Russia and Iran are ramping up attacks on U.S. government networks and computer systems while also amplifying their disinformation campaigns, hoping to rattle the confidence of American voters with less than two weeks until the Nov. 3 presidential election.
The warning Thursday from U.S. intelligence and election security officials came less than 24 hours after the director of national intelligence blamed Iran for launching the first sensational attack on the upcoming election, accusing Tehran of being behind thousands of spoofed emails designed to intimidate voters.
Thursday’s advisories from the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency suggested that the emails, as well as the ability of Russia and Iran to access voter registration information, were just the start of a larger campaign to undermine the U.S. elections.
According to the FBI and CISA, the attacks from Russia began in September, targeting dozens of state and local government networks involved in activities ranging from aviation to education.
The Russian cyber actor known as Beserk Bear "successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers," the advisories said.
The attackers also managed to obtain credentials that could allow them to move around in the networks, seeking out critical information that they could exploit at a later date, potentially to disrupt the upcoming presidential election.
"There may be some risk to elections information housed on SLTT [state, local, tribal and territorial] government networks,” the statement added. "However, the FBI and CISA have no evidence to date that integrity of elections data has been compromised."
Officials refused to share additional details about the Russian exploits, or say which government servers had been compromised, but the independent cyber security firm Mandiant said the Russian behavior appeared to be geared toward the Nov. 3 vote.
"Access to these systems could enable disruption or could be an end in itself, allowing the actor to seize on perceptions of election insecurity and undermine the democratic process,” Mandiant Senior Director of Analysis John Hultquist said in a statement.
Hultquist added that while there had been at least one attack on an election-related target, “we have no information which suggests these actors are capable or even willing to alter votes."
But while the Russian cyber actors appear content, for the moment, to threaten U.S. election-related networks, the FBI and CISA warned Thursday that Iranian-linked actors appear to be in position to exploit current network vulnerabilities.
“These actors have conducted a significant number of intrusions against U.S.-based networks since August 2019,” according to the new advisory, pointing to possible distributed denial of service (DDos) attacks, spear-phishing campaigns and website defacements.
“These activities could render these systems temporarily inaccessible to the public or election officials, which could slow, but would not prevent, voting or the reporting of results,” the advisories said.
It further warned that Iranian cyber actors have also been expanding their election-related disinformation efforts, “creating fictitious media sites and spoofing legitimate media sites to spread obtained U.S. voter-registration data, anti-American propaganda, and misinformation about voter suppression, voter fraud, and ballot fraud.”
The warnings from U.S. security and intelligence officials represent a shift from the cautious, but seemingly more optimistic tone they sounded as recently as last month.
"Russia continues to try to influence our elections, primarily through what we would call malign foreign influence … as opposed to what we saw in 2016 where there was also an effort to target election infrastructure," FBI Director Christopher Wray told lawmakers on the House Homeland Security Committee Sept. 17.
#Election2020-"#Russia continues to try to influence our elections, primarily thru what we would call malign foreign influence" per @FBI's Wray "As opposed to what we saw in 2016 where there was also an effort to target election infrastructure"
— Jeff Seldin (@jseldin) September 17, 2020
But in an interview with Hearst Television two weeks ago, the top U.S. counterintelligence official suggested the threat landscape was changing, saying Russia, Iran and China were actively targeting U.S. election infrastructure.
"We are very resilient, and we've been very successful in pushing back the majority of these efforts," National Counterintelligence and Security Center William Evanina said.
Evanina confirms to Hearst #Russia#China#Iran have actively targeted US election infrastructure, emails/servers for both the @realDonaldTrump & @JoeBiden campaigns
"We are very resilient & we've been very successful in pushing back the majority of these efforts"
— Jeff Seldin (@jseldin) October 8, 2020
In the wake of the Iranian email campaign, officials are warning American voters these campaigns by Russia and Iran, are just the start.
“The intelligence shared [Wednesday], while alarming, is not surprising,” CISA Director Christopher Krebs said in a statement, adding that the number of actors seeking to meddle is likely to grow.
"These are desperate attempts by our adversaries to intimidate or to undermine voter confidence, but Americans can rest assured: thousands of your fellow citizens stand ready to defend your vote, every single day" per @NSAGov's Imbordino & @US_CYBERCOM's BrigGen Hartman
— Jeff Seldin (@jseldin) October 22, 2020
In the meantime, some current and former U.S. officials have expressed a sense of foreboding, noting Russia and Iran may not be done making use of the voter registration data they obtained, and which Iran used in its email campaign.
“The reported Iranian acquisition of voter data should be a cause for concern,” said Norman Roule, a former senior U.S. intelligence official, who said Tehran’s efforts show its cyber and influence operations have evolved.
“Whether or not this data was publicly available, its acquisition by Iranian actors engaged in these operations indicates that the material will form the basis for future targeting operations,” he said. “If our response becomes an internal debate with little focus on Iran, they will learn that these operations come at little cost.”
Another current U.S. official, speaking on the condition of anonymity given the sensitivity of the matter, told VOA there is heightened concern about Tehran’s efforts, warning the Iranian regime appears to still be looking for payback following the drone strike in January that killed Quds Force Commander Qassem Soleimani.
For now, state election officials are urging voters to remain calm and avoid falling for upsetting or sensational claims likely to pop up on social media, whether director by Iran, Russia or anyone else.
“Be prepared for foreign efforts aimed at sowing division and undermining the legitimacy of the election,” a coalition of national and state officials said in a statement issued late Thursday. “Be prepared for attempts to confuse or misinform.”
“The entire election community stands ready for the task ahead,” they added.
NEW: @CISAgov@EACgov@NASSorg@NASEDorg on attacks vs #Election2020
"We must remain steadfast…While this year has thrown unprecedented obstacles in our way, the entire election community stands ready for the task ahead & united in our goal to protect our democracy" pic.twitter.com/Go3imyxLgl
— Jeff Seldin (@jseldin) October 22, 2020
Some experts worry that as Election Day draws near, American voters will be tested like never before.
“The really tricky problem is that we're all in a laboratory right now and we're being experimented on by different parties,” said John Scott-Railston, a senior researcher at The Citizen Lab at the University of Toronto's Munk School.
"We don't know what the results will be. They [U.S. adversaries] don't know what the results will be. But they're very much learning,” he said.