U.S.
intelligence officials have recognized that Russia worked to influence
the outcome of the US elections, and the New York Times has an excellent
summary of what happened. It is a fascinating look at what could be a
plan for future electoral meddling. But perhaps the most amazing fact is
that something as big, complex and arcane as the American elections was
attacked without touching a single voting machine. Now we're fighting
an information war.
Hacks and Fugues
As
NPR pointed out in October, attacking the voting machines directly in
the United States is quite difficult. The American electoral system is
handled at a very local level. Voting machine decisions and how they are
used differ from one state to another.
To
be compromised by hackers, each voting machine would probably need a
custom malware delivered directly to the machines as they are not
connected to the Internet. A Stuxnet-level scheme would be required,
according to which the United States and Israel worked to deliver
physical malware to Iranian centrifuges, but for voting machines in
states, cities, and counties across the United States.
A
war of information, on the other hand, is a smaller matter, cheaper and
more scalable. Attacking the inbox with phishing emails is well
understood by the attackers and is very difficult to prevent. There are
no malicious attachments, only well designed links to mislead
involuntary victims to navigate to malicious sites and freely renounce
their personal information. These attacks take advantage of the human
beings that operate the computer, instead of the computer itself. In the
case of Hillary Clinton's campaign president, John Podesta, phishing
email was convincingly disguised to look like a Google security alert
and even encouraged him to activate the identification of two factors in
his account.
If
the attacks had stopped with Podesta, the Russian objective of shaking
the American elections would have achieved a minimum of success. But
they did not stop, and every step on the way – the DNC hacks, the
dumping of the data by WikiLeaks – was built in the last. The slow
release to the public of those emails, on the other hand, kept the
subject in the news.
This
contrasts with direct attacks on voting machines or other electoral
infrastructure pieces. If malicious software had been found on voting
machines, before or after November 8, the success (potential or not) of
that malware is immediately denied. It is easy to imagine America
putting aside its internal political problems and closing ranks against
an outsider intruder. By opting to release a steady stream of
embarrassing information, however, the Russian attackers did not leave a
single smoking gun.
No risk, just reward
The
use of low-level attacks and leaks also follows a hacker tactic of
flying under the radar. Hacking emails is something that developed
nations do with each other all the time. It's so low it's almost
ridiculous.
It's
the kind of thing that can be put aside when diplomats sit down to
discuss trade agreements or even mock like a piece of campaign theater.
But attacking the voting machines directly is the kind of thing that
leads to sanctions, breaking diplomatic ties, isolation, and perhaps
war.
So
Russia chose to meddle with an already contentious election through
false news and a large number of leaked documents that paralyzed a
political party, emboldened the Republican Party and paralyzed the
government in the Chair. He took a little risk, shamed the American
political system, and won a friendlier White House.