WASHINGTON – A sinister portrait of Russia’s cyberattacks on the U.S. emerged Wednesday as current and former U.S. officials told Congress Moscow stockpiled stolen information and selectively disseminated it during the 2016 presidential campaign to undermine the U.S. political process.
The Russians “used fake news and propaganda and they also used online amplifiers to spread the information to as many people as possible,” Bill Priestap, the FBI’s top counterintelligence official, told the Senate Intelligence committee.
While he said the Russians had conducted covert operations targeting past U.S. elections, the internet “has allowed Russia to do so much more” than before. But, he added, the “scale and aggressiveness” was different this time, with the primary goal being to sow discord and aid the candidacy of Republican Donald Trump, the eventual winner.
— NPR (@NPR) June 21, 2017
Russia’s actions did not change the final election count, they said, but warned that Moscow’s efforts will likely continue.
“I believe the Russians will absolutely try to continue to conduct influence operations in the U.S.,” which will include cyberattacks, Priestap said.
Jeanette Manfra, Department of Homeland Security (DHS) undersecretary for cybersecurity, said there is evidence that 21 state election systems were targeted, but she told the Senate intelligence committee she couldn’t disclose the identities of the states because that was up to the states. Last September, DHS told a news agency that hackers believed to be Russian agents had targeted voter registration systems in more than 20 states.
Former Homeland Security Secretary Jeh Johnson from the Obama administration told the House Intelligence committee that Moscow’s high-tech intrusion did not change ballots, the final count or the reporting of election results.
Johnson described the steps he took once he learned of the hacking of the Democratic National Committee (DNC), his fears about an attack on the election itself and his rationale for designating U.S. election systems, including polling places and voter registration databases, as critical infrastructure in early January, two weeks before Donald Trump’s inauguration.
“In 2016 the Russian government, at the direction of (President) Vladimir Putin himself, orchestrated cyberattacks on our nation for the purpose of influencing our election — plain and simple,” Johnson said.
Johnson described his discussions with state election officials about ensuring the integrity of the voting process. He said 33 states and 36 cities and counties used his department’s tools to scan for potential vulnerabilities.
He also said he contacted a news agency, which counts votes, and its CEO, Gary Pruitt.
“Prior to Election Day, I also personally reviewed with the CEO of The Associated Press its long-standing election-day reporting process, including the redundancies and safeguards in its systems,” Johnson said.
And while Johnson said Russia did not “through any cyber intrusion alter ballots, ballot counts or reporting of election results,” he said he was “not in a position to know whether the successful Russian government-directed hacks of the DNC and elsewhere did in fact alter public opinion and thereby alter the outcome of the presidential election.”
Johnson also said he was not happy that he learned well after the fact that the DNC’s computer systems had been hacked. He said he became aware of the compromise “sometime in 2016,” and that when he pressed his staff on whether the DHS had been sufficiently proactive to help identify the intruders and patch vulnerabilities, the answer wasn’t reassuring.
“The FBI and the DNC had been in contact with each other months before about the intrusion, and the DNC did not feel it needed” Homeland Security’s assistance at that time.
He also said he wasn’t aware that the FBI had opened a counterintelligence investigation into possible collusion between the Trump campaign and Russian officials. But he said former FBI Director James Comey would not have undertaken such a probe lightly and without a basis for doing so.
Johnson was homeland security chief for the Democratic president from December 2013 to January 2017.
The Senate committee was hearing from officials at DHS and the FBI’s counterintelligence division. Special counsel Robert Mueller is conducting an inquiry into possible collusion between the Trump campaign and Russian officials.
Trump has decried the investigations as witch hunts and has rejected the assessment by U.S. intelligence agencies that Russia’s hacking and disinformation campaign was intended to aid his candidacy.
Johnson’s designation of U.S. election systems as critical infrastructure was aimed at providing more federal cybersecurity assistance to state and local governments.
Johnson announced the shift on the same day as the release of a declassified U.S. intelligence report that said Putin “ordered” an influence campaign in 2016 aimed at the U.S. presidential election. That report said Russian intelligence services had “obtained and maintained access to elements of multiple U.S. state or local electoral boards.”
Jeh Johnson on Obama not addressing Russia more: “We were very concerned that we not be perceived in taking sides in the election.” pic.twitter.com/io8Yx4qAo3
— Kyle Griffin (@kylegriffin1) June 21, 2017
None of the systems targeted or compromised was involved in vote tallying, the report said, and there was no indication Russia’s prying changed vote counts in key states.
But Johnson’s decision triggered an outcry from state and federal election organization officials. They complained that Johnson’s department failed to respond to questions and concerns they had about the designation before the change was made.
U.S. elections are highly decentralized. Voters cast ballots in roughly 185,000 precincts spread over 9,000 jurisdictions during the 2016 presidential election. Elections are also subject to rigorous and elaborate rules that govern how and what equipment is used.