Steady stream of alerts over threats from China, Iran, Russia hackers
As Election Day finally dawns across the country, U.S. intelligence officials believe at least three hostile foreign powers have the ability to pry inside America's election systems, wreaking cyber havoc when voters head to the polls.
The stunning revelations of China, Iran, and Russia's capabilities to disrupt Tuesday's vote came sandwiched between redactions in a memo from the National Intelligence Council declassified in October.
"We assess that some U.S. adversaries -- at a minimum China, Iran, and Russia or Russian-affiliated actors -- have the technical capability to access some U.S. election-related networks and systems," the memo said. "That said, we assess foreign actors will probably refrain from disruptive attacks that seek to alter vote counts because they almost certainly would not be able to tangibly impact the outcome of the federal election without detection; such activity would carry a risk of retaliation, and there is no indication they attempted such attacks during the past two election cycles."
If these adversaries, and untold numbers of others, decide not to try to interfere on Election Day, they may instead choose from a menu of other options to spawn fear, uncertainty, and doubt among voters. Analysts also have been warning in recent days that the post-election period -- especially if the vote is close -- could be an even more inviting time for hostile hackers.
Here are the major concerns featuring three U.S. adversaries.
China
Intelligence officials have told reporters for several months that China had no plan to influence the presidential race.
"We assess China, for now, does not plan to influence the outcome of the presidential race because it sees little gain in choosing between two parties that it perceives as both seeking to contain Beijing," an intelligence official, speaking on condition of anonymity, told reporters in July.
But doubts about this assessment emerged anew in October when word spread that China's notorious Typhoon hackers attempted to peer inside the phones of the GOP ticket, former President Donald Trump and his running mate J.D. Vance. Targets also included Eric Trump, the former president's son, and people affiliated with Vice President Kamala Harris' campaign, according to CNN.
The U.S. government has not publicly identified the targets of the latest cyberattacks by the Typhoon hackers.
The Salt Typhoon hackers breaching the telecommunications companies may be motivated more by espionage than their counterparts in the Volt Typhoon group, who U.S. officials have said infiltrated and are lurking in American infrastructure systems for future sabotage.
The intelligence community appears more worried that China may attempt to influence down-ballot races.
"China is seeking to influence congressional races with candidates -- regardless of party affiliation -- perceived by Beijing to threaten its core interests, especially in relation to Taiwan," the Office of the Director of National Intelligence said in an election security update on Oct. 7.
Iran
Iranian cyberattackers are growing more aggressive and are taking aim at Mr. Trump and his orbit, according to U.S. officials.
The officials issued a rare alert in August exposing alleged efforts by Iranian cyberattackers to break into the presidential campaigns for both major American political parties.
"We have observed increasingly aggressive Iranian activity during this election cycle, specifically involving influence operations targeting the American public and cyber operations targeting presidential campaigns," the alert said. "This includes the recently reported activities to compromise former President Trump's campaign, which the [intelligence community] attributes to Iran."
The alert from the Office of the Director of National Intelligence, FBI, and the Cybersecurity and Infrastructure Security Agency was a harbinger of things to come from the hostile elements in Tehran.
An allegedly hacked research dossier on Mr. Vance was posted online by independent writer Ken Klippenstein, after larger media outlets reportedly turned down the material amid concerns about stolen data and perpetuating an Iranian influence operation.
Iran denied any wrongdoing and has said it has no intention to interfere in the upcoming election. But intelligence officials are perhaps most worried about what Tehran could do to foment divisions in the American electorate in the days after Tuesday's vote.
"Iran may try to incite violence like they did after the last presidential election," the DNI said in an October 22 election security update. "In December 2020, Iran almost certainly was responsible for the creation of a website containing death threats against U.S. election officials."
Russia
U.S. intelligence officials have assessed for months that Russia is "the most active foreign influence threat" to this year's elections. Moscow wants Ms. Harris to lose, according to the intelligence community.
The DNI said in September that Russia used state media outlet RT and others to develop networks of U.S. and Western personalities to disseminate its messages.
"These actors, among others, are supporting Moscow's efforts to influence voter preferences in favor of the former President [Trump] and diminish the prospects of the Vice President [Harris] through methods such as targeted online influence operations on social media and websites that portray themselves as legitimate news sites," the DNI said in a September election security update.
In October, the DNI said it obtained intelligence showing Russian influence actors manufactured inauthentic content designed to denigrate Minnesota Gov. Tim Walz, the Democratic vice presidential candidate.
The intelligence community has also raised alarms about videos showing someone destroying Pennsylvania ballots and Haitians illegally voting in Georgia as among the Russian forgeries it has detected.
U.S. officials have continuously stressed that they have not witnessed foreign efforts to interfere in the electoral process to hinder voting, in contrast to influence efforts that are intended to shape the outcomes.
But the declassified October memo from the National Intelligence Council revealed the pro-Russia cyber group Killnet 2.0 announced plans in February to interfere in the U.S. election.
"Non-state foreign actors, such as hacktivists, cybercriminals, and terrorists, may have lower thresholds for cyber or physical attacks [than nations]," the memo said. "We cannot, for example, rule out the possibility of an inadvertent attack in which an effort to procure ransom payments from a victim unexpectedly crashes systems needed for election activities, or a situation in which a software or security update goes awry."