Campaign 2018: Election Hacking is a weekly series from CBS News & CNET about the cyber-threats and vulnerabilities of the 2018 midterm election. Part 1:. Next week: Voting machine hacking.
During the 2016 presidential campaign, Russian cyber-operatives conducted a sustained "influence campaign" cyberattack on the American electoral system by relying on social media to radicalize voters, undermine institutions, and disseminate misleading information.
The efforts are ongoing in the weeks leading up to the 2018 midterms — and other countries are doing it, too.
Influence campaigns — coordinated efforts to create and propagate misleading and inflammatory content on social media — borrow heavily from modern internet-based marketing techniques.
"[Tech] platforms are especially good at helping marketers hit a target audience with a refined message," says Adweek technology editor Josh Sternberg. "Influence campaigns are no different. They're effective because social media marketing is effective."
Russian hackers — adapting those marketing techniques — used coded language and images intended to spark feeling and emotion and to animate the audience, Sternberg says. "[The influence campaign] might start with fake accounts and fake news, but it also recruits real users to relay the message. Marketing primes the audience to be more sympathetic and creates brand ambassadors who amplify the signal. This is why Facebook, Twitter, and Google are worth billions."
Operatives at Russia's Internet Research Agency (IRA), a "troll factory" linked to the 2016 effort, are masters of social media marketing. According to the August 2018 indictment of Russian nationals, the members posed as Americans and established thousands of social media personas and pages "designed to attract U.S. audiences." The operators disseminated posts on Facebook, Instagram, Twitter, YouTube, and other sites denigrating candidate Hillary Clinton while boosting her rivals, including Bernie Sanders and Donald Trump. The group also posted "derogatory information" using inflammatory language intended to suppress African-American and Muslim turnout, deepen social fissures, and soften Russia's image.
Though he strongly disagrees with the IRA's mission and goals, Leo Taddeo, a former FBI special agent in charge of cybersecurity for New York City, calls Russia's digital misinformation endeavor a "tremendous success."
"I'm not saying I agree with what they did," Taddeo said, but the operatives "were able to create not only confusion in the pre-election process but massive amounts of discord in a post-election environment in the U.S., continuing to this day and continuing to sow doubt running into the 2018 cycle."
Russia is far from the only nation-state that relies on digital propaganda.
China, according to members of the intelligence community, is second only to Russia in its cyber and propaganda capabilities. Last year Senator Marco Rubio (R-Florida) told the Washington Post, "Chinese efforts to influence our public policy and our basic freedoms are much more widespread than most people realize."
North Korea routinely uses propaganda to achieve its foreign policy objectives, operates dozens of websites including a social network, and often uploads image-bolstering videos to YouTube. The country's influence campaigns were particularly active in the run-up to last summer's nuclear summit, according to the Council on Foreign Relations.
In recent years, Iran has targeted regional rivals Israel and Saudi Arabia with cyberattacks. In August, according to CNET, the cybersecurity firms FireEye and ClearSky unmasked a "sprawling network" of fake Iranian accounts spread across Facebook, Instagram, and YouTube.
According to Reuters, the influence campaign was directed by the International Union of Virtual Media, an Iranian state media organization.
Ahead of the 2018 midterm election, large internet firms are taking active steps to remove content and accounts associated with influence campaigns. Twitter, a haven for bots and trolls during the 2016 presidential campaign, recently removed 770 accounts associated with Iranian and Russian influence campaigns. It said the accounts were "sharing divisive social commentary" and images.
In August, Microsoft announced it had uncovered Russian hackers using the company's Azure cloud software and Office 365 productivity suite to set up phony personas and websites. "This activity is most fundamentally focused on disrupting democracy," Microsoft President Brad Smith said in a statement.
"We're still in the very early stages of our investigation and don't have all the facts — including who may be behind this," said Facebook's head of cybersecurity policy, Nathaniel Gleicher. Though Facebook would not attribute the activity to a nation-state, intelligence officials say there is "no doubt" Russian cyber-agents are still operating on the social network.
Senator Mark Warner (D-Virginia) told the Senate Intelligence Committee in August, "Russian-backed operatives continue to infiltrate and manipulate social media to hijack the national conversation and set Americans against each other."
Leo Taddeo is convinced Russian influence campaigns on social media will continue.
"We can expect more of the same," Taddeo says. "More botnets, more information, distribution, [intended to] create divides within the American population, within the voting population. And we'll have to keep our guard up. We'll have to shine a light on Russian activity to inform voters and inform our politicians."
- "We know that elections are always a big juicy target": The attempts to crack down on foreign cyber invaders (CBS News)
- Facebook detects influence operation ahead of 2018 midterm elections (CBS News)
- Facebook deletes over 650 accounts linked to influence efforts from Iran, Russia (CNET)
- Influence campaign from Iran is huge, report says (CNET)
- Antony Blinken: Why education is the best cyber-defense (TechRepublic)