Breaking News Emails
Next Saturday, March 24, hundreds of Texas Democratic Party activists will gather at the Austin Hyatt Regency to nominate candidates for political office in Travis County, a kick-off event leading up to the 2018 midterm elections.
But some people who tried to register will not be attending, among them Candida McGruder. Gustavo Chubb. Geraldo Tinsley. Vincent Amundson. Roxie Male.
That's because these five individuals and 43 others who signed up to attend don't appear to be Travis County residents, or Texans, or even Americans. They might not even be real people. They may be pranksters — or they may be Russian trolls, and their appearance in Texas could represent the first public example of foreign probing of the 2018 elections.
Five senior intelligence officers, two current and three former, say the case of the Texas 48 looks like Russian meddling. And they tell NBC News that despite the clumsiness of the failed registrations, the Texas case fits a pattern of Russian behavior seen in its covert operations.
U.S. intelligence officials tell NBC News that Russia has never stopped trying to influence American politics through fake social media accounts and propaganda. The officials have not disclosed any specific cyberoperations aimed at voter rolls or the 2018 midterms, but they say they fully expect Russian interference attempts to continue.
"In the context of what we already know, the Texas case points to the broader Russian effort," a senior intelligence official said.
Earlier this year, as Texas party officials prepared for the March 24 county meetings that would nominate candidates for office, Glen Maxey noticed something odd about online registrations for the Travis County meeting in Austin. Some of the people attempting to register either didn't fully fill out their online form or provided obviously false information.
Maxey, legislative affairs director for the Texas Democratic Party and a former member of the Texas House of Representatives, said that at the time just over 2,500 Texas citizens had successfully registered online for the Travis County meeting. He went through the aborted registrations by hand, checking to see whether the registrations had been "kicked back" because of simple errors, in which case he would follow up with the individuals.
Maxey found a few unfinished registrations that were simple mistakes. But he identified 48 that were problematic, meaning they seemed unconnected to anybody living in Texas. Twenty-five of those 48 were trying to register with email addresses ending in "mail.ru." Those last two letters, .ru, are the internet designation for domains in Russia.
Maxey told NBC News he and his team hadn't seen any other examples of pranks or false registrations in past cycles. He also said he didn't know who to contact in Texas state government and had received no guidance from either state or federal authorities regarding anything to do with potential Russian interference.
NBC News wrote to the 48 suspicious registrants, using the email addresses they provided in their online registrations, asking for additional information. Of the 48, 16 emails bounced back — "undeliverable" in internet terms, meaning the addresses were likely false. But the others — including all 25 ending in @mail.ru, were evidently delivered to their respective inboxes. After a week, NBC News has heard no responses.
"These are not automated names caught in some spam filter," the senior intelligence official told NBC News, when he was told of the circumstances of the Texas 48. He points out that the suspect addresses seem to link to an actual human or humans rather than automated "bots" in that someone had to physically navigate to the website and fill out web forms.
The official also notes that in contrast to Russian probes during the 2016 election, where operatives tried to penetrate voter registration systems or voter lookup systems, whoever is pranking or probing the Democratic Party in Texas is focusing on the broader election process.
Special counsel Robert Mueller's Feb. 16 grand Jury indictment, the official points out, shows meticulous Russian low-level activity to use social media and influence party activists in specific states and localities.
Whoever is behind the Texas 48 is targeting a political party instead of voter registration systems, the official said, the "systems that state officials and homeland security are now prepared to defend."
So are the Russians coming?
On the surface, said cyberintelligence expert and NBC News consultant Sean Kanuck, "this almost sounds like junior high school students ordering pizzas under fake names."
But beneath the surface, Kanuck thinks perhaps something more sinister could be afoot.
Despite the ham-handedness that announces an obvious Russian origin, said Kanuck, who served as the first national intelligence officer for cyber issues at the Office of the Director of National Intelligence from 2011 to 2016, the methods and even the in-your-face nature of the trolling fit the pattern of "a Russian strategic campaign to delegitimize the democratic electoral process."
"I would speculate that Russia is testing the waters for possible interventions or disruptions in the future," Kanuck said.
And why be so obvious?
Kanuck and others say the Russians are interested in announcing their presence as long as they can at the same time deny government involvement and maintain "plausible deniability." The Russian goal is to stir up suspicion and chaos in the American political system. Second, they say, obvious and even seemingly incompetent activity could serve as a shield hiding more sophisticated and undetected covert activities.
Said Maxey, who discovered the Texas 48, "If things like this appear to be happening in small county registration systems in Texas, what could that mean for other parts of the country?"
NBC News repeatedly asked the Department of Homeland Security, which has responsibility for protecting state and local elections, both as a domestic intelligence agency and under their January 2017 designation as part of the "critical infrastructure," for comment on the Texas activity. The department did not respond.
Russia and the 2018 midterms
If there's one thing that U.S. intelligence officials are unanimous about, it is that Russia will be back, that is, if indeed they ever left.
Director of National Intelligence Dan Coats told the Senate Intelligence Committee in February that Russia "views the 2018 U.S. midterm elections as a potential target." The directors of the NSA and the Defense Intelligence Agency agreed.
"We have seen Russian activity and intentions to have an impact on the next election cycle," CIA Director Mike Pompeo said two weeks earlier. Pompeo declined in open session to provide any details.
A senior U.S. intelligence official tells NBC News that there is "concern" within the intelligence community that state election systems are being targeted. But the official declined to provide any additional detail, saying that DHS is the responsible domestic agency.
Coats told the committee that his new Cyber Threat Intelligence Integration Center (CTIIC) was already on the job monitoring Russian action. In March, he told the Senate Armed Services Committee that no "robust actions" had yet been detected.
For now, there are more questions than answers regarding the Texas 48, even to intelligence insiders who have spoken to NBC News.
"This may seem like a small scale incident," a former senior FBI official tells NBC News. "In fact, it's indicative of a much larger problem. How can the federal government be part of the solution if they're not even following the facts that some state and local officials are discovering? It's unacceptable."
A current senior intelligence official says that this kind of activity, even if it is merely "mischief," can't be dismissed. "Whether Russia is intent on penetrating the election system to change votes or not, this kind of outside activity serves to sow the seeds of doubt in the American process," he says.
Kanuck further explains, based on years of experience as the top cyberintelligence analyst for the U.S. government, that conducting probes or testing filters and reactions are the equivalent of "testing the waters … 'prepping the environment' for a range of possible contingencies."
In the cyber world, Kanuck says, cyberweapons must often be tailored to specific targets and would therefore need to be tested "in the wild" to have confidence in how they will really work. But gaining surreptitious access to targeted systems is often attempted "without knowing when or how such access might ultimately be leveraged in future operations."
"I get the sense that we have foreigners trying to get a better understanding of the very complicated patchwork of local elections and primaries in the U.S.A. This is the kind of due diligence that I would expect a determined targeting analyst to undertake."
If the Russians are indeed casing Travis County, Maxey says, not only has he heard nothing from either homeland security or the FBI, but he doesn't even have any protocols under which he would even communicate with them.
"Who would I report political interference to?" Maxey told NBC News. "There has been no guidance of any kind from the feds or the state."
Maxey added that he has heard of no other activity similar to the Texas 48 in other counties.
In testimony last week, Coats, the national intelligence director, himself pointed out that the federal government and the intelligence community still need to do a better job. He said that the intelligence community "need(s) to inform the American public that this is real, that this is going to … happen."
Said Clint Watts, a former FBI special agent and cyberexpert who serves as an NBC News analyst: "We've done nothing to comprehensively clear up this problem to protect our state election systems. Until we do so, we have no way of knowing how serious a threat these particular emails are."
"This case in Texas needs to receive the highest level of urgency," Watts said. "It's outrageous that we are in March, just months ahead of midterms, and we are not feeling this urgency from our own government."