Protect Our Elections has been very involved in issues surrounding cyber attacks by Russia to interfere with our elections, and have worked extensively with cyber experts in here and abroad on measures that can be employed to counter Russian malign influence. Since March of 2016, we have also provided significant information about this to the Department of Justice.
Over the past several months, we have met with a broad swath of people from many countries who have been fighting Russian cyber attacks here and abroad, including white hat hackers, CEOs of cyber security companies, activists and independent media leaders. They are all in agreement that Russia has used Ukraine as a test bed for its malign operations in Europe and the United States, and that it will double down on the U.S. midterm election in order to support the Republican Party and wreak havoc across the country.
Russian Targets For The 2018 Midterm Elections
The Russian plans are sophisticated and demonstrate a deep understanding of the U.S. political system and what is at stake in this election. The campaign will be widespread and involve not only House and Senate races, but also Governors’ races. In fact, Russia is “obsessed” with the Florida governor’s race between Andrew Gillum and Ron DeSantis, apparently because Russia believes that a win by Gillum will result in new state criminal investigations of Donald Trump’s real estate holdings and business activities in Florida, some of which involve prominent Russians. For this reason, Russia has spent considerable time and resources working to get a strong foothold in Florida election systems through phishing operations, hacking, voter database infiltration and brute force intrusions. The Russians have or will attempt to steal information from candidates, election officials and county and state Democratic parties and their staff in order to doctor, weaponize and leak that information to influence the election and reduce voter confidence in the results. They will engage in propaganda focused on race, immigration and crime.
The Russian campaign will also use similar techniques to target other Governors’ races in the hope of having an impact, including so-called safe races such as California and Michigan. Russia also has an oversized interest in the Wisconsin Governor’s race, and will make a strong influence attempt there.
The prime focus of the Russia campaign will be on U.S. Senate races in order to maintain GOP control of that chamber. The list of Senate Democrats Russia has prioritized targeting is as follows: Nelson, McCaskill, Donnelly, Heitkamp, Manchin, Brown, Baldwin, Stabenow, Smith, Tester, Casey, O’Rourke and Medendez. The campaign will target email accounts of staffers and election committees in the hope of finding damaging information. Voter databases in the respective states will be probed for infiltration to alter, delete and/or manipulate voter registration information. Information warfare will be waged in these races in order to undermine confidence in these candidates.
There will be similar attacks on many House races but they will strongly focus on supporting key Republican House Members, including Nunes, Rohrabacher, Jordan, Goodlatte, Meadows and Gohmert.
Propaganda and Proxies
Due to scrutiny of and changes at Facebook, Twitter and other social media platforms, Russia is planning to spread propaganda and disinformation using workarounds involving proxies in other countries, including the United States, North Korea and Israel, as well as operatives in several Balkan countries. Russia is actively seeking Americans and others masquerading as Americans to flood the U.S. with fake news to pit voters against candidates and sow discord. For example, sites such as www.conservativezone.com and www.patrioticviralnews.com, originating from Florida, and www.USAreally.com are Russian front operations already disseminating fake news in order to promote division, anger, alienation, identity politics and culture wars as part of an information warfare campaign.
Moreover, Russia is working with the Israeli firm “Black Cube” to engage in psy-ops during the upcoming election. Black Cube is considered a GOP echo chamber that has been involved in illegal activities in a number of countries, including spying, hacking and election manipulation. Black Cube is affiliated with Cambridge Analytica and was exposed in March 2018 by a Cambridge whistleblower as having rigged an African election. https://www.haaretz.com/world-news/europe/cambridge-analytica-whistleblower-discloses-ties-toisrael-s-black-cube-1.5955200
Employees of Black Cube have been arrested and/or sued in a number of countries. Its name is a play on “black ops and Rubik’s Cube” to reflect how the company uses covert means to obfuscate its operations.
The infamous Internet Research Agency has spread its tentacles and intends to continue to disseminate disinformation along with a new twist — pushing out fake news to powerful Russia-friendly and Russia controlled social media sites such as Fox News, Sputnik, RT, Breitbart, and TASS, as well as smaller alt-right sites such as Gateway Pundit and Wikileaks. Its strategy is to release disinformation through these sites in the hope that the mainstream media will pick it up and amplify it through their own media outlets and social media accounts. Russia is also surreptitiously paying reporters to write stories to reflect its worldview. The focus of these articles will be tagged to the following words: Race, Immigration, Impeachment, Coup, Witch Hunt, Soros, Hillary, Fear, Mueller, Comey, Cops, Black Panthers, Guns, Migrants, Migrant Wave, Rape, Civil War, Pelosi, Socialism, and other politically motivating words.
Chaos On Election Day From A Major Cyber Attack
Ukraine cyber officials have had a great deal of experience dealing with very aggressive Russian cyber attacks such as those that have taken down the Central Election Commission and the electric grids in major cities. We believe that a massive 2017 Russian cyber attack against Ukraine could be a test for what Russia might do on Election Day here to wreak havoc and fear, and keep voters away from the polls.
During that attack the radiation monitoring system at Ukraine’s Chernobyl Nuclear Power Plant went offline. Several Ukrainian ministries, banks, metro systems and state-owned enterprises (Boryspil International Airport, Ukrtelecom, Ukrposhta, State Savings Bank of Ukraine, Ukrainian Railways) were affected. In the infected computers, important computer files were overwritten and thus permanently damaged, despite the malware’s displayed message to the user indicating that all files could be recovered “safely and easily” by meeting the attackers’ demands and making the requested payment in Bitcoin currency.
The attack has been seen to be more likely aimed at crippling the Ukrainian state rather than for monetary reasons. The attack came on the eve of the Ukrainian public holiday, Constitution Day (celebrating the anniversary of the approval by the Verkhovna Rada (Ukraine’s parliament) of the Constitution of Ukraine on 28 June 1996). Most government offices would be empty, allowing the cyberattack to spread without interference. In addition, some security experts saw the ransomware engage in wiping the affected hard drives rather than encrypting them, which would be a further disaster for companies affected by this https://en.wikipedia.org/wiki/2017_cyberattacks_on_Ukraine
There is a very real possibility that a powerful cyber attack on Election Day here could cripple major cities and affect the ability of people to vote. If, as in Ukraine, banks, metros, power companies and government computers were rendered useless, citizens would be unable to get to the polls or cast their votes on electronic voting machines. If, for example, this occurred in a major city in Florida where past elections have been very close, the result could easily be affected.
This is not hypothetical. In March of 2018, Baltimore and Atlanta were hit with major Russian cyber attacks that severely affected their government computer system. https://www.cybertalk.org/2018/03/29/atlantas-ransomware-attack-baltimores-911-system-gets-hit/
The U.S. Government recently imposed sanctions against Russia for an attack on the U.S. power grid. https://www.npr.org/2018/03/16/594371939/u-s-accuses-russia-of-cyberattacks-on-energy-infrastructure
Earlier this year, hackers shut down the San Francisco metro system by cutting off its ability to accept funds. https://www.wired.com/2016/11/sfs-transit-hack-couldve-way-worse-cities-must-prepare/
We believe that Russia will attack the United States on Election Day unless measures are taken to thwart such an attack. The odds of these attacks will rise according to the odds that Russia backed candidates will lose their elections.
Suggested Actions To Counter Russian Malign Influence
Thus far, Russia has not been deterred by sanctions because “sanctions are simply a cost of doing business.” Therefore, the price Russia pays for engaging in a cyber war against the United States must be overwhelming. Here are a number of actions the United States Government should do to counter Russian malign influence.
1. Experts agree that Russian operatives, oligarchs and agents are terrified of being criminally indicted by the United States. Not only does this leave them landlocked and paranoid if not arrested, but it also severely affects their ability to make money and maintain credibility. Therefore, our government should issue indictments against every Russian involved in criminal cyber attacks against the United States.
2. Russia “did not act alone” in its 2016 campaign, but few Americans have been indicted for assisting in that malign campaign. Accordingly, issuing indictments against those who conspired with the Russians would have a profound deterrent effect on those who might think of doing so in the 2018 election, including Cambridge Analytica, Wikileaks, Robert and Rebekah Mercer, Steve Bannon, Brad Parscale, Roger Stone, Carter Page, Donald Trump Jr., and others.
3. Russia has been able to act with impunity because the United States has not shown that it will respond in kind. Therefore, the United States must publicly and privately warn the Russian government that any attacks will be met with a quick and powerful response, both cyber and financial.
4. Ukraine has shuttered dozens of Russian social and mainstream media outlets for spewing Russian propaganda there. We need to act accordingly by advising the Russian Government that both Sputnik and RT will be shuttered in the United States if they engage in any promotion of disinformation and fake news intended to affect public opinion or the election.
5. Similarly, the United States should warn Russia that any act to interfere with the election through attacks on the electric grid, transportation system or any other governmental operation will be considered an act of war that will result in a crushing response.
6. Many states, candidates and parties are so involved in their elections that they are oblivious to the threat posed by Russian malign influence. Therefore, the FBI and other Government agencies must warn them, especially those named in this letter, that they have been targeted, along with a list of actions they can take to protect themselves. These include, conducting a complete security review of their digital systems now and immediately before the election; completely walling off critical election systems from the Internet; ensuring that a paper backup exists of voter rolls, votes on Election Day, and other critical election-related materials; using two-party authentication of important login information; and, educating officials and employees about harmful phishing tactics and malware exploits that can be used to steal and destroy data.
7. Russian cyber actors are able to succeed because Internet Service Providers are not properly policing them. Therefore, the U.S. Government must coordinate with ISPs to restrict the bandwidth of malicious traffic emanating from Russia. Constricting the bandwidth will cause all network operators to police their own outbound traffic and curtail the ability of Russia to use the Internet against us. Most “Acceptable Use Policies” already give the ISPs the authority to restrict the service for sources of malicious traffic so this would not require any new legislation or impinge on a user’s rights.
The United States government needs to prepare for a smart, strategic and effective Russian attack on the 2018 election that will include both conventional and unconventional cyber attacks, including those on voter databases and possible disruption of electricity and voter access, such as metro and bus service. Armed with the knowledge we have outlined in this letter, the U.S. government can limit the damage from the Russian campaign.
However, the government alone cannot fight this existential threat to our country. So we are calling on all cyber security firms, white hat hackers, elections officials, media organizations and ordinary citizens to join us in this fight to protect our elections. Everyone can play a part. America got played in 2016, and we cannot let that happen again.
Please help us with a donation to Protect Our Elections.