The hacking of U.S. political organizations that intelligence agencies say is meant to “interfere” in the upcoming election should come as no surprise, a former top national security official said Thursday.
“I think this is one we all should have been able to see was coming,” John Carlin, who stepped down this month as the assistant attorney general for national security, said during a panel on election security at the Aspen Institute, a nonpartisan think tank, in Washington.
When he was in office, Carlin oversaw the investigation and indictment of foreign hackers who spied on U.S. companies and broke into the control systems of a dam in New York.
This is hardly the first election cycle in which hackers have targeted political organizations, Carlin noted. In 2008, he was part of an FBI team that briefed then Sen. Barack Obama and his GOP rival, Sen. John McCain, on foreign hackers that had broken into the campaigns’ email systems.
And the Russian hackers linked to the hacking of the Democratic National Committee and other organizations have a history of breaking into U.S. government agencies.
What’s different now, Carlin said, is that the Russians are merging their traditional espionage operations with propaganda efforts that have previously been seen mostly in Europe. There, the Kremlin has tried to influence political campaigns and elections through the propagation of false or misleading information online.
Carlin likened the Russian hacks to a previous attack by North Korea on the computer systems of Sony Pictures Entertainment, saying each represented “an attempt to undermine a core value.” In the case of Sony, where hackers retaliated against the company for releasing a satirical film about North Korean leader Kim Jong Un, the Obama administration said the Hermit Kingdom had tried to undermine freedom of speech.
A senior administration official told The Daily Beast earlier this month that the U.S. response to the North Korean hacks would guide the response to the Russian campaign.
In that case, the administration took what it deemed a “proportionate” response, and sanctioned North Korean individuals and conducted limited cyber attacks on North Korean networks.
Whatever the administration has in store for Russia is likely to wait until after Election Day. U.S. officials familiar with the planning said any response would likely be taken in coordination with the president-elect and his or her national security team.
In an apparent rebuttal to skeptics who have questioned how U.S. intelligence agencies can be so sure that Russia is behind the campaign, Carlin said that the government had gotten very good at attributing the source of intrusions, using both technical information as well as human intelligence and other methods. In the Sony hack, for example, he said investigators called in a “behavioral analyst” with a background in computer analysis to examine not only the technical evidence, but to try and build a personal profile of the hackers themselves.
“Make no mistake. It’s hard, but it’s not impossible,” Carlin said, to connect individual actors to a specific operation.
Other experts on the panel said that while hackers have clearly tried to undermine confidence in the election, they’d find it exceptionally difficult to alter vote counts and sway the election to one candidate. That’s because the presidential election is essentially 50 individual state elections, and that decentralized structure makes it difficult for hackers to manipulate vote counts.
But former officials and experts stressed that hackers could still meddle with voter registration files or even try to cause widespread Internet disruptions like the one that took down major websites last week. Mass “disruption” on Election Day could have a ripple effect, undermining confidence in the security of the process and the integrity of the vote.
“I can’t imagine a greater threat to democracy,” said Trevor Potter, the former commissioner of the Federal Election Commission and the general counsel for McCain’s 2008 and 2000 presidential campaigns.
But there are chances for hackers to manipulate or even steal ballots.
Susannah Goodman, the director of voting integrity at Common Cause, said that military and overseas voters in particular should be cautious when casting ballots this year. They’re allowed to return ballots via email, but Goodman said they’d be better off printing out the ballots and mailing them then putting such important information at risk of being intercepted.
“It’s not something you would do with your Social Security number, it’s not something you should do with your ballot,” Goodman said.
She also worried that Republican nominee Donald Trump’s warnings that the election has been “rigged” against him could be seen as a “force of intimidation” if the supporters he’s asked to show up polling places to observe the process aggressively question voters standing in line about their registration status or whether they’re allowed to vote in a particular precinct.
