Election workers in St. Petersburg, Florida. Intelligence officials have expressed concern about Russian efforts to sow chaos around American election results. Photo / Eve Edelheit, The New York Times
Russia's hackers appeared to be preparing to sow chaos amid any uncertainty around election results, officials said.
While senior Trump administration officials said this week that Iran has been actively interfering in the presidential election, many intelligence officials said they remained far more concerned about Russia, which in recent dayshas hacked into state and local computer networks in breaches that could allow Moscow broader access to US voting infrastructure.
The discovery of the hacks came as US intelligence agencies, infiltrating Russian networks themselves, have pieced together details of what they believe are Russia's plans to interfere in the presidential race in its final days or immediately after the election November 3. Officials did not make clear what Russia planned to do, but they said its operations would be intended to help President Donald Trump, potentially by exacerbating disputes around the results, especially if the race is too close to call.
There is no evidence that the Russians have changed any vote tallies or voter registration information, officials said. They added that the Russian-backed hackers had penetrated the computer networks without taking further action, as they did in 2016. But U.S. officials expect that if the presidential race is not called on election night, Russian groups could use their knowledge of the local computer systems to deface websites, release nonpublic information or take similar steps that could sow chaos and doubts about the integrity of the results, according to US officials briefed on the intelligence.
Some US intelligence officials view Russia's intentions as more significant than the announcement Wednesday night by the director of national intelligence, John Ratcliffe, that Iran has been involved in the spreading of faked, threatening emails, which were made to appear as if they came from the Proud Boys, a right-wing extremist group.
Officials briefed on the intelligence said that Ratcliffe had accurately summarised the preliminary conclusion about Iran. But Iran's hackers may have accomplished that mission simply by assembling public information and then routing the threatening emails through Saudi Arabia, Estonia and other countries to hide their tracks. One official compared the Iranian action as single A baseball, while the Russians are major leaguers.
Nonetheless, both the Iranian and the Russian activity could pave the way for "perception hacks," which are intended to leave the impression that foreign powers have greater access to the voting system than they really do. Federal officials have warned for months that small breaches could be exaggerated to prompt inaccurate charges of widespread voter fraud.
Officials say Russia's ability to change vote tallies nationwide is limited.
A hacking group believed to be operating at the behest of Russia's Federal Security Service, the FSB — the successor agency to the Soviet-era KGB — has infiltrated multiple state and local computer networks in recent weeks, according to officials and researchers. The group, known to private researchers as Energetic Bear or Dragonfly, has hacked into US nuclear, water and power plants and airports before. While it has stopped short of shutting them down, the group is considered to be among Russia's most formidable.
The Russian hackers were able to get inside some election administrators' systems and had access to voting information. What alarmed officials was the targets, the timing — the attacks began two months ago — and the adversary, which is known for burrowing inside the supply chain of critical infrastructure that Russia may want to take down in the future. The officials fear that Russia could change, delete or freeze voter data, making it harder for voters to cast ballots, invalidating mail-in ballots or creating enough uncertainty to undermine election results.
"It's reasonable to assume any attempt at the election systems could be for the same purpose," said John Hultquist, director of threat analysis at FireEye, a security firm that has been tracking the Russian group's foray into state and local systems. "This could be the reconnaissance for disruptive activity."
The threat of Iranian interference, officials said, was real and troubling. But other current and former officials said there was little doubt that Russia remained a greater threat and questioned why the focus was on Iran on Wednesday.
Administration officials said the news conference reflected the urgency of the intelligence about Iran. But some saw politics at play. Ratcliffe's focus on the intelligence about Iran would potentially benefit Trump politically.
"It is concerning to me that the administration is willing to talk about what the Iranians are doing — supposedly to hurt Trump — than what the Russians are likely doing to help him," said Jeh Johnson, the former secretary of homeland security in the Obama administration. "If the Russians have in fact breached voter registration data, then the American people deserve to know from their government what it believes the Russians are doing with that data."
A senior official briefed on the intelligence said US spy agencies have been tracking the Iranian group responsible for the spoofed emails for some time. As a result, the government was able to quickly debunk the falsified Proud Boys emails and identify Iran as responsible.
Iran's hackers appear to have scanned or penetrated some state and local networks, government officials said Thursday. But security experts said the Proud Boys email campaign that the government attributed to Iran did not appear to be based on hacked materials and instead relied on publicly available information that Florida officials regularly distribute.
"This was an email sent from a nonexistent domain using publicly available information," said Kevin O'Brien, chief executive of GreatHorn, a cybersecurity firm. "There was no hack here. Your name, your party affiliation, your address and email address are all, generally speaking, public information."
O'Brien said the information presented publicly had not persuaded him that Iran was culpable.