6 minute read
The US Hacking Elections: The US Story
The story of Russian interference in the 2016 US presidential election reads like a gripping political thriller, filled with clandestine operations, cyber espionage, and high-stakes geopolitical maneuvers. And yes, election hacking is real
- By Chandu Gopalakrishnan
Russian businessman Yevgeny Prigozhin, the notorious leader of the Russian mercenary organization Wagner Group, was in the news last month for staging a rebellion in Russia.
However, when he made what could have been an explosive statement in November 2022, the world reacted with a knowing shrug.
“We have interfered (in U.S. elections), we are interfering and we will continue to interfere. Carefully, accurately, surgically and in our own way, as we know how to do,”
Prigozhin said in comments posted by the press service of his Concord catering firm on Russia’s Facebook equivalent VKontakte.
In April 2022, a bipartisan Senate report confirmed the conclusions of the U.S. intelligence community regarding Russia’s interference in the 2016 presidential election.
The report revealed that Russian President Vladimir Putin had sanctioned a wide-reaching influence campaign with the aim of assisting Donald Trump in winning the White House.
The story of Russian interference in the 2016 US presidential election reads like a gripping political thriller, filled with clandestine operations, cyber espionage, and high-stakes geopolitical maneuvers.
Vladimir Putin, the President of Russia, was at the helm of the affairs that ultimately aimed at shaping the outcome of the election. The major tools: targeted misinformation and electoral hacking.
Hacking elections: The Clinton-Trump story
Two senior intelligence officials in the US and foreign service, cloaked in anonymity, step forward in December 2016 with explosive revelations.
They claimed that the covert operation to meddle in the US election was not only initiated but personally directed by none other than Vladimir Putin himself.
At first, the primary goal was to undermine the trust of the US population in their democracy. However, as the campaign progressed, it evolved into undermining the chances of Hillary Clinton’s victory and bolstering Donald Trump’s chances of winning.
The Russian government’s involvement escalated when they gained access to the Democratic National Committee’s computers, the officials told the US government’s sleuths. Such an audacious operation required the approval of the highest echelons of power in Russia, leading to the conclusion that Putin himself gave the green light.
White House Press Secretary Josh Earnest and Obama’s foreign policy advisor, Ben Rhodes, concurred with this assessment, further solidifying the suspicion that Putin’s fingerprints were all over this nefarious plot.
As the allegations gained traction, Russian officials vehemently denied any involvement in the DNC hacks and interference.
Kremlin spokesman Dmitry Peskov and Russian Foreign Minister Sergey Lavrov dismissed the accusations as nonsense, attempting to deflect the growing scrutiny.
As the probe analysed the complex web of interference, the fingerprints of a key player came to light: the Russian Institute for Strategic Studies (RISS).
The RISS developed a strategy, at Putin’s behest, to sway the US election in favor of Donald Trump, reported Reuters.
According to the report, when Trump’s chances of winning appeared to dwindle, the strategy pivoted to undermining the faith of US voters in their electoral system and a potential Clinton presidency.
Their biggest weapon: social media.
Election hacking, misinformation, and online
trolls
The Internet Research Agency (IRA), a Kremlin-linked troll farm, emerged as a formidable force in manipulating public opinion on social media platforms.
According to the official document titled the “Report on the Investigation into Russian Interference in the 2016 Presidential Election,” the IRA launched a massive disinformation campaign, favoring Trump and disparaging Clinton, while provoking and amplifying political and social discord within the United States.
Independent researchers, working on behalf of the Senate Intelligence Committee, uncovered evidence indicating that Moscow’s intelligence officials engaged with millions of social media users from 2013 to 2017.
Their methods involved exploiting pre-existing political and racial divisions within American society. Vox obtained access to these two reports before their scheduled release. The scope of Russian social media propaganda dissemination was extensive, covering various platforms such as Facebook, Twitter, Reddit, Tumblr, Pinterest, Medium, YouTube, Vine, and Google+, among others.
Notably, Instagram emerged as the most heavily utilized platform, largely evading public scrutiny until late 2018.
While this concluded the fact that social engineering was widely used in the election, another question subsequently pops up: were the electronic systems hacked?
The US Senate Intelligence Committee in 2019 investigated into Russia’s 2016 election interference. The first investigative report in the series was published 24 hours after the former special counsel Robert S. Mueller III warned that Russia was moving again to interfere “as we sit here”.
It could not dig up hard evidence of any votes being changed in actual voting machines, but categorically stated that the worst fear has indeed come true.
“Russian cyberactors were in a position to delete or change voter data,” it said.
The committee probe report found “an unprecedented level of activity against state election infrastructure”, mostly looking for vulnerabilities in the security of the automated election systems.
The further reports by the Senate Intelligence Committee in 2019 revealed an unprecedented level of activity by Russian hackers, an audacious trial run to probe the vulnerabilities of America’s election infrastructure.
Election hacking and the bane of connectivity
The scale of the operation was staggering, with intrusions detected in “all 50 states”, reported the Senate Intelligence Committee.
According to the probe, it was a comprehensive assault, targeting the entire back-end apparatus of state election systems – voter registration operations, databases, electronic poll books, and crucial software systems.
The goal: to identify weaknesses that they could exploit to sow chaos and confusion during the election process.
The hackers honed in on three companies that provided states with the critical back-end systems used to verify voters’ identities and registration status.
These companies had increasingly replaced the outdated paper-based methods with more efficient electronic solutions. However, this technological shift also exposed soft targets that Russian intelligence could exploit.
The warning signs came in June 2016, when the FBI issued alerts to states about “bad actors” probing their election systems for vulnerabilities.
By September, FBI Director James Comey testified about the Russian hackers’ attempts to disrupt the election, particularly their interest in state voter-registration databases. These databases proved to be enticing targets, susceptible to manipulation and exploitation.
By the third quarter of 2016, Russian hackers managed to access voter databases and software systems across 39 states.
According to the NSA’s assessment of the situation, the Russian military’s GRU hackers used spear-phishing attacks to compromise login credentials and access election software vendor VR Systems.
With this information, the hackers gained access to internal corporate data, a potential goldmine for orchestrating further intrusions.
There was little evidence that the hacking has directly resulted in the manipulation of votes or tallies. Part of which could be attributed to the fact that the election process in the United States has not been fully automated.
Extrapolate the situation to the global arena, and the threat of hacking covers almost all electronic voting machines that could be connected to a wider network.
Election hacking: A highly possible reality
Based on these developments, we can define election hacking as the complex process that covers a range of efforts aimed at subverting elections, including disinformation campaigns on social media. In its literal form, it refers to cyberattacks targeting election infrastructure to manipulate voter data or vote tallies, thereby casting doubt on the validity of the results.
Hackers have several potential avenues for election manipulation.
According to EJ Hilbert, a former FBI Agent who now serves as a CISOfor-hire, there exist three distinct methods of hacking an election.
The first approach involves targeting the machines themselves, wherein hackers manipulate the technology employed in the electoral process to gain an unfair advantage.
Alternatively, the second method revolves around targeting the candidates themselves, with the intent of stealing and revealing their confidential information, which can potentially sway public opinion.
Lastly, the third approach centers on exploiting the people’s emotions and vulnerabilities by manipulating data to instill fear and uncertainty, thereby influencing their decisions during the voting process.
Take the case of a spam email campaign, which used a clickbait story related to 2016 presidential candidate Hillary Clinton to spread malware.
“As with most major events, the US election serves as valuable bait for malicious spam activity,” the Broadcom report on the incident warned then.
“When seeking news related to the US elections only visit trusted news websites and avoid opening unsolicited emails.”
At the Black Hat convention in 2026, Symantec’s Brian Varner demonstrated a security flaw in an electronic voting machine and the smart card a voter would use to place their vote.
Using a small device to exploit this flaw a hacker could potentially cast multiple votes, tampering with the system.
Past instances of election hacking have been reported in various countries. In Ukraine’s 2004 presidential race, alleged fraud attempts triggered the Orange Revolution and a vote rerun.
In South Africa’s 1994 democratic election, hackers tried to boost far-right candidates but were unsuccessful.
More recently, attempts were made in Bulgaria (2015) and the Philippines (2016). As for the United States, there have been credible reports of malfunctions in electronic voting machines, but no concrete evidence of intentional manipulation.
Countries like India and Brazil have adopted electronic voting and face similar concerns about election hacking.
Estonia, a pioneer in electronic voting, is considered a model for secure implementation. On the other hand, some countries, like the Netherlands and Switzerland, have faced issues with electronic voting and have reverted to traditional methods due to security vulnerabilities.
The rise of digital voting systems has introduced new vulnerabilities to democratic processes, with election hacking posing a significant threat to the integrity of elections worldwide.
While attempts to manipulate elections have been made in the past, concrete evidence of widespread hacking leading to changed results remains elusive.
Nonetheless, the ongoing efforts of state-backed hackers and cybercriminals continue to keep election authorities on high alert, prompting the adoption of security measures to safeguard the democratic process.
