Microsoft announced this week it has detected and blocked six recent attempts by Russian military hackers to attack the conservative Hudson Institute and the International Republican Institute. The attempts were launched by the same team of hackers, known as Fancy Bear among other nicknames, who broke into the email system of the Democratic National Committee in 2016.
In the past two years, Microsoft said, it has taken down 84 fake websites associated with Fancy Bear and has detected Russian attempts to hack into the electronic communications of at least three unnamed Members of Congress.
This is concrete evidence that Russia is still trying to disrupt American politics and sow distrust of our system. We must take action.
Facebook also recently announced that it had removed more than 650 fake accounts, pages and groups linked to both Russia and Iran that were apparently seeking to manipulate residents in the United Kingdom, Latin America and Middle East.
Sen. Lindsey Graham, R-S.C., rightly says that new and more stringent economic sanctions should be imposed on Russia until it stops messing with our electoral politics as well as our critical infrastructure.
On Tuesday, Sen. Graham chaired a Senate hearing on the cyber threat to American institutions and infrastructure. He said, “Our nation is under cyber-attack. ... Not just by Russia, by other outside influences. ... We’re beginning to react, but not quick enough and not forcefully enough.”
And with such obvious attempts from hostile foreign regimes to intervene in American politics, not enough progress is being made to harden our voting systems against fraud.
The gold standard for a verifiable election result is a count of paper ballots and a high-speed, high-accuracy form of auditing known as “risk limiting.” Only three states have both elements of the gold-standard approach.
South Carolina is purchasing new voting machines that will have a paper trail to replace the existing machines, which provide only electronic files. A new audit system will then have to be devised. It appears that a risk-limiting approach will not only be less costly than a traditional audit but will have the advantage that it can become a regular feature of post-election verification.
It would be difficult for hackers to manipulate enough voting machines remotely to sway the results of a national election. But a paper trail also guards against mechanical problems, user error and other more mundane challenges in addition to cyber threats.
Unfortunately, the new South Carolina machines will not be in place this fall. The plan is to introduce them for the general election in 2020. The state will be able to draw on a $6 million federal grant this year to help finance the transition, but the Legislature decided to wait until at least next year to come up with the rest of the funding needed to complete the upgrade.
Cybersecurity to protect digitized voter rolls is also a critical concern. Earlier this month, presenters at a major computer security conference demonstrated how even novice hackers can easily break into voter rolls if they are accessible online.
The threats to the integrity of our elections are clear. Now is no time to let up on security.