Secret plan to counter Putin’s interference in American elections

Riverside County Prosecutor Michael Hestrin (Michael Hestrin) June 7, was at his workplace when he began to call. On this day in California, held presidential primaries, and frustrated voters wanted to inform the Prosecutor that they are unable to vote. “People called to us in office of public Prosecutor and complained, telling that they tried to vote, but unbeknownst to them, changed the check,” says Hestrin. Soon these complaints had accumulated more than two dozen, and a graduate of the faculty of Stanford Hestrin, 19 years worked at his post, was sent to the district polling places for investigators to find out what the problem is.

First, what they learned, reassured the Prosecutor. Anyone who could not vote, gave conditional ballots, and they voted that way. But when investigators began to dig deeper, the situation began to look less harmless. After election day, more and more people began to report that in the primary election, they had registration problems. Hestrin with the investigators came to the conclusion that at least in six cases, changes to account information made by the hackers who have benefited personally identifiable information such as social security number or driver’s license to get access to registration database of voters of the entire state of California.

But that’s all the traces broke. Head of Chancery of the state of California told investigators Hestrin that the system state did not register the network addresses of the computers who made the change, and so find out the identity of the hackers is impossible. More Hestrin had nothing to do, but it was not the end. Puzzles with voter registration has caused doubts among members of both parties. Local Republicans had openly declared that the Democrats ignored this issue, and then began to blame them for the fact that they are trying to prevent the vote of the Grand old party. The Democrats thought the Republicans invent excuses to explain his defeat in the district polling stations. “This has caused great concern, says the Republican Hestrin holding elective office. — It was necessary to preserve people’s faith in our electoral system”.

Only a few months later investigators found out that the whole point of a hacker attack in riverside County could be just as undermining of the faith of the voters. After the California primary election, Federal authorities have discovered that Russian hackers have penetrated into more than 20 electoral systems at the local level and States, and tried in some places to make changes in voter registration. Analyzing events in riverside County, the leaders on cybersecurity from the White house asking if it was a trial balloon from the Russian side. “It looked as if cyber criminals are checking to what mayhem they can sow on election day, says dealing with this matter the representative of the Federal service of cybersecurity. — Evidence of a crime, and therefore, we may never know for sure. But the intelligence told us that the Russian were bragging about how they did it.”

The endless stream of news it is easy to forget that the main goal of the Russian operation against the presidential elections in 2016 was, as expressed by the representatives of the American intelligence community, “the erosion of public confidence in the American democratic process.” What has happened since the beginning of the spring of 2016 until the close of the polls on 8 November in States and counties across America, is an aggressive attack on the credibility of our elections, and mostly unseen, and a vain attempt of Federal authorities to reflect this attack. The FBI, the Department of homeland security and us intelligence agencies worked to identify hackers and to determine the scope of their malicious operations of influence. The Federal government could help States to protect their voting machines and registration lists of voters, and in the context of increasing inter-party hatred themselves are the victim of suspicions of meddling. In the end, the Federal government realized how little they can do to the failure of the latest Russian attack on the election (they were sure that such an attack will occur), and therefore developed a contingency plan to limit the damage in day of voting and after it.

This plan is 15 pages was developed by the heads of cyber security from the Obama administration. Previously, it was not reported, but TIME managed to read it. The contents of this plan shows how anxious was Washington. The main role in the fight against cyber incidents on election day, in most cases relegated to the States themselves. But in case of “powerful attacks that can lead to serious consequences for the electoral infrastructure,” the plan calls for “emergency response measures”. Among them — sending “of armed law enforcement officers” at the polls if hackers will be able to stop the voting process. In a crisis situation, the plan provides for the sending of active armed forces and reserves, and members of the national guard “at the request of the Federal authority and at the direction of the Minister of defense or the President.” Within three days after the election, a special interagency group needs to track “cyber incidents”, including those associated with stove-piping, causing doubts about the voting results.

The first of November, the White house went to extraordinary measure, organizing exercises with scenarios of attacks on election day. For five hours the national security Council played the script, practicing the issues of interaction of Federal agencies to respond to a real attack. Some scenarios provided a real interference in the voting process, while others included attempts of disinformation to disrupt the elections. When the simulated nightmare scenarios, starting with the refusal of the voters to vote and ending violence at the polls, the exercise participants worked for each Department, and also considered imposed on them legal limitations.

Has come and gone on 8 November, and no real elections did not happen. However, Russia’s efforts certainly gave a certain result, she wittingly or unwittingly helped the Donald trump. Most Americans believe that their own votes are counted correctly; however, their faith in the honesty of elections is still weakening. In 2009, 59% of Americans believed in the honesty of elections, and 40 percent no, according to a survey by Gallup. But by 2015 the numbers have changed, and on the eve of the November vote, against the background of repeated statements trump for fraud, and media reports about Russian hacker attacks, only 30% of Americans believed in the integrity of our electoral process 69 — no.

Such mistrust may increase. Recent revelations and evidence suggests that the Russian operation against the voting system in the field and at the state level was wider and deeper than previously thought. They also showed that our electoral system is still not protected from various attacks that are designed not to disrupt the counting of votes, and to weaken the faith of Americans in the result. That is why it important story about how leaders urgently developed security measures for elections in 2016, and then mired in inter-party suspicion. The fact is that the issue of insecurity of U.S. intervention in the electoral process are not important for the past and for the future.


After about three weeks after a hacker attack in riverside County is one of the Russian agent checked on the website of voter registration one of the 109 electoral districts of Illinois, each of which has its own voting system. But instead of having to enter personal data in one of the fields where it is necessary to specify the name and address, the hacker uploaded there pre-written malicious code, performing the classic hacking operation called SQL injection. Thus, a hacker opened a loophole for hacking all 15 million files of former and current state voter registered since 2006. And almost three weeks of his presence, no one knew.

In such break-ins there is nothing particularly new. Russia for many years probing the American system of voting for local and state level. In 2008, Moscow hacked the computer systems of the headquarters of Obama and McCain. In 2014, the Russians began to act more brazenly. “Before, when we’ve discovered a Russian, they disappeared like ghosts and all, says the former coordinator of the White house on cybersecurity Michael Daniel (Michael Daniel). After 2014, we found them in the nets, but they never left, as if teasing us. They are acting much more aggressive.”

2016 elections have become a new major step in this direction. After hacking in Illinois and the same in Arizona, which occurred at about the same time, cybersecurity experts realized that “started a completely different game,” says Daniel. Russian is not just stealing information for the purpose of collecting intelligence information, as they did during previous election cycles. Team Daniel came to the conclusion that they demonstrate their likely intention to intervene in the voting process.

Illinois discovered the break-in on 12 July, when hackers set off the alarm, trying to download the entire dataset of 15 million voters. The leadership of the state turned the system off from the network and found out that the hackers managed to steal about 90 thousand files that had personal information of rooms driver’s license and last four digits of social security numbers. When Illinois in late July reported this to the FBI, the Bureau sent a group of cyberheaven to the state capital in Springfield, where they keep the computers.

Fortunately for the feds, the leadership of the state did a full backup of all data from the system before and after the SQL attack, and therefore agents able to understand, what did the hackers. The FBI found that they broke in and tried to change and delete the data of voter lists. In particular, they tried to make changes to the names and addresses of the voters. As I understood agents of the Bureau, none of these attempts have not crowned success. And most importantly, the state of Illinois recorded the IP addresses of the attackers. These digital fingerprints, the methods of the hackers and intelligence reports on the Russian plans convinced the Federal government that the hackers were part of a group called Fancy Bear, which is a division of Russian military intelligence (GRU).

According to a former senior Executive from the White house, in the beginning, these revelations seemed “horrendous”. About a week in late July, the FBI thought that Russia plans physical hacker attack on the voting machines and try to manipulate the counting process. In this regard there is an urgent need to understand whether Moscow will actually change the election results. It turned out that in the state the White house is one of the leading U.S. experts on the manipulation of voting machines, which works as the Deputy chief Executive. Professor ed Felten (Ed Felten) from Princeton was known for being the first in his scientific work showed how to hack the voting machine company Diebold.

Together with colleagues from the National Institute of standards and technology developed the security standards of electronic voting machines, Felten and Daniel came to the conclusion that technically hack the machines is possible. “In many places in the United States have voting machines with touch screens that are not protected from manipulation by those who can access them,” says Felten. This cybercommand became concerned that Russia might attempt to discredit any poll workers, and through him to access machines with touch screens before the election. But to do it in a way to change the results of the vote extremely difficult. First, hackers needed to find out what the County can affect the outcome. Then they had to change enough votes to secure the victory, making it so that not to attract attention.

However, this does not mean that all is well and nothing to worry about. After all, the meaning of elections is not to simply count votes, but in the US there is a consensus and conviction that the people freely and fairly expressed their democratic will. To affect such a consensus and change it much easier. “We came to the conclusion that Russia is able to undermine the confidence of millions of voters and to weaken our ability to hold free and fair elections,” — says the former Director of the national security Council in responding to cyber incidents Anthony Ferrante (Anthony Ferrante), who headed operational action against Russian hackers.

May American counter-intelligence began to receive evidence that the Russian military intelligence may try to harm the most likely winner Hillary Clinton. Data about this were not enough, but they were talking about the same thing. The first report on the boastful leader of the GRU was confirmed by subsequent intelligence reports that pointed to an obvious readiness and desire of Russians to intervene. After the break in Illinois and obtain the relevant intelligence team from the White house by mid-August, came to the conclusion that there are three main ways in which Russian President Vladimir Putin could weaken the reliability of the results of the vote.

The first and most dangerous that could Russia do this to make changes in the voter lists. Removing records, it would attract unwanted attention, but by implementing a special program against the registration file, it could, for example, to change the second letter of all the addresses of the voters, and it would go unnoticed. In this case, on voting day, all voters in swing districts would have had to vote by conditional ballot that would create a sense of chaos. Any advocate in this case could in fact cast doubt on the election results.

Another possibility was the manipulation of voting machines, which also has propaganda value. Says Daniel: “We were concerned about this. A hacker could capture on video the process of hacking one machine for voting, and then say: “Here is a video on YouTube. We’ve done this a hundred thousand times in all the United States”, although in reality, nothing like this”. This has given rise to doubts about all of the voting machines in the country, and eventually the credibility of the final result too would be undermined.

Finally, the Russians were able to hack the system of reporting on elections. Real counting is decentralized and is extremely slow. Local election Commission members counting the votes, and then check. Then the secretaries, the electoral Commission of the States and other officials summarize, signing documents, and only then formally approved the election results. Such a decentralized system has its advantages. But on election night almost all of the TV reporters, news agencies and news sites have relied on information The Associated Press. Changes in the reported The Associated Press information or just crippling the computer systems of the Agency, through persistent attacks, the hackers could wreak havoc.

Knowing this, Ferrante began to draw up emergency action plan for election day and on subsequent days in case of a Russian hacker attack. In consultation with election experts from the Ministry of justice, the FBI and Department of homeland security, Ferrante tried to figure out what forces and legal powers of the Federal government to repel the attack.

But it turned out that the validity of the vote can be questioned long before the election day. And suspicion of disrupting the voting in this case will fall, not on Russian, and on the US government. At least so think some Americans.


Donald trump denied any involvement of Russian hackers from the very first reports of hacking appeared in the middle of June. He played with incredible accusations against the National Committee of the Democratic party, stating that the party has carried out hacking against itself, “in order to divert attention from the numerous problems facing its faulty and failed candidate for party leader”. When the story started to grow like a snowball after the publication of stolen e-mails on the eve of the Congress of Democrats, trump began to act even more strongly, pushing contribuinte one after the other. Speaking on August 1 in Ohio, he said: “I am Afraid that these elections will be rigged”.

This partly explains why so tense was the atmosphere on 15 August, when the Secretary of homeland security Jeh Johnson (Jeh Johnson) held a conference call with election officials from each state of the country. 3 Aug appointee of Obama, Johnson said he intends to declare the elections a part of the vital infrastructure of the United States, along with the banking system and energy supply system. In this case, the Federal government would receive access to information about voters at the state level and would open permanent channels of communication with leaders of local electoral bodies. 15 Aug Johnson said at the meeting that the Department of homeland security is prepared to help States, after scanning for vulnerabilities, giving them practical information about threats and providing them cybersettle to protect the electoral system from invasion. But some States were more concerned about the actions of external forces, and the intervention of the Federal authorities, said Johnson and a number of participants. Ready were the leaders of the Democrats in Washington to take over the leadership of the polling stations across the country? The situation in video conferencing escalated, as the participants had the impression that the feds are encroaching on the constitutional rights of States to conduct elections. “We, secretaries of States, faced with the problem of some external forces that attempted to infiltrate into our database, — said the Secretary of the Arizona Republican Michelle Reagan (Michele Reagan), became one of the first victims of Russian hackers. And they responded by saying: “Let us take control of the infrastructure of the elections.” But this is contrary to the Constitution and laws of our state.”

Distrust of the Federal government also prevented the White house to respond to the Russian attack. Obama was already concerned about the possible escalation in the cyberwar with Russia in that case, if he answered launched by Russian hackers. About it at the time, unofficially told officials from the White house. And since trump has increased the distrust of government, Obama refused to take tough measures against Russia because he did not want to over-politicize the situation. He believed that tough action against Russia will benefit Trump because there is the impression that the White house is trying to help elect Hillary Clinton. “This topic is constantly present in the conversations, says a former senior official from the White house — as some heads of States suspected that our actions promote the interests of the Democratic party.”

Trying to convince people of the danger, the feds watched, how large was the Russian intervention. August 18, three days after Johnson convened the meeting, the FBI sent all States an urgent notification with information about the hackers collected in Illinois and Arizona. By mid-August the group of Daniel came to the conclusion that the GRU has penetrated into the electoral systems of Florida and new Mexico. In Tennessee, hackers broke into the system of campaign Finance at the state level. It soon became clear that the Russian probing will be done in half the American States trying to break everything possible. The only question was, how successful were their actions.

What emerges, is not pleasing to the eye. “In some cases we have seen that they are trying to infiltrate, but fail, says Daniel. In some cases we saw them a little way inside and then get stuck. But there were other occasions when they have gone further and carried out all these checks.” The worst thing was the fact that the us experts saw only the awkward and clumsy efforts of Russian. The Moscow-funded hackers are among the most skilled cyberboys in the world. The Federal government had to assume that there were other incursions, which they not noticed. The fact that they have not seen hacks in other States, just means that they didn’t find them, said one expert.


Paralyzed by the challenges of domestic policy, Obama tried to directly mitigate this threat abroad. During the famous September meeting eye to eye with Putin in the Chinese Hangzhou Obama said that he stopped his actions, and threatened unspecified consequences. The confrontation was captured by photographers. In the photos two of the head cold look at each other.

Some time it seemed that the warning’ll work. “The intelligence community essentially told us that it does not observe the further actions of the Russians in this direction,” says a former senior official from the White house. A US Department of homeland security scanned into the election system across the country, finding and eliminating vulnerabilities. In some States, agreed to host the group of experts on cyber security from the Ministry, who personally checked all the system vulnerabilities. But the relationship between the States and the Federal government remained tense.

And in October, the attacks resumed. GRU conducted an operation against a software company VR Systems, which has put the program and instrument for the election in at least eight States, referred to in the report publication the Intercept. Attackers use the information to make a very convincing email, which was initiated by a phishing campaign against employees of the electoral bodies across the country.

When the vote was only a few weeks, a group of cybersecurity from the White house realized that she could not stop the Russians trying to undermine the credibility of the elections, and so she began to work in the mode of recovery. In late October, the White house has circulated among high-level cyber security experts from the Federal agencies plan on 15 pages, where he talked about how to act in case of an attack on election day. According to Daniel, he told about this plan to the chief of staff White house Denis McDonough (Denis McDonough). But it is unclear whether informed about this plan and about its detail Obama himself. The plan begins with the words that “almost all probable cases of malicious cyberactivity influencing electoral framework”, the feds will rely on the power of state and local authorities. But it also involved active actions of the Federal authorities. In the case of “significant cyber attacks” that could lead to “serious consequences for the electoral infrastructure,” the Department of homeland security, the FBI and the office of the Director of National intelligence was to take “emergency response and allocate the necessary resources.”

Podrazdeleniyah of justice to combat crimes in the elections and protect civil rights switched to enhanced mode, as well as some departments of the Ministry of internal security and the Secret service. The FBI could forward any operational cybergroup of the 56 regional offices for “collection and exchange of information, incident response, as well as actions taken to ensure law and conduct of intelligence.” Four groups of cyberheaven FBI were in readiness in case if “there is a need in liberazzione when receiving requests for assistance”. However, the plan indicated that they could not act independently without the permission of the FBI. Some officials from the Obama administration told us that the plan and provided them authority in the event of a crisis situation was similar to the measures implemented in case of natural disasters.

In reserve were a more powerful force. The plan of the White house was for the use of the army reserve. “The Ministry of defense can support civil authorities in the event of cyberincidents at the request of the Federal authority and at the direction of the Minister of defence or the President”, — is spoken in the document. Two people familiar with the plan, the source reported that cyberexperts from the Pentagon was if necessary to join the work on liquidation of consequences and investigation of the attack.

At six o’clock in the morning on the day of voting Ferrante opened the door into a “second situation room”, which is an exact copy of the reserved meeting room of the President in the West wing, which is located near Executive management. Eisenhower. In a closed system video his team contacted the control points of the FBI and the Department of homeland security, which was responsible for the security during the elections. They were joined by the coordinators of the Ministry of justice for crimes related to elections, and agents kiberrazvedki from the office of the Director of National intelligence. Experts on Russia from the CIA, NSA and other intelligence agencies were in touch via classified e-mail from the Joint world intelligence communication system, JWICS.

During the day, received reports, vividly reminiscent of events in riverside County, and even more serious. In Colorado database of voter registration was down for about 30 minutes. In Utah formed a queue, since this state in the most incredible way has become a battleground thanks to independent candidate Evan Macmullin (Evan McMullin). At some point I received information that I had to double-check. But in the end the interruptions were there no more than in a normal situation at a General election, and overall voting went smoothly in Utah. When polling stations were closed, and there was an ad about winning trump, many of cybergraphy the White house, glad that no destructive attacks were not.


25 November, when there was talk about problems with the vote in Wisconsin, Pennsylvania and Michigan, the White house issued a statement which said: “We support the election results that accurately reflect the will of the American people. We believe our elections are free and fair from the point of view of cybersecurity”. But although the calls count the voices died away, began increasingly to doubt the security of the electoral system.

Senior head of special services told TIME that the division of the cyber security FBI, Department of homeland security and the White house all autumn trying to ensure the security of the vote. But counterintelligence operation of the FBI, which aimed to find out whether the Russian was trying to help Trump seriously began only after the elections. In the background the attention of the FBI cyber division and the leadership of the counterintelligence paid emails, Clinton, is in retrospect inexcusable miscalculation. Investigation counterintelligence against Russia received assistance from intelligence “only after the election,” said the senior leader. “I think because nobody believed in the victory of trump, accordingly, nobody paid serious attention to Russia’s attempts [to help him]”, he said.

At the same time, remained some disagreement in the question about who poses a real threat to the American electoral system. Georgia was the only state not to have consented to certain types of assistance from the Federal government, what they say knowledgeable officials. But when the government of this state began to search for intruders, they found the employee of the Ministry of internal security, which is November 15, scanned their system. The Ministry studied the matter and reported that it was a member of the Federal training center in Glynco, Georgia. He checked whether the candidates for admission to service in the Ministry licensed to work by armed guards. This information is stored in the same system as the data about voters. The inspector General of the Department of homeland security John Roth (John Roth), too, made inquiries and came to the conclusion that the employees of his Department did not conduct unauthorized scanning of the electoral system of Georgia.

While some officials States still resent the abuse of power, Federal authorities, many are unwilling to recognize the magnitude of danger posed from abroad. The Russian managed to hack more than 20 systems at the state level, according to the employee of the Ministry of homeland security Janet Manfre (Jeanette Manfra). But when revision TIME started to call the electoral bodies of the States, it was found that only two of them in Arizona and Illinois, knew or had agreed to admit that they were hacking. And when the editors asked Illinois to confirm that the Russian attackers tried to amend the information, state officials at first denied this fact, but then confirmed, upon inquiry from the technical staff.

Inter-party suspicion today strong on both sides. On may 11 the President, trump announced the creation of the Commission for the verification of the election results. Nominally, it shall “study of the vulnerability in systems for voting”, but the first pancake she turned out lumpy because the Commission had requested a huge amount of personal data about voters in every state. For this reason, Vaneetha Gupta (Vanita Gupta), who headed under Obama the civil rights division in the Ministry of justice, said that the true purpose of the Commission of the tramp — “to lay the groundwork for pressure on voters,” by limiting the vote of minorities, who typically support Democrats.

In fact, the Commission has trump asked for information of the electors only to the extent that the law allows. But this raises the same suspicions as last year Obama’s attempts to work with the United States. Arizona Secretary Reagan said that she refused to communicate to the Commission the trump requested personal information. Now, she says, her future rival in the Republican primaries criticized her for what she did not support trump. “But I remember well how all the States have said, “Hell, no, we do not support the invasion of the Federal government in elections”,” she notes.

The result may be that to ensure the security of future elections will be even harder. Meanwhile, Republicans from the house of representatives trying to cease funding in the amount of eight million dollars, which annually receives Commission on electoral assistance, giving States guidance on the conduct of safe and credible elections. The Republicans call it, the office is inefficient and unnecessary, saying its functions could take with a weakness of the Federal election Commission. Democrats argue that to deny funding is a tiny office to be reckless, especially now. Democratic Senator Amy Klobuchar (Amy Klobuchar) introduced the bill on the reimbursement of the Commission for the promotion of elections and the allocation to the States 325 million dollars to improve the infrastructure of the elections, the extension of opportunities to vote and strengthening cyber security. But he found no support from Republicans.

And in riverside County, security issues in the election remain the center of attention. Next month the County will conduct voting for the election of district boards of water management, and in November there will take place General elections to the bodies of communal services, libraries, and schools. The County Registrar Rebecca Spencer (Rebecca Spencer) says that it works with one member of the lower house of the state legislature, seeking the right to receive mail and text messages sent by the voter in making changes in their personal data. The district attorney Hestrin supported the bill, but worried about possible doubts voters. “People’s faith in the system is a fragile thing,’ he says. — When people lose faith in the honesty and fairness of elections in danger is the whole system of government.”

Your story gave Jack Brewster (Brewster Jack) and Emma, Talkoff (Emma Talkoff).