Intelligence Report Blames Putin for Election-Related Hacks

Report to Obama Concludes Russian Leader Sought to Prevent Clinton's Election
Intelligence Report Blames Putin for Election-Related Hacks
Russian President Vladimir Putin

(This story has been updated.)

See Also: Gartner Guide for Digital Forensics and Incident Response

In an unclassified version of a top-secret report, the U.S. intelligence community says that Russian President Vladimir Putin ordered an influence campaign aimed at undermining public faith in America's democratic process and preventing Hillary Clinton from being elected president.

The document, posted Jan. 6 by the Office of the Director of National Intelligence, states that Putin and the Russian government "developed a clear preference for President-elect Trump. We have high confidence in these judgments."

The report says Putin "aspired" to help Donald Trump's election chances by discrediting Clinton. It says the CIA and FBI have high confidence in this judgment while the NSA has moderate confidence.

"Moscow's approach evolved over the course of the campaign based on Russia's understanding of the electoral prospects of the two main candidates," the report says. "When it appeared to Moscow that Secretary Clinton was likely to win the election, the Russian influence campaign began to focus more on undermining her future presidency."

The unclassified report, however, does not provide a "smoking gun" that definitively demonstrates Putin directed the attack on the DNC. Instead, the intelligence community built a circumstantial case against the Kremlin by gathering bits and pieces of evidence. Examples of that evidence: identifying past actions from known Russian hackers and intelligence services that mirrored activities used to influence the U.S. election, either through hacking or other means.

Aspects of Influence Campaign

The report says Moscow's influence campaign blended covert intelligence operations - such as cyber activity - with efforts by Russian government agencies, state-funded media, third-party intermediaries and paid social media users it calls trolls.

Other major points made in the report:

  • Russia's intelligence services targeted both political parties.
  • The U.S. intelligence community assessed with high confidence that Russian military intelligence used the Guccifer 2.0 persona and DCLeaks.com to release U.S. victim information obtained in cyber operations publicly and in "exclusive" leaks to media outlets as well as relaying material to WikiLeaks.
  • Russian intelligence obtained and maintained access to elements of multiple U.S. state or local electoral boards. The U.S. Department of Homeland Security assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying.
  • Russia's state-run propaganda machine contributed to the influence campaign by serving as a platform for Kremlin messaging to Russian and international audiences.

"We assess Moscow will apply lessons learned from its Putin-ordered campaign aimed at the U.S. presidential election to future influence efforts worldwide, including against U.S. allies and their election processes," the report states.

Trump Briefed on the Report

Before issuing the report, the intelligence community briefed Trump on the report. In a statement, Trump acknowledges that Russia consistently tried to break into government institutions, including the Democratic National Committee. But Trump on Jan. 6 stopped well short of agreeing with the intelligence community's assessment that the Kremlin directed hacks against the DNC to sway the presidential election he won.

"While Russia, China, other countries, outside groups and people are consistently trying to break through the cyber infrastructure of our governmental institutions, businesses and organizations, including the Democrat National Committee, there was absolutely no effect on the outcome of the election, including the fact that there was no tampering whatsoever with voting machines," Trump said in a Jan. 6 statement issued immediately after the meeting.

"There were attempts to hack the Republican National Committee, but the RNC had strong hacking defenses and the hackers were unsuccessful," Trump said.

On Jan. 8, however, an aide to Trump said the president-elect now accepts the U.S. intelligence community's assessment that Russia attempted to meddle in U.S. elections and may take action in response once he takes power (see Trump Confirms Russian Hacking Campaign, Aide Says).

Meanwhile, former Senate Intelligence Committee Vice Chair Dianne Feinstein, D-Calif., said she is "appalled the Russian government took the extreme step of interfering with our presidential election, particularly with the goal of tilting the playing field to increase one candidate's chance of winning. There's no question in my mind that Russia engaged in a classic covert action campaign, and today's report confirms that."

But the top Republican in the House, Speaker Paul Ryan of Wisconsin, cautioned that the report should not be used to delegitimize Trump's victory because, as the document points out, the Russians did not interfere with the balloting process. Still, Ryan condemned Russia, noting it has a "track record of working against our interests. ... They clearly tried to meddle in our political system."

Feinstein and other lawmakers, mostly Democrats but also some Republicans, such as Sens. John McCain of Arizona and Lindsey Graham of South Carolina, have called on Senate leaders to establish a select committee to study the Russian hacks. It's a cause taken up by the good-government advocacy group Common Cause. "The integrity of our elections and national security were attacked, and the issue has become too partisan to proceed through normal committee channels on Capitol Hill," says Common Cause President Karen Hobert Flynn.

Senate Majority Leader Mitch McConnell, R-Ky., will make the decision on whether a Senate select committee would be formed. Before publication of the report, McConnell said he favored standing committees - not a special one - to probe Russian involvement in influencing the U.S. election.

DHS Designates Election System as Critical Infrastructure

On Jan. 6, Homeland Security Secretary Jeh Johnson designated the election system as a subset of the government facilities critical infrastructure sector, making it eligible for extra cybersecurity protections.

But political organizations, such as the Democratic and Republican national committees, won't benefit from the new designation. DHS defines the election infrastructure as election-related storage facilities, polling places and centralized vote tabulation locations as well as information and communications technology, including voter registration databases, voting machines and other systems used to manage the election process and report and display results on behalf of state and local governments.

With the worrisome news about Russia's interference in trying to sway the election, supporters of designating the election system as critical infrastructure contend the move would help reassure Americans in the sanctity of the election process. "In the long term, this will put our electoral systems on a more secure footing and maintain public confidence in our elections," says Rep. Bennie Thompson, the Mississippi Democrat who serves as the ranking member of the House Homeland Security Committee.

Some local and state government officials opposed designating the electoral system for critical infrastructure protections, fearing the federal government would take over running their election systems. But Johnson contended there's no need to be concerned. "This designation does not mean a federal takeover, regulation, oversight or intrusion concerning elections in this country," he said. "This designation does nothing to change the role state and local governments have in administering and running elections."

What such a designation does is provide election systems the same extra cybersecurity protections and services offered to the 16 designated critical infrastructure sectors, such as financial services, healthcare and public health and information technology.

(Editor's Note: We encourage you to read the intelligence report and offer your reactions in the space below.)


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.