Special counsel Robert Mueller’s long-awaited report hammered home a crucial reminder Thursday: The Kremlin mounted a massive online campaign to wreak havoc on U.S. democracy in 2016.
It also underscored the urgency of fixing the nation’s election security gaps before 2020 — a task that state and local governments have been slow to take on.
"The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion," Mueller wrote in the 448-page document, which lays out new details about a Kremlin-backed plot that compromised Democrats’ computer networks and targeted state and local election offices. Mueller wrote that investigators also found evidence of repeated communications — but not "coordination" — between associates of then-candidate Donald Trump and people claiming to have damaging information on Hillary Clinton.
"Although the investigation established that the Russian government perceived it would benefit from a Trump presidency and worked to secure that outcome, and that the Campaign expected it would benefit electorally from information stolen and released through Russian efforts, the investigation did not establish that members of the Trump Campaign conspired or coordinated with the Russian government in its election interference activities," Mueller wrote.
The report discloses that the FBI believes Russian hackers succeeded in breaching "at least one” Florida county government by sending malicious emails to local election officials, although Mueller’s team “did not independent verify that belief." That detail echoes a cryptic statement last August from then-Democratic Florida Sen. Bill Nelson, who faced criticism for saying, without evidence, that Russians had accessed his state’s voter data.
Investigators found that Russian hackers compromised 29 computers at the DCCC and stole more than 70 gigabytes of files from the group’s shared file server. They also hacked more than 30 Democratic National Committee computers in less than two months and stole approximately 300 gigabytes from a DNC cloud-based service.
The report says one attack — the first attempt by Russia’s military intelligence service to compromise Clinton’s personal office — came within about five hours of Trump publicly asking "Russia, if you’re listening," to find 30,000 emails that had been deleted from the former secretary of state’s infamous personal email server.
Most of the evidence of the Kremlin’s efforts has already surfaced in the indictments Mueller secured against Russian hackers and social media trolls. Those charges, which accused a total of 25 Russian operatives of hacking Democratic Party targets and spreading inflammatory posts on social media, laid out the simple strategy and low-cost techniques that prosecutors said helped Moscow undermine and distract the Clinton campaign.
The remarkably detailed indictments fueled calls for more secure election systems and more diligent scrutiny by social media of fake news and trolling in their sites. They also bolstered warnings from top Trump administration officials that Russia and other nations will do anything they can to destabilize U.S. politics — even as Trump himself has sometimes sown doubts that Vladimir Putin’s regime was to blame.
“These indictments provide a treasure trove of historic information about how the elections have been assaulted in the past,” said Christopher Ott, a former Justice Department counterintelligence and cybersecurity prosecutor who is now a partner at Davis Wright Tremaine. “More importantly, they provide an invaluable starting point for improving election security in the face of new, novel threats that will likely come.”
In July 2018, Mueller brought an indictment against 12 Russian military officers on charges of hacking the DNC and the DCCC, adding weight to the conclusion that Moscow was behind the cyberattacks that rocked the 2016 campaign.
Plenty of evidence already supported that conclusion, including reports from private cybersecurity companies that investigated the breach and quickly linked it to the Russian military-linked hacker groups nicknamed Fancy Bear and Cozy Bear. Independent experts also found clues linking the attacks to Russia. So did the United States’ top intelligence agencies in a report issued weeks before Trump took office.
But Mueller’s indictment was the product of the vast investigative resources of the Justice Department and the FBI, which were able to unmask the individual hackers who infiltrated the party committees, construct a timeline of their activities and obtain their search histories to show how they prepared for the attacks. The document brought clarity to a previously hazy timeline of what the Russians did and when.
Some of its revelations seemed tailor-made for the briefings that cybersecurity experts were giving campaign staffers and candidates in the lead-up to the 2018 midterm elections. For example, by describing how the Russians used their access to the DCCC’s network to penetrate the DNC, the indictment emphasized the need for campaigns and political groups to monitor how third parties can access their systems. Nation-state hackers are increasingly targeting third-party vendors to piggyback on their access to the hackers’ real targets.
The report reveals that the hackers tunneled into the DNC’s computers through a so-called virtual private network, a service intended to provide secure access to the DNC’s network for trusted DCCC employees.
The indictment also offered further evidence that the hackers were going after state election offices that until recently devoted almost no energy to cybersecurity. It confirmed media reports that the Russians had stolen voter data from Illinois’ election board and, in another example of third-party risk, breached an election vendor in Florida as a way of targeting its customers.
The specificity of the narrative offered a wakeup call to election officials and campaigns — although leaders in some states are still hitting the snooze button.
“The level of detail and attribution contained in the indictment could also provide a critical tool for educating the public about the threat,” Ott said. “Rather than a euphemistically-named advanced persistent threat group, the DOJ has stated the true identity of the individual hackers and certain details of their hacking infrastructure.”
In February 2018, Mueller brought charges against 13 Russian nationals accused of waging “information warfare” against the U.S. through an elaborate network of social media accounts and astroturfed groups, using techniques that included posting racially divisive messages on Facebook and staging political rallies on U.S. soil. That heaped pressure on companies like Facebook and Twitter that had largely resisted serious efforts to eliminate what they call “coordinated inauthentic behavior.”
In the months since, major tech companies have repeatedly announced takedowns of fake accounts associated with foreign governments, although they have also faced criticism that they’re doing too little.
Facebook rolled out a series of changes aimed at addressing the threat, including verifying political advertisers, launching an ad transparency center, using both artificial intelligence and human reviewers to detect and block fake accounts, working with third-party fact checkers to vet disinformation and setting up a “war room” meant to respond to malicious activity in real time.
Google subsidiary YouTube began labeling videos uploaded by state-funded media outlets including RT — formerly Russia Today — and tweaked its algorithms in a bid to stop the spread of conspiracy theories.
And Twitter, which launched its own ad transparency center, ramped up its efforts to pull fraudulent accounts and prevent the people behind them from starting new ones. It also banned the spread of hacked materials like the stolen Democratic emails that went viral shortly before the 2016 election.
But lawmakers and public-interest groups continue to question the efficacy of the platforms’ efforts as misinformation continues to flow across them. And the companies themselves say that while they have made great progress, there’s no easy solution as long as foreign actors still view their platforms as a good way of meddling in other countries’ votes. Said a Facebook election official in a January blog post, “We will never stop all the bad actors.”
Ben Buchanan, a Georgetown University professor whose research covers cyber statecraft and election security, said the Mueller probe offered “unique insight” into, and “rock solid evidence” of, Russian operations.
“No other single source comes close to its granularity and level on detail about how the Russians went about their mission,” he said.
Beyond the two indictments, the news tsunami of the Mueller investigation ensured that election officials, lawmakers, federal agencies and tech companies were constantly facing questions about the 2016 interference and the cybersecurity issues it raised.
State and local election officials began vowing an increased focus on cybersecurity. DHS stepped up its coordination with these officials, conducting scans and assessments to identify weak points in states’ networks. Congress gave the states $380 million to buy new voting machines, hire cyber experts, conduct audits and shore up voter registration databases. And companies like Microsoft and Cloudflare began offering free security tools to campaigns and election offices.
“For elections officials across the country, the Mueller investigation and indictments have heightened our need for additional resources to defend against cyber attacks,” California Secretary of State Alex Padilla told POLITICO.
April Doss, who served as a senior counsel on the Senate Intelligence Committee’s Russia probe, said the Mueller investigation and resulting report offered a reminder of “just how wide-ranging the Russian active measures campaign was, and how many of those activities” — including election security — “really should be looked at through a bipartisan or nonpartisan lens.”
But the interest in election security as a result of the Mueller probe has also exposed how much work remains to be done.
States have moved slowly to spend their federal grant money, because buying new technology takes time and officials face a crush of other tasks — the money arrived just as officials prepared to hold their midterm primaries. Some states, including Georgia, have chosen to replace their voting machines with devices that experts call insecure.
In Washington, bureaucratic issues like a lack of security clearances and insufficient planning have hampered federal agencies’ effectiveness. On the Hill, lawmakers have deadlocked over proposals to set new voting security requirements. And the powerful companies that make voting equipment have resisted efforts to make them more transparent and accountable.
Mueller’s investigation may be over, and its redacted conclusions available for public viewing, but it will be years before government and corporate cyber defenders have fixed the vulnerabilities that his probe thrust into the national conversation.
“Whether future threats come from the Russian government or other hostile actors,” said Doss, “it’s essential for the federal government to lead the way in making sure there’s effective information sharing with state and local officials on current cyber threats and best practices, that security clearance applications from election officials are processed quickly, and that federal aid is made available to jurisdictions who need it to bolster the security of their election infrastructure.”
Tim Starks and Nancy Scola contributed to this report.
Article originally published on POLITICO Magazine