The U.S. government believes hackers from Russia or elsewhere may try to undermine next week’s presidential election and is mounting an unprecedented effort to counter their cyber meddling, American officials told NBC News.
The effort is being coordinated by the White House and the Department of Homeland Security, but reaches across the government to include the CIA, the National Security Agency and other elements of the Defense Department, current and former officials say.
Russia has been warned that any effort to manipulate the actual voting or vote counting would be viewed as a serious breach, intelligence officials say.
"The Russians are in an offensive mode and [the U.S. is] working on strategies to respond to that, and at the highest levels," said Michael McFaul, the U.S. ambassador to Russia from 2012 to 2014.
Officials are alert for any attempts to create Election Day chaos, and say steps are being taken to prepare for worst-case scenarios, including a cyber-attack that shuts down part of the power grid or the internet.
But what is more likely, multiple U.S. officials say, is a lower-level effort by hackers from Russia or elsewhere to peddle misinformation by manipulating Twitter, Facebook and other social media platforms.
For example, officials fear an 11th hour release of fake documents implicating one of the candidates in an explosive scandal without time for the news media to fact check it. So far, document dumps attributed to the Russians have damaged Democrats and favored Trump.
"The Russians are in an offensive mode and [the U.S. is] working on strategies to respond."
The Russians "want to sow as much confusion as possible and undermine our process in ways they’ve done elsewhere," said a senior Obama administration official. "So this is to make sure that we have all the tools at our disposal and that we're prepared to respond to whatever it is that they do."
"We need to be prepared on every front, not just technical but messaging, and so on," the official added, saying the details were classified. "Because any reporting irregularity could be incredibly disruptive. … They can cause tremendous chaos, and by the time we are able to attribute, the damage may have already been done."
Officials were reluctant to discuss how they might be respond to such "influence operations," other than to say they will make efforts to counter misinformation and keep open communication nodes.
The U.S. intelligence community and the Department of Homeland Security assess that it would be extremely difficult for even a nation-state actor to alter actual ballot counts or election results by cyber-attack, a second senior administration official told NBC News.
"This assessment is based on the decentralized nature of our election system in this country and the number of protections state and local election officials have in place," the official said. "States ensure that voting machines are not connected to the Internet, and there are numerous checks and balances as well as extensive oversight at multiple levels built into our election process."
However, a Department of Homeland Security official said, other possible hacks pose "the potential for causing confusion and misperception" around the election.
For example, "Somebody could tamper with voter registration information or unofficial election night reporting."
DHS Official: October Attack "Had All the Signs of ... A Drill"
While multiple intelligence officials told NBC that they have no specific warning about an Election Day attack, they also say they consider the massive and sophisticated internet disruption of Friday, Oct. 21, a potential dry run.
The "distributed denial of service" attack on equipment provided by the company DYN, which took down popular internet sites like PayPal and Amazon for hours, “had all the signs of what would be considered a drill,” said Ann Barron-DiCamillo, former director of Homeland Security's computer emergency readiness team.
If a similar attack began unfolding on Election Day, DHS would work with big internet providers such as Comcast (owner of NBC Universal) and Verizon to try to mitigate it, Barron-DiCamillo said. Since most of the internet is owned by private companies, the government relies on the private sector to help stop attacks, she said.
As is standard for major national events, all six federal cyber centers will be up and running, closely monitoring network traffic and hunting for malware.
"Given (the Russians’) past behavior in other contexts, we understand the way they like to go about potentially causing confusion and so we want to make sure that we are mitigating that potential," the DHS official said.
A current Obama administration national security official said that a White House working group has been watching Russia’s apparent intervention in other foreign elections with growing concern.
A recent case study, the official said, was the October 16 parliamentary election in Montenegro, a small Balkan nation straddling East and West.
The incumbent Democratic Party of Socialists narrowly won, but fell short of an absolute majority after facing stiff and well-financed opposition from a pro-Russian coalition that opposes the country’s proposed membership in NATO — a position also held by Putin.
In the run-up to the election, U.S. officials believe Russia secretly funneled money to opposition parties and either set up or co-opted friendly media outlets and “influencers” to undermine the pro-West party and highlight the risks of joining NATO, the official said.
During the election, Russia launched a coordinated disinformation campaign using traditional and social media to allege widespread voting irregularities, including that dead people had been registered to vote, according to the Obama national security official. Social media networks were so bombarded with complaints and accusations that Montenegro ordered telecom operators to temporarily shut down WhatsApp, Viper and similar messaging apps, creating even more questions about the election, the official said.
A network of anti-censorship bloggers also reported that the website of Montenegro’s top election observation NGO, the Center for Democratic Transitions (CDT), was knocked out for part of Election Day, raising concerns among U.S. officials about Russian interference.
Montenegro's state election commission released the final results Oct. 29 — and certified the pro-NATO party’s win — despite protests by the pro-Russian opposition party, which cited the very irregularities the U.S. blames on Russia as reason to doubt the vote totals.
"It’s the kind of thing that we are anticipating that they will try here,” the official said. “But they will target whatever they can — voting infrastructure, putting out false stories about the Democratic Party intentionally manipulating the results. That’s what they do."
Montenegro’s leaders publicly accused Russia of meddling in the election. Russian officials and opposition party members denied any interference, but Russia's foreign minister said NATO was being "irresponsible" for supporting admission for Montenegro, which could come as soon as Spring 2017.
Russia has also denied any involvement in recent hacks of U.S. political groups and operatives.