Advertisement

SKIP ADVERTISEMENT

Russia Poses Greater Election Threat Than Iran, Many U.S. Officials Say

Russia’s hackers appeared to be preparing to sow chaos amid any uncertainty around election results, officials said.

Election workers in St. Petersburg, Fla., on Monday. Intelligence officials have expressed concern about Russian efforts to sow chaos around American election results.Credit...Eve Edelheit for The New York Times

WASHINGTON — While senior Trump administration officials said this week that Iran has been actively interfering in the presidential election, many intelligence officials said they remained far more concerned about Russia, which in recent days has hacked into state and local computer networks in breaches that could allow Moscow broader access to American voting infrastructure.

The discovery of the hacks came as American intelligence agencies, infiltrating Russian networks themselves, have pieced together details of what they believe are Russia’s plans to interfere in the presidential race in its final days or immediately after the election on Nov. 3. Officials did not make clear what Russia planned to do, but they said its operations would be intended to help President Trump, potentially by exacerbating disputes around the results, especially if the race is too close to call.

F.B.I. and Homeland Security officials also announced on Thursday that Russia’s state hackers had targeted dozens of state and local governments and aviation networks starting in September. They stole data from the computer servers of at least two unidentified targets and continued to crawl through some of the affected networks, the agencies said. Other officials said that the targets included some voting-related systems, and that they may have been collateral damage in the attacks.

So far, there is no evidence that the Russians have changed any vote tallies or voter registration information, officials said. They added that the Russian-backed hackers had penetrated the computer networks without taking further action, as they did in 2016.

But American officials expect that if the presidential race is not called on election night, Russian groups could use their knowledge of the local computer systems to deface websites, release nonpublic information or take similar steps that could sow chaos and doubts about the integrity of the results, according to officials briefed on the intelligence. Such steps could fuel Mr. Trump’s unsubstantiated claims that the vote is “rigged” and that he can be defeated only if his opponents cheat.

Some U.S. intelligence officials view Russia’s intentions as more significant than the announcement on Wednesday night by the director of national intelligence, John Ratcliffe, that Iran has been involved in the spread of faked, threatening emails, which were made to appear as if they came from the Proud Boys, a right-wing extremist group.

The Treasury Department on Thursday announced sanctions against Iraj Masjedi, a former general in Iran’s Revolutionary Guard Corps and the country’s ambassador to Iraq. The department said General Masjedi had overseen training of pro-Iranian militia groups in Iraq and directed groups responsible for killing American forces there.

Officials briefed on the intelligence said that Mr. Ratcliffe had accurately summarized the preliminary conclusion about Iran. But Tehran’s hackers may have accomplished that mission simply by assembling public information and then routing the threatening emails through Estonia, Saudi Arabia and other countries to hide their tracks. One official compared the Iranian action to playing single A baseball, while the Russians are major leaguers.

Nonetheless, the Iranian and the Russian activity could pave the way for so-called perception hacks, which are intended to leave the impression that foreign powers have greater access to the voting system than they really do. Federal officials have warned for months that small breaches could be exaggerated to prompt inaccurate charges of widespread voter fraud.

Officials say Russia’s ability to change vote tallies nationwide would be difficult, given how disparate American elections are. The graver concern is the potential effect of any attack on a few key precincts in battleground states.

Russian hackers recently obtained access “in a couple limited cases, to election jurisdiction, an election-related network,” Christopher C. Krebs, the director of the Cybersecurity and Infrastructure Security Agency, said on Thursday. But he was careful to note that the breaches had “nothing to do with the casting and counting” of votes.

The hackers, believed to be operating at the behest of Russia’s Federal Security Service, the F.S.B. — the successor agency to the Soviet-era K.G.B. — infiltrated dozens of state and local computer networks in recent weeks, according to officials and researchers. But Mr. Krebs said the attacks appeared to be “opportunistic” in nature, a scattershot break-in of vulnerable systems rather than an attempt to zero in on key battleground states.

But officials were alarmed by the combination of the targets, the timing — the attacks began less than two months ago — and the adversary, which is known for burrowing inside the supply chain of critical infrastructure that Russia may want to take down in the future.

The officials fear that Russia could change, delete or freeze voter registration or pollbook data, making it harder for voters to cast ballots, invalidating mail-in ballots or creating enough uncertainty to undermine results.

“It’s reasonable to assume any attempt at the election systems could be for the same purpose,” said John Hultquist, the director of threat analysis at FireEye, a security firm that has been tracking the Russian group’s foray into state and local systems. “This could be the reconnaissance for disruptive activity.”

Mr. Krebs said so far Russia was not as active as Iran, and its targeting was imprecise. “They’re broadly looking to scan for vulnerabilities, and they’re working opportunistically,” he said.

Current and former officials said there was little doubt that Russia remained a greater threat and questioned why the focus was on Iran on Wednesday night, though they acknowledged that Tehran’s interference was real and troubling.

Administration officials said the news conference reflected the urgency of the intelligence about Iran. But some saw politics at play: Mr. Ratcliffe’s focus on Iran would potentially benefit Mr. Trump politically.

“It is concerning to me that the administration is willing to talk about what the Iranians are doing — supposedly to hurt Trump — than what the Russians are likely doing to help him,” said Jeh C. Johnson, a former secretary of homeland security in the Obama administration. “If the Russians have in fact breached voter registration data, then the American people deserve to know from their government what it believes the Russians are doing with that data.”

A senior official briefed on the intelligence said American spy agencies had been tracking the Iranian group responsible for the spoofed emails for some time. As a result, the government was able to quickly debunk the falsified Proud Boys emails and identify Iran as the culprit.

Iran’s hackers appear to have scanned or penetrated some state and local networks, government officials said on Thursday. But security experts said the Proud Boys email campaign that the government attributed to Iran did not appear to be based on hacked materials and instead relied on publicly available information that Florida officials regularly distribute.

“This was an email sent from a nonexistent domain using publicly available information,” said Kevin O’Brien, the chief executive of GreatHorn, a cybersecurity firm. “There was no hack here. Your name, your party affiliation, your address and email address are all, generally speaking, public information.”

Mr. O’Brien said the information presented publicly had not persuaded him that Iran was culpable.

Speaker Nancy Pelosi also voiced skepticism of Mr. Ratcliffe’s announcement. “Russia is the villain here,” she said before a briefing from intelligence officials. “From what we have seen in the public domain, Iran is a bad actor, but in no way equivalent.”

So far, the F.S.B.’s hackers have not focused on swing states, where a hack that affects digital disenfranchisement could have maximum effect; they have taken a scattershot approach instead, hitting systems in multiple states, including some battlegrounds. Experts said they might be just testing to see where they could get in, like a thief trying every doorknob in the neighborhood.

“My concern is not that they are pinpointing individual races but are gaining access where they can for some disruption down the road,” Mr. Hultquist said.

The threat is similar to the one that officials have highlighted from ransomware attacks, which hold data hostage until victims pay to have access restored. Likewise, officials and researchers believe the Russian attacks would not necessarily change vote tallies but could make voter data inaccessible, or delete or change voters’ registration data, to disenfranchise voters or cause the kind of confusion and delays that would undermine American confidence in the election.

In recent years, Homeland Security officials have made a concerted effort to secure voter registration systems and to ensure that election officials have paper copies of voter information in case of disruptions.

But they have further to go. In Gainesville, Ga., this week, a ransomware attack held city systems hostage, including an online map with polling locations and the database used to verify voters’ signatures on mail-in ballots.

Officials and experts believe the greatest defense against a coordinated cyberattack on the election is not so much how secure these voting system are but how disparate.

“You can’t just ‘hit the election’,” said Eric Chien, a cybersecurity director at Symantec, now part of Broadcom, which was among the first to detail the Stuxnet attacks by the United States and Israel on Iran’s nuclear program a decade ago. “The soft targets are really the state and local election committees, local websites that provide information about polling places and hold voter registration data.”

Alan Rappeport and Zolan Kanno-Youngs contributed reporting.

Julian E. Barnes is a national security reporter based in Washington, covering the intelligence agencies. Before joining The Times in 2018, he wrote about security matters for The Wall Street Journal. More about Julian E. Barnes

Nicole Perlroth is a cybersecurity reporter. Her first book, “This Is How They Tell Me The World Ends,” about the global cyber arms race, will publish in February 2021. More about Nicole Perlroth

David E. Sanger is a national security correspondent. In a 36-year reporting career for The Times, he has been on three teams that have won Pulitzer Prizes, most recently in 2017 for international reporting. His newest book is “The Perfect Weapon: War, Sabotage and Fear in the Cyber Age.” More about David E. Sanger

A version of this article appears in print on  , Section A, Page 1 of the New York edition with the headline: Breaches by Russians Pointing To Election Threat, Officials Say. Order Reprints | Today’s Paper | Subscribe

Advertisement

SKIP ADVERTISEMENT