October 3rd, 2020, 9:04 am
Robert Dannenberg only writes on paper. The former Chief of Operations of the CIA’s Counterterrorism Center sits between colleagues with iPads and laptops. Everyone is typing or writing digitally, but he only has a small notepad in front of him. “Only that is certain,” he says. This is very confidential: At their meeting at the Harvard Kennedy School, representatives of the “Elbe Group”, all ex-military and ex-agents, once in the service of the USA or Russia, talk about their efforts to convince the Kremlin of this to stop its cyber attacks against the US. Or at least adhere to certain limits. None of those present wants to be quoted by name. Leaving aside the commitment to the notepad.
Before the US elections, everyone is nervous because it is considered certain that Russian state hackers were up to mischief in the last election in 2016 and influenced the elections. The Russian state is said to have leaked emails from presidential candidate Hillary Clinton and possibly also hacked electoral infrastructure – or at least made it look like this in order to shake confidence in US democracy.
During the course of the meeting, it becomes clear that the US is so vulnerable on a digital level that it amounts to an invitation to hostile states. “We still have analog rooms that are physically protected, but one click is enough for you to hit you sensitive”, a Russian delegate is said to have said, for example. With such devastating statements, Dannenberg feels confirmed with his paper pad.
The decision to digitize everything – including the election infrastructure – brings problems. Especially when these systems are poorly protected. This is also evident in industrial control systems: “For example, we have 30,000 water treatment plants in this country,” moans a US official in another background discussion. “They are a back door into the system.” How are you supposed to convey security-relevant behavior to hundreds of thousands of employees in small systems, all of which are connected to the Internet in some way? Then there is the 5G infrastructure and the Internet of Things and the associated concerns about China’s growing influence. This dilemma affects every single US citizen who controls their video surveillance via app and uses smart home heating, for example.
However, Selena Larson from the security company Dragos warns against leaning against all attackers or rashly attributing everything to the Russian state. Each of the critical infrastructure hacking groups she watches has its own area and focus. When the cyber threat analyst reports on the characteristics of the various attackers – groups with illustrious names that must not be mentioned here – it is like a biologist who talks about the differences between animal species. Each one has its habitat and its strategy, its niche in the ecosystem.
Attacks on oil and gas facilities, whether in the Middle East, Ukraine or the USA, seem very popular. The new generation of attacks on critical infrastructures is very complex and precisely tailored to very specific components. In the case of the so-called “Trisis attack” on a Saudi Arabian petrochemical factory, the gateway was a control device from Siemens. The attack, which was supposed to override central security systems and in the worst case could have led to a devastating explosion, was foiled at the last minute when another security system was activated. But apparently the story doesn’t end there: Larsen’s colleagues from Dragos recently saw the group behind the Trisis malware active again. Ahead of the US election could be a good time to spread uncertainty and suspicion through further attacks.
Taking everything offline is not a solution either
What helps against it? Hardly everything can be taken offline again. The Elbe Group is trying to fix it now. The delegates report that you can really talk to one another very openly in the group. The Russian side even let it be known this time that they hacked Clinton’s emails in 2016. On the sidelines of a dinner, a Russian Elbe Group participant dropped the following: “I don’t even know what you have. We didn’t write the emails after all, we just made them available to the public. We only brought transparency into the political process. ”Of course, intelligence circles had long before discovered the traces of the hacker group Fancy Bear of the Russian military intelligence agency GRU.
“We are at the very beginning when it comes to cyberspace. We haven’t got any agreements yet, ”Kevin Ryan has to admit in a separate interview. He is a Brigadier General a. D. and former US Defense Attaché in Moscow. Cyber security has become the most important topic on the agenda – and at the same time one of the most difficult in the group’s history. “We founded the group in 2010 to prevent nuclear terrorism,” says Ryan. “We wanted to maintain the dialogue, even if the governments of the two countries did not speak to each other.” The group is so called because at the end of the Second World War Russian and American soldiers met on the Elbe in Germany, “united against the common enemy”. A symbolic name – only that the common enemy is missing today.
The devastating cyber attack Notpetya, which was supposed to target Ukraine, but ultimately caused billions in damage worldwide, shows what makes the USA and ultimately the whole world so vulnerable: The alleged Russian attackers used a security hole in the Windows operating system, which was too was already closed at that time, but not every computer was up to date. The difficult update process of operational technology is problematic, especially with critical infrastructures – the computer systems that control mechanical processes in the plants. There is also the lack of so-called “air gap”: You have no physical separation from systems that are connected to the Internet.
One had hoped to be able to establish at least a kind of hotline, as in the times of the Cold War, says an Elbe Group representative, so that in the event of an impending nuclear war, one could at least call Putin again beforehand and negotiate. “In cases like Notpetya, we could call and say, ‘Stop it!’ That could save lives, ”says one of those involved. But the world is far from that.
What priorities are being set in cyberspace can be seen in a further background discussion with representatives of the authorities: election security is at the top of the agenda – but at the same time the situation seems hopeless in view of the more than 10,000 different US electoral authorities organizing the presidential election. They do not all use the same voting systems, and time and again these have not proven particularly robust. “The voting infrastructure is a system of systems,” says a representative of the authorities, “if I were an attacker and saw this system, then I would laugh up my sleeve.”
Sanctions against or negotiations with those states that shamelessly exploit the vulnerability of the West have so far achieved little. “We see electoral systems as critical infrastructures,” explains defense expert Ryan – and it was once agreed with Russia that there would be no attacks on such systems, even in times of war. But the Russian representatives now told Ryan that it was part of the normal back and forth between states to interfere in the elections of the other. “We’ve struggled through layers of misunderstanding and suspicion, but we couldn’t even agree on the facts,” says Ryan. “It is frustrating.”
Eight different providers of voting systems currently meet the requirements to be able to offer their services in November. The top dog is Election Systems & Software (ES&S), which provides 50 percent of all electronic voting systems: 70 million Americans vote with this infrastructure. And something goes wrong: In 2018, more than 150,000 votes were lost in the state of Georgia in the election for the lieutenant governor. In Indiana, on the other hand, it was no longer possible to determine whether some voters had voted twice. And in 2019 the brand new voting system Express Vote XL, which was supposed to combine voting via touchscreen with a secure printout on paper, failed: In a local election in Pennsylvania, the crosses next to the names of the candidates disappeared.
Paper takes precedence over blockchain
In addition to the technical, there are “human” problems: election officers and their employees in those more than 10,000 electoral authorities are responsible for maintaining and, above all, protecting the registration databases of their voters. However, recently it became known that many of those responsible were sending passwords to databases in unencrypted e-mails or even not changing preset passwords. This could become the central point of attack because, due to the pandemic, many people will probably vote by postal vote.
Voting Works can also be found in the list of approved providers for voting systems. Former MIT researcher Ben Adida founded the non-profit organization with the aim of enabling safe elections. He sees a basic problem in the fact that the electoral systems are out of date: “The election officers in the country can afford to buy new systems maybe every ten years, sometimes even every 15 years,” he says in a discussion at the Harvard Kennedy School. Voting Works works with open source software in order to be able to offer inexpensive and secure systems, and has these checked extensively.
That is why paper printouts of the respective voter votes play a central role for him: “As soon as it is printed on paper, there is no more chance of manipulating the system.” ES&S has also announced that it will no longer produce voting systems without paper backups. Microsoft has also released software called Election Guard for the current presidential election, which protects voting systems from attacks. According to its own information, Microsoft is working with all major voting system manufacturers in the USA in order to integrate the software into their systems.
In West Virginia, there were first attempts to make online voting via blockchain technology so secure that military personnel stationed in other countries can vote online. Experts, however, generally advise against online voting: “Voting by post is much safer,” says Adida. “Databases connected to the Internet are vulnerable. And all criminals out there know that election security is a big issue, ”warns the authority expert. That is why he recommends paper backups of voter registration lists and paper voting papers for emergencies.
Dangerous loss of confidence
It is difficult to understand to what extent electoral systems were actually influenced by hackers in 2016. According to official sources, hacking attempts have been made in many states, but they have not been successful. But the mere fact that there are rumors that the election may have been influenced has destroyed valuable trust.
Another time bomb underestimated by US politics is ticking on social networks. Here, too, scientists observe with great concern how attackers on Facebook and Twitter spend a lot of time building up fake identities and creating personas. Behind it, for example, is the Russian troll factory Internet Research Agency (IRA). She may also have started a conspiracy theory that spread massively on Twitter in June 2020 under the hashtag #DCBlackout: Police and intelligence services interrupted the Internet in Washington via jammers to put down the Black Lives Matter protests.
Darren Linvill, who works on government disinformation campaigns at Clemson University in the United States, sees a new quality achieved here. The so-called #DCBlackout campaign was particularly sophisticated: First the rumor was spread, only to then, presumably, be exposed as false by the same forces. The perfidious thing: They demonstratively used bot accounts for this or at least made it look like that. This would make all democratic forces who wanted to expose that campaign incredible, explains Linvill. “To create this level of doubt is a brilliant Russian move.” He is not yet sure whether Russia is actually behind it; it could also be a copy of a successful Russian strategy in the past.
In the course of his work, Linvill says he repeatedly came across the Internet Research Agency, which organizes state disinformation campaigns on behalf of the Russian government. Even before the US election in 2016, he had identified various forces that had tried to spread misinformation in the US. About salmonella outbreaks in New York state or the devastating explosion of a chemical plant in Louisiana. All residents received text messages here in addition to the campaign running on Twitter. Even some news websites have been faithfully recreated to spread the fake news. An experiment possibly by the IRA, says Linvill – but one of the less successful. “That was too easy to check. People trust traditional media more than they admit, ”he says. At least back then.
In January 2020, he observed how numerous accounts suddenly jumped on the racial conflict in the USA. Linvill, together with the US broadcaster CNN, finally uncovered a possible IRA branch in Ghana: The 16 employees that CNN found on site stated that they did not know who they were working for, but that they had been commissioned to investigate the American racial conflict. the gay and lesbian movement and police violence in the US on Twitter, Facebook and Instagram – at American time of day. They communicated with their client via the Telegram chat app. Facebook and Twitter discovered technical clues and CNN found further substantive evidence that the Russian IRA was behind the alleged NGO in Ghana – but no evidence. The Black Lives Matter Global Network Foundation is well aware that its work is being instrumentalized by outside forces, its director Kailee Scales told CNN: “We will not let that happen.”
According to Linvill, accounts were used in the # DCBlackout campaign in summer 2020 that were previously set up as so-called “personas” and initially dedicated to other topics. For example K-Pop. There is a large community on Twitter that exchanges ideas about Korean pop music. Here it’s easy for bots to find and retweet material like lyrics. Linvill has already reconstructed the “birth” of such accounts very often: As soon as disinformation campaigns like #DCBlackout were launched, such bots, which had previously been spreading unimportant things undetected and therefore not noticed, would be taken over by people and jumped up.
Renée DiResta from the Stanford Internet Observatory has been observing for a long time how forces behind the Russian IRA are taking on the anti-racism movement in the USA. She recently discovered numerous Facebook pages, some of them very successful, which seem to originate from the Black Lives Matter movement, but are actually controlled by Russian fake accounts. “They are building a massive machine of social influence that they can use one day.” But the American right is also a target group. “They are targeting everyone, right, left, black…” After all, a suitable target group is anyone who already has a certain mistrust of the state and its authorities. The goal is to divide society and weaken democracy, so DiResta.
Concerns about the force of such an orchestrated pre-election attack have recently been fueled by the hack of some of the top Twitter accounts. Victims included Joe Biden, Barack Obama, Kanye West, Bill Gates and Elon Musk. The users should transfer Bitcoin to an account, which then doubles the amount and transfers it back. Behind it were allegedly lone perpetrators who convinced Twitter employees to work with them and thus gain access to the accounts. But what if something similar happens shortly before the election, but this time with political messages? Joan Donovan from the Shorenstein Center at Harvard University therefore calls for tweets from such large accounts to be independently verified before they go online. And Facebook must actively look for disinformation and false accounts: “Otherwise they will grow unnoticed for a long time.”
One thing is certain: there will be attempts to influence the US elections – be it in the form of disinformation campaigns, hacks of election software or critical infrastructures. The points of attack for attackers are diverse and can hardly be protected. This could also play into the hands of the incumbent US President Donald Trump, who may not accept being voted out on the grounds of election manipulation.