Moscow Brings Its Propaganda War to the United States
From Ukraine to Germany, Russia has been meddling with elections for years. Now it’s trying to destroy Hillary.
By breaching the servers of the Democratic National Committee and posting nearly 20,000 internal emails online, suspected Russian government hackers appear to have significantly expanded a tactic that Kremlin intelligence agencies have been using in Europe for years: using cyberweapons to try and manipulate elections and sway public opinion.
In Ukraine, Russian-linked hackers broke into vote-counting machines in a failed attempt to throw a presidential election. In France, far-right parties opposed to European Union enlargement — a goal they share with Russian President Vladimir Putin — have received financial support from Russian banks. In Germany, the country’s growing right-wing party has sidled up to Putin’s political movement, and in the Netherlands, anti-EU activists forced a public referendum on a mundane trade pact with Ukraine after Russian-backed news outlets there stoked public concern.
While Hillary Clinton’s campaign manager has openly described the hack as a Russian attempt to help Donald Trump defeat the Democratic nominee, politicians in Europe have for years been struggling to detect and beat back the subtle ways Russian operatives try to exercise influence in their countries. The DNC hack — which is now being investigated by the FBI — simply marks the first time Moscow has taken that propaganda machine across the Atlantic.
“They’re not just conducting cyber espionage to collect and analyze information,” said Justin Harvey, the chief security officer at Fidelis Cybersecurity. “This is collecting information to weaponize it or to affect a process within a country.”
Fiona Hill, a former officer for Russia and Eurasia at the National Intelligence Council, said the hack was evidence that Washington was “back into a kind of Cold War intelligence standoff” with Moscow. While Washington has been busy with wars in Iraq and Afghanistan, a global counterterrorism campaign, and an attempted to pivot to the Asia Pacific region in recent years, she said that “the Russians never changed their intelligence focus” away from the United States.
The election of a President Trump would potentially deliver significant dividends for Moscow since the mogul has spoken warmly of Putin and questioned whether he would come to the defense of NATO allies if they don’t meet their commitments on defense spending. In the run-up to last week’s Republican convention, Trump operatives stripped language from the party platform calling for the United States to arm Ukrainian forces against pro-Russian rebels in the country’s east.
Eugene Rumer, a former U.S. national intelligence officer for Russia, said the Russian penetration of the DNC servers fits into a longstanding pattern of how Moscow has pursued its objectives covertly and without leaving fingerprints. “It’s a pretty diversified toolkit of espionage, information operations, disinformation, bribery, hacking, and financial manipulation,” Rumer said.
Intelligence operatives likely working on behalf of Russia have already shown themselves capable of obtaining internal U.S. government communications and leaking it to embarrass Washington. In 2014, audio surfaced online from an intercepted phone call between Victoria Nuland, a senior State Department official, and Geoffrey Pyatt, the U.S. ambassador to Ukraine, in which she proclaimed, “Fuck the EU.”
The leak of the phone call was widely seen as an attempt to sour relations between EU negotiators working to defuse tensions in Ukraine and their American counterparts. In that respect, the eavesdropping and information operation was a success: A spokesperson for German Chancellor Angela Merkel termed the comment “absolutely unacceptable.”
Elsewhere in Europe, Moscow has spread its largesse in an attempt to boost the popularity of fringe parties who share Putin’s interest in preventing the enlargement of the EU and halting the process of European integration. The Political Capital Institute, a Budapest-based research institute, has identified 15 right-wing European parties in the U.K. Denmark, Italy, Austria, and throughout Eastern Europe that have proven ties to Russia.
France’s Marine Le Pen has repeatedly sought backing from Russian financiers, as she has built out a political movement that would see her country follow Britain out of the EU. In February, her National Front party sought a $30 million loan from a Russian bank to compete in 2017 presidential and parliamentary elections. The request came after she took out $11 million loan from a Russian bank in 2014. That year, her father and the founder of the National Front, Jean Marie Le-Pen, also borrowed more than $2 million from a company owned by a former KGB agent.
And in Le Pen, Putin has found a sympathetic audience for his military adventures in Europe. “I believe that the annexation of Crimea was the result of the major errors committed by the EU,” Le Pen said last year. “The EU participated in legitimising a putsch which allowed the inhabitants of Crimea to in reality rejoin Russia, because Crimea is Russia as everyone knows. One should not see it otherwise.”
In Germany, meanwhile, the right-wing AfD party is forging close ties with Putin’s political movement, especially between the two groups’ youth wings. The party’s skepticism toward NATO and the EU makes it a natural Putin ally, and AfD leaders make frequent pilgrimages to appear at conferences together with Putin confidantes.
While the DNC hack has captured the country’s attention during a fraught political moment in American public life, analysts point out that many of the information operations that Russia has run in recent years actually haven’t been very effective. The Kremlin’s efforts to keep Ukrainian President Viktor Yanukovych in power fell apart in early 2014 when he was ousted from office and forced to flee the country, and its attempt to disrupt Ukraine’s elections also fell flat.
During the waning days of the Ukrainian national elections in May 2014, a group of pro-Russian hackers known as CyberBerkut broke into Ukraine’s central election computers, deleting files, stalling the vote-tallying mechanism, and even, briefly, changing the results of the election. The group also hit NATO websites in 2014 around the time of a referendum in Crimea over its status. “Berkut” is an overt nod to the name of the once-feared security forces used by the government of ousted pro-Russian Ukrainian President Viktor Yanukovych.
But Russia’s interventions in Ukraine have also prevented the former Soviet satellite from drifting too far into the West’s orbit.
There may be a tit-for-tat element behind Russian involvement in the hack and dump. Russian President Vladimir Putin has openly accused Hillary Clinton of of being behind anti-Putin protests in Moscow in 2011 and 2012 when she was secretary of state. “He has a very hard time believing that popular protests in Russia and Ukraine don’t have a U.S. hand behind them,” said Olga Oliker, director of the Russia and Eurasia Program at Center for Strategic and International Studies.
The new hack came to light last month, when the DNC and cybersecurity firm CrowdStrike revealed that the party’s servers had been breached by two hacking groups likely working on behalf of Russian intelligence: the KGB successor organization FSB and the military intelligence arm GRU. According to CrowdStrike, the FSB group, dubbed “Cozy Bear” monitored the DNC’s email and chat communications. The GRU group, dubbed “Fancy Bear” targeted opposition research on Republican presidential nominee Donald Trump and other files of interest.
The two groups used what CrowdStrike has described as superb tradecraft and remained undetected on DNC systems for several months. Fancy Bear broke into the DNC in April; Cozy Bear arrived last summer. The groups appear to have been unaware of one another’s presence on the DNC system, as some of their work overlapped. Both hacking groups were booted from DNC servers last month.
Some of the hackers responsible for breaking into the DNC are well known to U.S. intelligence.
On Friday, WikiLeaks posted a huge collection of emails that appeared to have been stolen from the servers. Their provenance and authenticity remain unclear, but that hasn’t prevented the messages from sparking a political scandal within the party. On Sunday, DNC boss Debbie Wasserman Schultz resigned after emails surfaced showing her organization openly discussing ways of limiting Sen. Bernie Sanders’s chances of the nomination. On Monday, the DNC apologized for what it called “inexcusable” remarks in the emails.
“The leaking suggests to me that the either the mission has changed or that this was the mission all along — to actually influence people’s opinions about the election,” said a person close to the investigation of the DNC breach and who spoke on condition of anonymity to discuss its findings.
The FBI said in a statement that it is investigating the breach: “A compromise of this nature is something we take very seriously, and the FBI will continue to investigate and hold accountable those who pose a threat in cyberspace.”
On Monday, the Russian Embassy in Washington denied any involvement in the leaking of DNC emails. “We see the flood of inadequate and inappropriate allegations that yet again has inundated the U.S. media,” Yury Melnik, a spokesman for the embassy said in a statement. “One can only be surprised by such childish, groundless accusations that are far beyond reality.”
American cybersecurity experts have come to a very different conclusion. Fidelis analyzed some of the technical data associated with the DNC breach and backed the conclusion reached by CrowdStrike that Russian intelligence was responsible.
The claims of Russian involvement to benefit the Trump campaign has sparked a war of words between the Trump and Clinton campaigns. In a press conference Monday morning, Clinton campaign manager Robby Mook repeated his claim that Russian hackers are behind the leak and are motivated by interfering in the election on Trump’s behalf. “What further experts are saying is that they were feeding the emails to hackers for the purpose of helping Donald Trump.”
The Trump campaign has denied the charge, with Trump campaign chairman Paul Manafort saying Sunday night that Mook’s earlier allegations of Moscow working to help the mogul show “they’re pretty desperate.”
“They’re trying to move away from what the issues are in this campaign,” he said. “It’s pretty absurd.”
Asked about the RNC and Trump campaign’s cyber protections to ensure they themselves don’t fall victim to hackers, he responded, “As Mr. Trump would say, we’re not going to tell you that.”
Since the news of the DNC breach first broke, Moscow has appeared to be attempting to muddy the waters. Shortly after the DNC revealed that it had discovered the presence of Russian hackers on its systems, a mysterious figure by the name of Guccifer 2.0 stepped forward to take credit for the attack. He claimed to be working independently, and that he had nothing to do with Russian intelligence. Guccifer 2.0 claimed to be Romanian, but made basic errors when he spoke with Vice in his alleged mother tongue. In short, his appearance bore the hallmarks of an attempt by Russian intelligence to deflect attention from its role in an operation that wasn’t supposed to be discovered.
The original Guccifer was a Romanian hacker perhaps best known for hacking into Bush family members’ emails and revealing photos of former President George W. Bush’s crude portraits.
ALEXEI NIKOLSKY/AFP/Getty Images
Elias Groll is a staff writer at Foreign Policy covering cyberspace, its conflicts, and controversies. @eliasgroll
Paul McLeary is Foreign Policy’s senior reporter covering the U.S. Defense Department and national security issues. @paulmcleary
1Putin's Endgame in Syria Has Arrived 59 Shares
2The Making of a Chechen Hitman 79 Shares
4Erdogan’s Flying Carpet 315 Shares
5The One Place in Syria That Works 98 Shares
7How to Steal an Election in Broad Daylight 715 Shares
8Don’t Blame Hamas for the Gaza Bloodshed 1497 Shares
9John Bolton Is a National Security Threat 5016 Shares