WASHINGTON — Intelligence and cybersecurity officials say they see no sign that Russian hackers have tried to infiltrate the election infrastructure the way they did in 2016, when all 50 states were probed, and voter rolls in some states were accessed. Officials also say that when it comes to cyber defenses, this is the best protected election in history.
But those same officials acknowledge that there is no way to protect every state, county and precinct network from infiltration by hackers, and that the Russians or another foreign power could still decide to mount a cyber offensive to disrupt the election.
Experts say this is unlikely, because it would mean crossing a red line that could provoke a serious reaction from the U.S. government. And they say it would be extremely difficult for hackers to actually change vote tallies.
But if an adversary decided to attack, here are the ways experts say the Russians (or even less likely, the Iranians or the Chinese) could use cyber techniques to cause an election nightmare:
Turn out the lights
“Imagine an infrastructure attack, maybe in some key precincts, or states, swing states for the election, where maybe power goes out, or maybe the 911 service goes out,” Frank Figliuzzi, the FBI’s former counterintelligence chief and an NBC News contributor, said. “Or you can't use your credit card or pump gas. Just something that sows discord and confusion.”
U.S. officials have long said the Russians have planted “cyber bombs” on American power grids and communications networks to be triggered at a later date if desired. Perhaps the most ruthless and effective way the Russians could disrupt the election would be to shut down the power or the cellphone service in a few critical areas, making it impossible to vote.
This is perhaps the most frightening scenario but also the least likely, because such an attack could be considered an act of war, and the U.S. might feel compelled to retaliate, not just with a cyberattack, but also a military response.
Lock up election computers
As the recent spate of attacks on hospitals has shown, ransomware is a devastating method of cyberattack that is extremely hard to stop. All it takes is a computer user clicking on a malicious link, thereby opening a network to malware that encrypts all the data and turns computers into bricks, unless a ransom is paid to unlock it.
The ransomware attacks against U.S. hospitals are being carried out by a Russian-speaking Eastern European criminal group, experts say, but nothing prevents the Russian government from deploying a similar group — the Russian state often works with criminal hackers, U.S. officials say — to attack American elections.
A recent ransomware attack against local government systems in Hall County, Georgia, has slowed the election department’s capacity to count absentee ballots, officials there have said.
Voting machines themselves aren’t connected to the internet, but ransomware attacks against a county or precinct could shut down critical supporting networks that could make it difficult to conduct the election. In a swing state, the impact could be huge.
“We've seen an increase in the use of ransomware by folks who maybe couldn't write it themselves, but now it's available out on the black market and they can buy it,” said Matt Drake, a former FBI election threats specialist now with defense contractor SAIC. “And it's certainly concerning that if it were launched shortly before the elections. it could be difficult for some places to overcome that.”
Tamper with voter rolls
On primary day in 2016, some voters showed up to the polls in Riverside County, California, only to learn that their voter registration information had been changed online — their party affiliation had been switched — and they couldn’t vote in their preferred primary. Baffled voters insisted they hadn’t made the changes. The local district attorney concluded the voter rolls had been hacked.
U.S. officials say the Russians had access to many voter registration databases in 2016 and if they had chosen to do so could have tampered on a large enough scale to seriously disrupt the election. They say they haven’t detected Russian hacks of voter rolls this cycle, but that doesn’t mean there haven’t been any or won’t be.
Imagine if the Russians or some other adversary deleted every third voter registration record in three Pennsylvania counties, and voters showed up, only to be turned away.
Block publication of vote results
In Knox County Tennessee, during a 2018 mayoral primary, officials say a distributed denial of service, or DDOS, attack, shut down a county website publishing election results. The county had to mail out the official tallies. The actual vote was not affected, but some members of the public weren’t able to see the results on election night.
In a presidential election, The Associated Press and other news organizations deploy reporters all over the country to eyeball official results and send them in, so it would be difficult for hackers to blind the country to most of the results. Large media companies have strategies to defend against DDOS attacks.
But reporters can’t be everywhere. If these attacks, which are easy to carry out, were deployed against local governments on a large scale around the country, experts say, they could disrupt and delay the dissemination of some election results and undermine confidence in the vote.
The most plausible threat from Russia and other adversaries this election season is not a physical hack, but a mental one, experts say. The Russians (and, to a lesser extent, the Chinese and the Iranians) are ready to deploy English-language disinformation on social media that is designed to exacerbate any dispute about the vote count, and any protest in the election’s aftermath.
These disinformation networks are designed to take a small incident, such as a few mishandled ballots, and amplify it in a way that allows one side or the other to cry fraud. One term for this is “perception hack.” Foreign adversaries don’t have to do much, experts say, because extremists on the far left and the far right have shown themselves all too eager to traffic in conspiracy theories that spread like a virus through social media.
If the election results are disputed, current and former intelligence officials told NBC News they worry the Russians will dust off a playbook they intended to employ if Donald Trump lost narrowly to Hillary Clinton in 2016, a drumbeat of disinformation designed to sow doubts about the results.
In part for this reason, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency have repeatedly warned Americans to think twice before passing along unverified information about supposed election irregularities.
But in terms of their reach, those warnings can hardly compete with the giant bullhorn commanded by Trump, who has repeatedly and without evidence claimed the 2020 election is likely to have been rigged if he loses it.