Technology
The next Russian attack on U.S. elections could be more serious than Facebook memes
This is not a drill. Nor, alas, is it the fever dream of a Cold War hack novelist, as much as it sounds like one. In 2017, Russian hackers gained control of the U.S. power grid to the point where they could cause blackouts. And the U.S. government doesn’t know if they’re still able to do it.
Worse yet, there’s reason to believe this is part of an attack on the 2018 election — one that could make Russia’s pivotal 2016 shenanigans (its fake news machine, DNC email hacking, voter registration hacking and Facebook meme-making) look like child’s play.
We learned about a Russian attack on American infrastructure when the FBI and the Department of Homeland Security released a report in March, but we didn’t know how bad it was until a DHS briefing on Monday. Hundreds of utility companies had fallen victim to the hackers; there may be many more out there that have been hacked and don’t know it. Energetic Bear managed to get into the control rooms of power stations, even into supposedly secure “air-gapped” networks, via vendors.
“They got to the point where they could have thrown switches” and blacked out portions of the U.S., one DHS analyst told the Wall Street Journal.
Not bad for what the FBI report described as a scouting mission. The hackers, part of a Russian group called Energetic Bear (seriously) were simply figuring out how U.S. power plants work, and how they report data.
Could Energetic Bear still do that? Have the Russians found their way around minimal belated cybersecurity fixes? The DHS admitted it doesn’t know, and the point of the briefing was to sound the alarm as loud as possible.
There’s a lot of that going on at the lower levels of the U.S. government right now — even as the man at the apex of the federal pyramid continues to downplay, deny, or dispute evidence of Russian hacking.
Electric dreams
So what does this have to do with the 2018 election? To begin to answer that, you have to think like Vladimir Putin — and like any good detective, you have to look at his modus operandi.
Is Putin some mustache-twirling B-movie villain who wants to throw a switch and plunge the U.S. into darkness? Of course not. He’s a Cold War guy, a KGB agent versed in subterfuge and sowing just the right amount of chaos. He annexed Crimea under cover of a dodgy referendum overseen by Russian troops and invaded Ukraine with “little green men” in unmarked uniforms. Russian critics in the UK have infamously fallen victim to a series of subtle poisonings.
And then there was his extraordinary involvement in the 2016 election, as detailed in the latest Robert Mueller indictments. Two years later, we’re just starting to find out how he helped to swing an extremely close election.
Putin doesn’t exactly have plausible deniability for these actions, but what you might call implausible deniability. His goal is to be able to smirk and shrug and say “it wasn’t me” — even if you don’t believe him, even if he’s standing next to a pliant American president whom he helped elect.
The last thing Putin wants to do is turn his Cold War hot, to rouse the sleeping giant of America with an attack of Pearl Harbor proportions. So why on Earth would he aim to gain control of the U.S. electric grid?
One possible motive is that it could help him to subtly manipulate the U.S. electoral process again, to keep a compliant party in power and help fend off further investigation of Trump’s long-standing Russian connections.
In 2015, Russia pulled off what is generally regarded as the world’s first successful cyberattack on a power grid, in Ukraine. Some 230,000 people were left without power for up to six hours: not the largest attack imaginable, but plenty disruptive. Interestingly, the attack used the same malware that Russian IP addresses had previously used to hack Ukraine’s elections, as election experts warned a Senate committee last year.
Hard to not have it cross your mind that they could selectively hack the electrical grid in bluer areas on election day, which would have sounded like a 3rd rate sci-fi plot 3 years ago – but it’s something Russia has already done to interfere with stability of other countries pic.twitter.com/lDGuEeCZTq
— ????⚘ɪꜱ ɴᴏᴛ ꜰɪᴄᴛɪᴏɴ (@dutchiegirlie) July 24, 2018
Think like Putin for a minute. You want to avoid Democrats gaining control of either chamber of Congress, because that will give them the power to subpoena crucial documents such as Trump’s tax returns and other potential evidence of monetary relationships between his properties and Russian oligarchs over the years. The GOP in Congress is your ally in this effort because it is doing its level best not to investigate Trump.
Elections in both chambers are currently balanced on a knife edge. Democrats need to gain two seats in the Senate and 24 seats in the House. The Senate math doesn’t look good for Dems this year. As for the House, years of Republican gerrymandering means that even an 8 percent lead nationwide, which Democrats currently hold in the average of generic ballot polls, may not be enough.
If you’re Putin, a “blue wave” that gains the Dems 23 seats still counts as a win.
How do you create conditions that could blunt the edge of the blue wave but still gives you deniability? Well, one effective way would be to cause small, low-level power cuts in specific towns and cities — blue ones that lie within Republican-held districts.
A couple of rules generally hold true in American elections in the 21st century. One, the more populous a district is — the more people are squeezed into the same space — the more likely they are to vote Democratic, even if they’re in a red state. Two, higher turnout also helps Democratic candidates (which is why so many Republicans try so hard to throw people off voter rolls and implement unnecessary Voter ID laws).
So it really doesn’t take a PhD in electoral math to figure out a list of districts where you’d want to lower turnout. What then?
You could do your best to hack electoral offices and campaign officials with “spearphishing” attacks, as Russia is already doing. You could try to remotely target voting machines themselves, which isn’t the easiest thing considering that most are offline. Or you could cause the one thing that makes all voting machines vulnerable: a lack of electricity to operate them.
In a viral Twitter thread on this topic, I used the example of Dana Rohrabacher, the most pro-Russia GOP member of Congress. (Rep. Kevin McCarthy once told fellow Republicans in private conversation that Putin pays two people in U.S. politics, Rohrabacher and Trump; he now says that was a joke.) A Republican in a California district that voted for Hillary Clinton, is in the front line of potential victims of the blue wave. The largest city in his district is Huntington Beach, home to some 115,000 registered voters, a majority of whom are Democratic or Independent.
Let’s say Energetic Bear has gained access to the control rooms at Pacific Gas & Electric, and are able to cut the power provided to Huntington Beach substations on election day, November 6, 2018. The hackers wouldn’t even need to take it down the whole day, nor even the 6 hours they managed in Ukraine, to swing the result. Just a few hours during the evening, after work, which is when most people vote, would do the trick.
Without power for the eSlate voting system used in Rohrabacher’s district, polling stations would be forced to use provisional ballots. They may not have a large enough supply to meet the need. Long lines could discourage other voters, who’d rather rush home to deal with all that perishable food defrosting in the freezer. And you may have removed just enough non-GOP voters from the equation to ensure Rohrabacher’s reelection. No conspiracy necessary; he doesn’t even have to know that it happened.
Now imagine this story replicated in key districts across the country.
Power outages in a handful of key towns on election day for an hour or two would make local headlines and worry election security experts, but to most of us it wouldn’t even look like an attack. Just as we had no clue in 2016 that a number of Facebook groups, ads, and memes ostensibly promoting Bernie Sanders and Black Lives Matter were part of a subtle Russian disinformation campaign intended to hurt candidate Clinton.
We seem to be finding these things out two years too late to stop them.
Manipulating public opinion via Facebook is so 2016. Is power grid hacking Putin’s plan for November 2018? We have no idea. He doesn’t exactly tip his hand in this kind of situation, or ever. But the mere fact that it’s now a plausible scenario — he has the means, the motive and the opportunity — should have Congress rushing to shore up both our power grid and our election system in the few months we have left.
To avoid this vulnerability, there needs to be massive and sustained effort on the federal level. Just as Virginia ditched all touchscreen voting systems when it became clear that they were hackable, we should be helping local districts move to paper ballots or vote-by-mail systems. In cases where it’s too late to switch from electronic voting, we should be making sure all polling places have backup generators. That may be expensive in aggregate, but protecting democracy is probably worth the money per polling place.
But as far as GOP leaders in Congress are concerned, there’s no threat here. Just last week, Republicans in the House rejected a Democratic bid to disperse $380 million in state election security grants.
After all, when you’re the party Putin prefers and you’re struggling in the polls with a profoundly unpopular president, it doesn’t pay to change the status quo too much.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}
-
Entertainment6 days ago
WordPress.org’s login page demands you pledge loyalty to pineapple pizza
-
Entertainment7 days ago
The 22 greatest horror films of 2024, and where to watch them
-
Entertainment7 days ago
Rules for blocking or going no contact after a breakup
-
Entertainment6 days ago
‘Mufasa: The Lion King’ review: Can Barry Jenkins break the Disney machine?
-
Entertainment5 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment4 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment5 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment4 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end