“Don’t count Russia out,” experts warn on election hacking amid relative calm

As the 2018 midterm election season heats up across the country, U.S. government officials say they’ve yet to see digital attacks by Russia on the scale of the 2016 presidential election–but cybersecurity experts warn that it’s too early to tell, noting that it’s still early in the election cycle.

“Right now, there are no indications that Russia is targeting the 2018 U.S. midterms at a scale or scope to match their activities in 2016,” Homeland Security Secretary Kirstjen Nielsen told the National Association of Secretaries of State on Saturday.

President Trump himself appeared at first to go even further, at first saying “no” in response to a reporter’s question Wednesday about whether Russia was still targeting U.S. elections and infrastructure, only for White House press secretary Sarah Sanders to later claim he was simply declining to answer the question. That came just a few days after an appearance with Russian President Vladimir Putin, which saw Trump widely criticized for appearing to reject claims of Russian hacking altogether, though he would claim later in the week that he had misspoken.

And just a few days later, Microsoft vice president for customer security Tom Burt told the Aspen Security Forum that the election cycle hasn’t been completely devoid of Russian interference: the software company has worked with government officials to foil attacks on three candidates who “because of their positions, might have been interesting targets from an espionage standpoint, as well as an election disruption standpoint,” Quartz reports. The candidates were targeted with phishing attacks using domain names designed to imitate Microsoft sites. Still, Burt said, overall, “the consensus of the threat intelligence community right now is that we’re not seeing the same level of activity by the Russian activity groups” as in 2016.

Calm Before the Storm?

Cybersecurity experts contacted by Fast Company generally say they also haven’t seen evidence of 2016-style attacks by Russia–but, they caution, that’s no reason to assume such attacks won’t be launched later in the election cycle.

“We’re not seeing anything at this point that would contradict what Secretary Nielsen has said, though I would stress that I think it’s still early,” says Toni Gidwani, director of research operations at the security firm ThreatConnect. “I don’t take, at this point, the absence of these indicators as a sign that we can take a step back.”

That echoes statements made July 13 by Dan Coats, the U.S. director of national intelligence, at an event at the Hudson Institute, a conservative-leaning Washington think tank.

“As the Department of Homeland Security noted, we are not yet seeing the kind of electoral interference in specific states and voter databases that we experienced in 2016,” he said. “However, we fully realize that we are just one click of the keyboard away from a similar situation repeating itself.”

It could be that international scrutiny, diplomatic considerations or relative lack of interest in a non-presidential election year mean Russian hackers will sit out this election. But it’s also possible they’re simply waiting for closer to Election Day to interfere with party and candidate systems, attempt to breach voter registration systems or unleash some other kind of attack on the election system.

“We would certainly expect them to not do the same thing they would do in 2016,” Gidwani says. “As brazen as this actor is, we absolutely expect to see the adversary learn.”

Unknown Unknowns

In fact, Russian hackers could already be at work on some sort of attack on electoral systems that hasn’t been detected yet, says Malcolm Harkins, chief security and trust officer at cybersecurity company Cylance. After all, hacks on Democratic National Committee machines in the 2016 cycle reportedly went largely undetected for months. Hackers could even have planted malicious code in some infrastructure hacked in 2016, designed to facilitate their re-entry this time around, Harkins says.

“It’s possible there is dormant capability there that was laid during the presidential cycle that could be turned on and activated when the threat actor wants,” he says.

Even if this year’s elections come and go with no serious attempts at tampering, experts say efforts to harden election systems should still continue. Those include keeping malware and phishing emails away from candidate and party servers to replacing outdated, potentially vulnerable voting machines should still continue.

“The takeaway from the 2016 election is still the same, and that’s that the threat to our electoral processes is real and not theoretical,” says Marian K. Schneider, president of the nonprofit Verified Voting.

Nor is electronic political espionage, alive since at least the heyday of the telegraph, likely to fade away any time soon.

“Don’t count Russia out–we haven’t seen the last of political espionage,” says Theresa Payton, who served as White House CIO under President George W. Bush and is now CEO of the security consultancy Fortalice Solutions. “As it relates to nation states as well as cyber criminals, when we unveil their tactics and techniques and we make it harder for them to do, they rarely change their tune and say ‘Oh, I should stop what I’m doing and be a good person now.’”