Russia's 2018 hacking efforts are nowhere near what they were in 2016 -- yet
Posted August 21, 2018 1:38 p.m. EDT
(CNN) — On Monday night, Microsoft announced it had discovered that an operation with links to the Russian military was targeting conservative think tanks and the Senate with attempted spearfishing hacks. It's the latest evidence that Russia has not ceased its attempts to interfere in American elections following what the country considers a very successful effort during the 2016 campaign.
To get a better sense of the breadth of the Russian moves in 2018 -- and how they compare to what we saw in 2016 -- I reached out to Ronald Bushar, the vice president and government CTO at FireEye, a cybersecurity company based in the Washington, DC, area. Our conversation, conducted via email and lightly edited for flow, is below.
Cillizza: We've already seen multiple instances of attempted hacking into 2018 Senate campaigns. Is this the leading edge of a broader cyberwar effort between now and November 6?
Bushar: I think it's important to be precise here. While there have been multiple incidents of continued Russian information operations, such as those undertaken by the Internet Research Agency, we haven't seen the same type of hack and leak operations that were already going on by this point in 2016. In 2016, Russian operations were in full swing by June. (DCLeaks was established in June 2016 and intrusions into state election officials had started by June as well). Aside from the incident mentioned by Microsoft, which was against a Senate office rather than a campaign and could have had a traditional espionage motivation, we haven't seen any coordinated hack and leak operations. There is still a lot of time left before the elections, and we saw efforts in France take place at the 11th hour, [but] 2018 doesn't look like it's going to be a replay of 2016.
Cillizza: The attacks to date have largely failed. Why? And what should we learn from those failures (if anything)?
Bushar: I think that the awareness of this threat among political campaigns has increased, which will make it harder for adversaries. However, groups like APT28 have a lot of tools in their arsenal and will relentlessly pursue a high-priority target. This is pure speculation, but it could also be plausible that our adversaries are testing and probing for weakness in a less conspicuous way, while preparing for more aggressive cyber and information attacks in the much more consequential 2020 election cycle.
Cillizza: How much easier is it to break into the electronic world of a Senate campaign than a presidential campaign? Or is it?
Bushar: While campaigns with more resources can be better able to protection their networks, they also tend to have a bigger "attack surface" which can make things more difficult to defend. Resources are important, but so is an organization-wide commitment to security. It's also important to remember that one of the biggest leaks was from John Podesta's personal email, so it isn't just official campaign assets that are targeted and exploited. Private individuals, nonprofits, and other smaller organizations that are not necessarily aware of these sophisticated cyber threats or have the wherewithal to defend against them effectively are often used as either primary or secondary access points into the most valuable and sensitive data in campaigns.
Cillizza: Finish this sentence: "A year from now, the big story in the world of election interference will be _________." Now, explain.
Bushar: There are two potential answers here:
1. The big story was that there was no real story. This ends up being a very quiet election cycle from the perspective of either attempted or successful cyber-attacks against candidates, campaigns or election systems. The risk in this scenario is that we stop paying attention, and the adversaries take their time embedding into accounts and systems ahead of the 2020 elections, causing even more chaos and confusion in two years' time.
2. The big story was confirmation that at least one voting system (voting machine, vote tallying system, or voter registration system) was compromised by external actors. Even if the attack did not result in a change to the votes, or if the results were manually recounted and verified, the integrity of the election process in that jurisdiction (and anywhere else that particular vendor/system was being used), and the results of the election would be clouded in uncertainty and doubt for many months after the election. We may be discussing elected officials' lack of ability to govern effectively while court cases and public opinion of the results are constantly in the news.