The Russian Election Hack That Wasn’t (This Time)
Viral Russian report shows it’s still too easy to fall for misinformation online.
A report published Tuesday in a Russian newspaper claiming Russian hackers had seized personal details of millions of U.S. voters sparked panic about a repeat of Russian efforts to sway the U.S. presidential election. The story was shared online by a number of high-profile journalists, political commentators, and national security experts, playing on widespread concerns about Moscow’s plans to repeat its successful cyber-meddling in the 2016 election.
The only problem: The story was almost entirely false.
Four years after Russia’s infamous troll factory unleashed a disinformation campaign in the United States, the incident underscores how vulnerable many Americans still are to fake news, especially with much of the populace primed for a repeat of Russia’s use of hacks, online ads, and outright lies to sway U.S. voters to advance its own agenda.
“I was pretty frustrated seeing the number of people who do have political and national security expertise that instantly posted the story on their social media, painting it as true,” said Cindy Otis, a former CIA analyst. “It’s very much a cautionary tale of whether you’ve got two followers or a million, you’ve got to do your due diligence.”
With almost all eyes peeled for another round of foreign interference in the upcoming election—a top U.S. intelligence official warned last month that “foreign states will continue to use covert and overt influence measures in their attempts to sway U.S. voters’ preferences”—the incident highlights how the very notion of interference, whether true or not, can be used to muddy the waters and further confuse potential voters.
“There is certainly an appetite for this sort of story, and everyone is looking for where the Russian interference will come into the election,” said Nina Jankowicz, the disinformation fellow at the Wilson Center. “Because of the lack of information we’ve gotten from the federal government so far, people are trying to fill in the gaps.”
Cybersecurity experts were quick to debunk the most explosive claim in the Kommersant report: that the information had to come from a hack. The kind of data included in the leak is either publicly available in much of the United States or can be accessed via Freedom of Information requests. In some states, such as Florida, voter registration and voting history are by law public record.
The Michigan Department of State denied that its systems had been hacked. “We encourage all Michigan voters to be wary of attempts to ‘hack’ their minds, however, by questioning the sources of information and advertisements they encounter and seeking out trusted sources, including their local election clerk and our office,” said Tracy Wimmer, a spokesperson for the Michigan Department of State.
The FBI and the Cybersecurity and Infrastructure Security Agency issued a joint statement confirming that they had not seen any cyberattacks on voter registration databases or any systems that involve voting. “Early, unverified claims should be viewed with a healthy dose of skepticism,” they said.
Longtime Russia watchers were unsurprised that publicly available data would be traded in Russian online forums, where there is a thriving trade in both hacked and legally obtained databases of information.
“In Russia, you have a lot of people who have access to information like the migration service, police records, loan information, etc., and a real willingness for these people to make some cash on the side by selling access to this data,” said Aric Toler, who spearheads East European and Eurasian research for the open-source investigative site Bellingcat.
The original Kommersant report alleged that Russian internet users were looking to leverage the voter database to claim rewards from the State Department’s Rewards for Justice program, which offers up to a $10 million reward for information on the identification or location of people working on behalf of a foreign government to interfere in U.S. elections using illegal cyberactivities. The article said that one user on the hacker forum had claimed to have received $4,000 from the State Department for sharing a link to a leaked voter database from Connecticut.
That, too, appears to be false. A State Department spokesperson told Foreign Policy that no awards had been paid out under the expanded election interference program, which was launched in early August.
The Rewards for Justice program was established in 1984 by the State Department to collect information on acts of terrorism or terrorists looking to target American citizens. Last month, Secretary of State Mike Pompeo expanded the program to offer rewards for information on foreign election interference.
While the contents of the article have been widely debunked, it remains unclear whether it was slapdash journalism, or the result of something more nefarious. After the Rewards for Justice program was announced, the Russian foreign ministry spokeswoman joked on Facebook that the State Department’s website would crash with people looking to denounce their neighbors for a financial reward.
The Russian political analyst Tatiana Stanovaya described the article as “strange,” adding that it seemed to accuse the State Department of provoking leaks of U.S. citizen data by offering the rewards.
“The Kremlin appears to be preparing for allegations of [election] meddling,” she wrote on her public channel on the messaging app Telegram.
Otis, the author of True or False: A CIA Analyst’s Guide to Spotting Fake News, said that the highly charged nature of social media fuels the spread of disinformation. “It’s never really the ‘let’s step back and pause’ kind of takes that go viral. It’s the emotionally charged, pithily worded hot takes that go viral,” she said.
More U.S. government transparency about foreign interference efforts, as well as more detailed debunking of false stories, could be an antidote by increasing trust in the government and raising awareness about the kinds of threats the country faces, said Jankowicz, who wrote How to Lose the Information War.
Yet the Trump administration is moving in the opposite direction. Over the weekend, the director of national intelligence said that his office would stop briefing Congress in person about foreign election interference, claiming that lawmakers had leaked classified information. The announcement came amid concerns—and some evidence—that the Trump administration is seeking to downplay election threats from foreign actors.
On Wednesday, ABC News, citing internal emails and documents, reported that senior Department of Homeland Security officials squashed the circulation of an intelligence bulletin meant for law enforcement agencies that determined with “high confidence” that Russian operatives sought to sow doubt about the mental fitness of Democratic presidential nominee Joe Biden.
Amy Mackinnon is a national security and intelligence reporter at Foreign Policy. Twitter: @ak_mack