Sanctions, Charges And Disclosures Whirl In U.S. Bid To Defend 2020 Election
Updated at 4:39 p.m. ET
Authorities in government and Big Tech unveiled a number of actions and announcements on Thursday in the ongoing effort to defend the 2020 election from foreign interference.
The Treasury Department announced it's sanctioning a member of the Ukrainian parliament who waged an influence campaign aimed at the 2020 election — one who specifically spread "false and unsubstantiated narratives" about former Vice President Joe Biden.
Three employees of Russia's infamous trolling and influence mill, the Internet Research Agency, also were placed under Treasury Department sanction, and one of them was charged in a criminal complaint by the Justice Department.
Separately, Microsoft Corp. revealed attempts by hacking groups linked to Russia, China and Iran to break into the networks of the two main presidential campaigns.
The developments took place during a week the Trump administration has faced more questions about whether it's appropriately prioritizing the threat of foreign election interference.
A Department of Homeland Security official filed a whistleblower complaint Tuesday, saying that the head of DHS told him to stop reporting on the Russian threat to U.S. elections, allegedly because it "made President Trump look bad."
Taken together, it's a reminder that four years after Russia's attack on the 2016 presidential election, foreign interference remains an issue that never really went away, said Betsy Cooper, executive director of the Aspen Tech Policy Hub.
"I'm not surprised. These are exactly the sorts of attacks we've seen since 2016 and beyond," Cooper said of the Microsoft disclosure. "There will continue to be attacks against our election going forward. That will be a part of the new normal."
Sanctions against a Ukrainian lawmaker
Andrii Derkach, an independent member of Ukraine's parliament, spent much of the past year furthering a debunked corruption narrative about Biden.
That campaign included releasing edited audiotapes that purported to reveal improprieties on Biden's part, and even meeting with Trump's personal attorney Rudy Giuliani in late 2019.
Trump was impeached by the House last year over asking Ukraine to investigate similar corruption claims. Intermediaries sought to make clear to Ukrainian President Volodymyr Zelensky that the flow of military aid to Ukraine would depend on his willingness to announce such an investigation.
Ultimately, the United States released the aid without any such announcement.
Trump and Republicans haven't abandoned allegations about what they call inappropriate activity involving Biden's family and Ukraine, however. Sen. Ron Johnson, R-Wis., said he is conducting an investigation about that; Democrats have said he's playing into the hands of a foreign interference scheme.
On Thursday, the Treasury Department called the narratives Derkach was pushing about Biden "false and unsubstantiated" and said he was operating as a covert Russian agent for the past decade.
"Andrii Derkach and other Russian agents employ manipulation and deceit to attempt to influence elections in the United States and elsewhere around the world," Treasury Secretary Steven Mnuchin said. "The United States will continue to use all the tools at its disposal to counter these Russian disinformation campaigns and uphold the integrity of our election system."
House Intelligence Committee Chairman Adam Schiff, D-Calif., noted the dissonance in the Treasury Department sanctioning a foreign national over pushing information that is similar to statements made by the president and his allies. Trump even retweeted the audio that Derkach shared last month.
"Remarkably, even as the Treasury Department acknowledges Derkach has been an active Russian agent with close connections to the Russian intelligence services, and identifies the narrative that he is promoting as 'false and unsubstantiated,' the president of the United States continues to push out the same false claims and smears," Schiff said.
Election security isn't only about the smuggling of disinformation. It also involves attempts to steal material from U.S. political targets for use in spying or for disclosure to embarrass them.
Microsoft's announcement on Thursday brought a reminder about how that threat remains even as the conversation has shifted during the pandemic.
The company disclosed that it detected intrusion attempts aimed at political consultants aiding both Republican and Democratic campaigns, perpetrated by the same Russian hacking group that successfully breached the network of the Clinton campaign in 2016.
In total, the hacking group was observed targeting more than 200 organizations, including a number of think tanks such as the German Marshall Fund, which monitors Russian election interference.
"What we've seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those who they consult on key issues," Tom Burt, Microsoft vice president of customer security and trust, wrote in a blog post announcing the disclosures.
Microsoft said the group has evolved its tactics since the 2016 election to "include new reconnaissance tools and new techniques to obfuscate their operations," including ones that allow it to automate aspects of its hacking attempts and more effectively disguise its identity.
The company also said a hacking group from China was observed over the past six months as having targeted the noncampaign email accounts of people affiliated with the Biden campaign as well as at least one "prominent" person who was formerly associated with the Trump administration.
A group from Iran was also observed unsuccessfully trying to log into the accounts of officials with the Trump administration as well as Trump campaign staff.
Burt concluded his announcement by urging Congress to send more money to states and localities to support their cybersecurity infrastructure.
"While the political organizations targeted in attacks from these actors are not those that maintain or operate voting systems, this increased activity related to the U.S. electoral process is concerning for the whole ecosystem," he said.
The U.S. intelligence community disclosed its assessment earlier this summer that Russia would prefer Trump be elected in November, whereas China prefers Biden.
The Aspen Tech Policy Hub's Cooper said because of that assessment she fully expects news of more cyberattacks to come to light before Election Day. The only question, she said, is how consequential those attacks wind up being in deciding who wins.
"The actors that have the capability to execute [attacks] are also the ones that have the greatest stake in the outcome of the election," Cooper said.
Sen. Ben Sasse, R-Neb., a member of the Senate Intelligence Committee, said Thursday that the United States needed to continue to send strong messages that it would not tolerate election interference.
"Microsoft's warning is consistent with the intelligence community's long-standing assessments: China and Russia want to sow distrust ahead of the 2020 election," Sasse said. "In Beijing, Chairman Xi [Jinping] wants Biden to win; in Moscow, Vladimir Putin wants Trump to win; both of these miserable SOBs have the same goal of turning Americans against each other."