The New York Times reported earlier this week that Facing New Russian Hacking, Senators Signal They Are Ready to Act:
Faced with new evidence that Russian hackers are targeting conservative American research groups and the Senate’s own web pages, key lawmakers from both parties signaled on Tuesday that they were ready to move forward with punishing new sanctions legislation capable of crippling the Russian economy.
And in three separate hearings on Capitol Hill, senators prodded the Trump administration to do more with its existing authorities to deter Russia and protect the United States’ political infrastructure.
But administration officials argued that the current sanctions regime provided all the authority they needed, and they dismissed concerns that President Trump’s equivocation on questions of Russian interference had harmed their efforts.
The senators’ pleas took on more urgency after Microsoft Corporation revealed on Monday that it had detected and seized websites that were created in recent weeks by hackers linked to the Russian military intelligence unit formerly known as the G.R.U. The sites appeared meant to trick people into thinking they were clicking through links managed by the conservative Hudson Institute and the International Republican Institute, but were secretly redirected to web pages created by the hackers to steal passwords and other credentials.
Both institutions have taken aim at Russian corruption, and on Tuesday the Hudson Institute said in a statement that was not the first time an authoritarian government had targeted its work, nor did it expect it to be the last. Microsoft also found websites imitating the United States Senate, but not specific offices or political campaigns.
Those revelations came less than a month after Facebook disclosed that it had identified a new, active political influence campaign targeting November’s midterm elections on its network that showed signs of Russian handiwork.
* * *
Senators were skeptical of the administration’s actions. They questioned the effectiveness of sanctions passed overwhelmingly last year to target Russia’s defense and intelligence sectors, and tried to solicit input from the officials on how to proceed. And with the latest targets being conservative groups, concern could spread.
Mr. Graham said efforts to deter Russia had clearly fallen short and called on party leaders to move quickly.
Even Senator Mitch McConnell of Kentucky, the majority leader, said he was “personally very interested” in additional bipartisan sanctions legislation, but he cautioned that there may not be time to fully consider it before the election.
You have had two full years to act and you have done nothing! This is legislative malpractice.
Top intelligence and law enforcement officials have repeatedly warned that Russia remains active in American politics and has targeted the midterm elections. All senators were scheduled to receive an additional classified briefing on Wednesday from the homeland security secretary, the director of national intelligence and the F.B.I. director about the Russian threat and what is being done to blunt it.
The hearings were combative at times, with senators venting that administration officials were dodging simple questions.
“One of the things I thought would come from this hearing is a recommendation or a set of recommendations of what Congress might consider legislatively for additional sanctions,” Senator Jerry Moran, Republican of Kansas, said at the Banking Committee hearing. “Am I to take from your unwillingness to answer that kind of question that there is opposition by the administration to additional sanctions?”
Ms. Mandelker would not give a straight answer, repeatedly telling senators that the Treasury Department had the authority it needed.
In the Foreign Relations Committee, senators were clearly frustrated with what they said was a lack of progress in curbing Russian behavior.
“Why, given all the things we are doing, are we not making better progress?” asked Senator Rob Portman, Republican of Ohio. “I think sanctions are necessary,” he continued, but “it’s obviously not working the way we’d like. What would be more effective?”
Well, as Gomer Pyle used to say, “Surprise, surprise, surprise!” Russian asset Donald Trump blocked congressional attempts to secure the 2018 midterm election from Russian interference. A Senate bill to stop election interference got squashed. It might be the White House’s fault.
A Republican-led, Democrat-supported bill to safeguard US elections from foreign interference is stuck in the bowels of Congress. Here’s a possible explanation: The White House doesn’t want it to pass.
The Secure Elections Act, which Sen. James Lankford (R-OK) introduced, would have made significant changes to the way states protect their voting systems in three significant ways. It proposes to:
- Give security clearances to the top election official in all 50 states so they can follow real-time threats to their voting systems
- Establish a formal channel among the Department of Homeland Security (DHS), other government agencies, and states to share information on the security of each state’s election
- Ensure a state conducts an audit after any federal election, including incentivizing efforts to purchase electronic voting machines that retain a paper record of each ballot
That last part is crucial, as it would help states keep an accurate vote count if cyberattackers tried to manipulate or interfere with a final, electronic-only report.
The White House, however, doesn’t like the bipartisan bill. The government, and mainly DHS, “has all the statutory authority it needs to assist state and local officials to improve the security of existing election infrastructure,” Lindsay Walters, a White House spokesperson, told Yahoo News.
Citing congressional sources, Yahoo reported that that disapproval led the White House to stop further consideration of the bill in the powerful Senate Rules and Administration Committee, which oversees federal elections. On Wednesday, Sen. Roy Blunt (R-MO), the panel’s chair, abruptly canceled one of the committee sessions that would’ve led to a full Senate vote on the bill in October.
* * *
The White House says the legislation would replicate existing authorities for DHS and would “violate the principles of federalism.” Still, it’s not a good look to squash a bill that could potentially stop Russians, Iranians, or others from interfering in federal elections.
It’s unclear if the bill is forever dead or if it will be considered again, either in its current or different form. But it goes to show that the White House doesn’t seem to take its interest in election security extremely seriously — all because of the man who sits in the Oval Office.
“A keyboard click away”
On July 27, White House press secretary Sarah Sanders said in a statement that President Donald Trump “will not tolerate foreign interference in our elections from any nation state or other malicious actors.”
That doesn’t seem to be the case. That same day, NBC News reported that “there is no coherent Trump administration strategy to combat foreign election interference — and no single person or agency in charge.”
Trump administration officials warned about this for months. When now-retired Navy Adm. Michael Rogers led US Cyber Command, he told lawmakers in February that Trump had yet to direct him to directly strike Russia’s cyber operations.
Not much has changed since then. Moscow is only “a keyboard click away” from conducting a serious cyberattack on US voting infrastructure, Dan Coats, the nation’s top spy, said on August 2 at the White House.
And it’s not just Russia the US needs to worry about. In a Sunday interview on ABC’s This Week, National Security Adviser John Bolton said the Trump administration is worried that China, North Korea, and Iran have stepped up their efforts to meddle ahead of the November vote.
“I can say definitively that it’s a sufficient national security concern about Chinese meddling, Iranian meddling, and North Korean meddling that we’re taking steps to try and prevent it,” Bolton told ABC’s Martha Raddatz. “So all four of those countries, really.”
Two days later, Facebook revealed that it removed about 650 pages, groups, and accounts it determined are part of a coordinated disinformation campaign out of Russia — and Iran. Twitter said it had suspended 284 Iran-linked accounts.
It’s undoubtedly hard to stop cyberattacks on America’s elections — but there is still no White House-led, coordinated effort to stop current and future attempts — except to block bills in Congress from possibly helping.
Why is this important? Check out this piece in POLITICO Magazine. I Just Hacked a State Election. I’m 17. And I’m Not Even a Very Good Hacker.
It took me around 10 minutes to crash the upcoming midterm elections. Once I accessed the shockingly simple and vulnerable set of tables that make up the state election board’s database, I was able to shut down the website that would tally the votes, bringing the election to a screeching halt. The data were lost completely. And just like that, tens of thousands of votes vanished into thin air, throwing an entire election, and potentially control of the House or Senate—not to mention our already shaky confidence in the democratic process itself—into even more confusion, doubt, and finger-pointing.
I’m 17. And I’m not even a very good hacker.
* * *
The Voting Machine Village at [hacking convention] DEF CON, the aforementioned competition where attendees tackled vulnerabilities in state voting machines and databases, raised plenty of eyebrows among election boards and voting machine manufacturers alike. It’s a hard pill to swallow for the public, too: No one wants to believe that—after waiting in a lengthy line, taking time off from work or finding a babysitter in order to vote—their ballot could be thrown away, or even worse, altered.
Consequently, people started to take notice as reports came in from both the intelligence community and organizations like the DNC about the ease with which a foreign power could potentially do such a thing. Since electronic voting was introduced in the early 2000s, leaders in both Washington and our state capitals have repeatedly failed to keep up with rapid advances in information technology and cybersecurity.
The replica state election websites used in this year’s competition were built on MySQL, a database management system that stores data in simple tables containing columns and rows. By inputting a command into the search bar to see all the website’s tables, I could then see all of its data, including vote tallies, candidate names and tables of basic website functions. Once someone has that kind of access, they can do plenty of damage. First, the organizers instructed us to double candidates’ vote tallies. Then, with the assistance of volunteers, some of us easily changed the names of candidates or even their parties, or inflated the vote tallies to ridiculously high, Putinesque numbers.
The entirety of the hacking came down to entering no more than two lines of code: the first to display all columns and rows for the site, the second to alter the vote tally. Of the few dozen participants, most completed the very simple hack assigned by the instructors. About a quarter figured out how to rename or delete other candidates and their parties from the list.
* * *
The fact that someone as untrained as myself could theoretically bring an election to a screeching halt with nothing but a quick Google search should be a wake-up call.
Imagine what a highly trained and skilled intelligence officer working for Russia’s GRU can do. And yet Congress has failed to act for two full years because of the Russian asset in the White House.