The effort by Russian intelligence to meddle in the 2016 presidential election is just one of many projects within the Kremlin’s global hacking enterprise. The AP recently reported on the scope of this program based on a leaked digital “hit list” of targets in the U.S., Ukraine, Russia, Georgia, and Syria from a hacking group known as Fancy Bear.
The list, picked up by the cybersecurity firm Secureworks, covered the period from March 2015 to May 2016 and included more than 4,700 Gmail accounts globally, including “at least 573 inboxes belonging to those in the top echelons of the [U.S.] diplomatic and security services.” Among the targets were John Kerry, Colin Powell, then–supreme commander of NATO General Philip Breedlove, and more than 130 Democratic Party staffers and supporters — most notably, John Podesta. (There were some Republican targets, too.) Abroad, the list includes figures like Ukrainian president Petro Poroshenko and Russian dissidents Mikhail Khodorkovsky, Alexei Navalny, and Maria Alyokhina of Pussy Riot, as well as their associates.
Fancy Bear has long been suspected of being affiliated with the Russian government, but the data shown to AP reporters suggests both that Fancy Bear is working for the Kremlin and that it is a sophisticated cybercrime outfit, not some fat guy in his mom’s basement. The data the group was collecting would require a sophisticated team of analysts to make sense of it, and their hit list is aligned too closely with Russian state interests for Moscow to credibly deny that they have anything to do with it — though, of course, they continue to do so.
Setting Donald Trump aside for a second, the story here is that the Russian government has developed a sophisticated digital propaganda and misinformation strategy based on using hacked data from public figures and institutions in countries of interest to influence public opinion and elections in those countries. Just about a year ago, they found out just how well this strategy could work, and nobody in the security sphere doubts they will use it again in 2018, 2020, and beyond. Unless we find a way to prevent or counteract this kind of foreign interference, it will quickly become a constant factor in our elections — and Russia won’t be the only country doing it, either.
This isn’t simply a matter of getting people like John Podesta to use two-factor authentication on their emails. These digital instigators can create real-world events, such as when two separate Russian-bought Facebook pages organized both a group of anti-Islam protesters in Texas last year and a group of counterprotesters to square off with them in Houston. The implications of a tool that lets foreign actors weaponize the American public like this are disconcerting.
Even more disconcerting is that because Trump was at best an unwitting beneficiary in last year’s election meddling, he cannot see past his own role in this story to understand these implications in the longer term. Congress is taking this threat seriously, at least, as is special prosecutor Robert Mueller, but the messaging from the White House has been consistently to downplay the problem by way of denying that any collusion took place. It is hard to see how our government can effectively respond to this new trend in cyberespionage when the president thinks it’s all fake news.
The masterstroke of Russia’s election disruption is that it’s very hard for any president, especially an ego-driven character like Trump, to acknowledge receiving that kind of help. If this gets reduced to a political fight over whether this administration is in bed with the Kremlin, and if the public becomes divided along partisan lines as to whether the interference happened at all, that will go a long way toward ensuring that Russia’s digital army of hackers and trolls continues to work unimpeded.
Perhaps instead of trying to catch the administration in another lie, the White House press corps should start asking what the executive branch is doing to prevent this type of interference from happening again in the future. Responding to such threats is part of the president’s job, and if he refuses to do so, he should pay a price for that negligence, at least in the court of public opinion. The scope of the threat here is much bigger than one election and one president, or even one country, and combating it needs to be a focal point of our foreign and national-security policies, regardless of which president or party Russia’s machinations are currently helping.