assessed its traditional influence tools – primarily targeted economic measures and lobbying – would be sufficient to meet its goal of shaping U.S.-China policy regardless of the winner,” the ODNI report finds.
While China did not push the envelope as much as Russia and Iran did, the ODNI report says that the Chinese government did take some steps to undermine Trump’s reelection bid. At one point, Google researchers also found that a Chinese hacking group attempted to phish the Biden campaign during the early stages of the campaign (see: Google: Phishing Attacks Targeted Trump, Biden Campaigns).
Debunked: Conspiracy Theories
The two intelligence investigations also found no evidence to support the conspiracy theories that developed after the election that insinuated that foreign countries or their proxies gained access to voting machines and attempted to change physical ballots and votes.
Specifically, the DHS report noted that it found no evidence to support a conspiracy theory that a group of countries – Venezuela, Cuba or China – attempted to manipulate the election infrastructure, including voting machines, to change tallies or results. And while investigators did look into these claims, the theories did not prove credible.
“We have no evidence – not through intelligence collection on the foreign actors themselves, not through physical security and cybersecurity monitoring of voting systems across the country, not through post-election audits, and not through any other means – that a foreign government or other actors compromised election infrastructure to manipulate election results,” the report finds.
On Twitter, Krebs, the former CISA director, noted the report found that his office was right in dismissing these conspiracy theories, even though some of former President Trump’s supporters found them credible.
And there it is – election machine rigging claims by supporters of #TheBigLie determined “not credible.” Source material: https://t.co/cZU8sGHSzP pic.twitter.com/uwzEDLSrLF
— Chris Krebs (@C_C_Krebs) March 16, 2021
The ODNI report does find that while countries such as Venezuela and Cuba, along with the militant Lebanese group Hezbollah, attempted to interfere in the election, these efforts were small compared to what Russia and Iran tried. Cybercriminals also attempted to manipulate election outcomes, but those efforts appear to have been more financially motivated than political.
Recommendations for the Future
The Department of Homeland Security report makes several cybersecurity and other recommendations for federal, state and local election officials to follow to ensure that other elections are conducted without interference from either domestic or nation-state hackers.
The recommendations focus on such essentials as:
- Cybersecurity: Federal, state and local election officials need to continue to practice basic cybersecurity practices, which includes using firewalls, patching equipment and deploying multifactor authentication. The report also recommends using physical backups, such as paper poll books, to ensure the integrity of the results.
- Supply chains: Election officials need to invest more in checking the security of supply chains and the vendors that supply hardware and software for elections. The report notes that recent supply chain attacks, such as the one that targeted SolarWinds, are now a growing concern.
- Intelligence sharing: Federal, state and local government agencies that are responsible for elections, along with political parties and campaigns, need to collaborate to share intelligence and other information in the run-up to elections.