The National Security Agency and its British counterpart issued an unusual warning in October: The Russians were back and growing stealthier.

Groups linked to Russia’s intelligence agencies, they noted, had recently been uncovered boring into the network of an elite Iranian hacking unit and attacking governments and private companies in the Middle East and Britain — hoping Tehran would be blamed for the havoc.

For federal and state officials charged with readying defenses for the 2020 election, it was a clear message that the next cyberwar was not going to be like the last. The landscape is evolving, and the piggybacking on Iranian networks was an example of what America’s election-security officials and experts face as the United States enters what is shaping up to be an ugly campaign season marred by hacking and disinformation.

American defenses have vastly improved in the four years since Russian hackers and trolls mounted a broad campaign to sway the 2016 presidential election. Facebook is looking for threats it barely knew existed in 2016, such as fake ads paid for in rubles and self-proclaimed Texas secessionists logging in from St. Petersburg. Voting officials are learning about bots, ransomware and other vectors of digital mischief. Military officials are considering whether to embrace information warfare and retaliate against election interference by hacking senior Russian officials and leaking their personal emails or financial information.

Yet interviews with dozens of officials and experts make clear that many of the vulnerabilities exploited by Moscow in 2016 remain. Most political campaigns are unwilling to spend what it takes to set up effective cyberdefenses. Millions of Americans are still primed to swallow fake news. And those charged with protecting American elections face the same central challenge they did four years ago: to spot and head off any attack before it can disrupt voting or sow doubts about the outcome.

It is a task made even more difficult by new threats to the election from other American rivals, such as Iran, which has more motive than ever to interfere in 2020 after a drone strike killed its top security and intelligence commander last week in Iraq.

Advertising

The Russians were sloppy in 2016 because they could be: They caught Americans off guard. Now hackers and trolls, who have seen their tradecraft splashed across the pages of American intelligence assessments and federal indictments, are working far harder to cover their tracks. They are, as one American intelligence official put it, “refreshing” their operations.

One of the two Russian intelligence units that hacked the Democrats in 2016, known as “Fancy Bear,” has shifted some of its work to servers based in the United States in an apparent attempt to thwart the NSA and other American spy agencies, which are limited by law to operating abroad, according to federal officials tracking the moves. The other unit, known as “Cozy Bear,” abandoned its hacking infrastructure six months ago and has dropped off the radar, security analysts said.

The trolls at the Internet Research Agency — the now-indicted outfit behind much of the Russian disinformation spread in 2016 — have ditched email accounts that were being tracked by Western intelligence agencies and moved to encrypted communication tools, like ProtonMail, that are much harder to trace. They are also trying to exploit a hole in Facebook’s ban on foreigners buying political ads, paying American users to hand over personal pages and setting up offshore bank accounts to cover their financial tracks, said an official and a security expert at a prominent tech company.

Renewed fear over nation’s election infrastructure

At the Department of Homeland Security, there is renewed anxiety about a spate of ransomware attacks on American towns and cities over the last year. The attacks, officials say, revealed gaping security holes that could be exploited by those looking to disrupt voting by locking up and ransoming voter rolls or simply cutting power at critical polling centers on Election Day. And while large-scale hacking of voting machines is difficult, it is by no means impossible.

There are also weak points up and down the long chain of websites and databases used to tally and report votes, officials said. Run by states or counties, the systems that stitch together reports from thousands of polling centers are a hodgepodge of new and old technologies, many with spotty security.

With the first primaries just weeks away, officials are keeping a watchful eye for hints about what to expect come November. The widespread expectation is that hackers, who may have only a single shot at exploiting a particular bug or vulnerability, will wait until the general election rather than risk wasting it on a primary.

Advertising

Some of the meddling is homegrown. Americans have been exposed spinning up fake websites for Democratic front-runners and paying Macedonians to promote divisive political views. Facebook, the most important digital platform for political ads, also made it clear this week that it would not police political messaging for lies or misleading claims.

With Americans so mistrustful of one another, and of the political process, the fear of hacking could be as dangerous as an actual cyberattack — especially if the election is close, as expected. That is what happened last November in Kentucky, when talk of a rigged election spread online after it became clear that the governor’s race would come down to the wire.

You don’t actually have to breach an election system in order to create the public impression that you have. Chaos is the point.”

“You don’t actually have to breach an election system in order to create the public impression that you have,” said Laura Rosenberger, director of the Alliance for Securing Democracy, which tracks Russian disinformation efforts.

“Chaos is the point,” she added. “You can imagine many different scenarios.”

Still, officials say, the deepest challenges come from abroad. Iran, under harsh sanctions that were not in place four years ago, nosed around the election system in 2018. More recently, Iranian hackers have been caught trying to compromise President Donald Trump’s campaign and impersonating American political candidates on Twitter.

For his part, Trump has already warned North Korea against “interference,” though he appeared to be referring to missile launches meant to embarrass him.

The president has shown far less concern about Russian interference. He has repeatedly questioned the idea that Moscow meddled in the 2016 election, viewing such talk as a challenge to his legitimacy. In his zeal to find another culprit, Trump eagerly embraced a Russian-backed conspiracy theory that shifted the blame to Ukraine, and set in motion the events that led to his impeachment.

American officials, however, are nearly unanimous in the conclusion that Russia interfered in 2016, and that it remains the greatest threat in 2020. Unlike other countries, which are seen as eager to influence American policy, Russia appears, above all, to be interested in undermining confidence in America’s democratic institutions, starting with the voting process.

Then and now, officials and experts said, the Russians and others could bank on one constant: America’s partisan divide, which engenders deep cynicism among Democrats and Republicans alike.

“Our adversaries, including Russia, China, Iran and others, are persistent: They focus on our politics and try to take advantage of existing fissures and American sentiment, particularly if it may weaken us,” said Shelby Pierson, who monitors election threats at the Office of the Director of National Intelligence.

“They’ll try many tactics and can adapt,” she added. “If it doesn’t work out, they try something else.”

Weaknesses in state election systems

In the public imagination, the defining elements of Moscow’s interference in the 2016 election were disinformation and the hacking of Democratic Party emails. But as they look to 2020, many election security officials and experts say the most worrying piece of the Russian meddling was the hacking of state election systems.

Advertising

Election systems in all 50 states were targets of Russian hackers in 2016, though voting went smoothly in most places. In the estimation of many officials and experts, the effort was probably a trial run meant to probe American defenses and identify weaknesses in the vast back-end apparatus — voter-registration operations, state and local election databases, electronic poll books and other equipment — through which American elections are run.

One expert told the Senate Intelligence Committee that Russia was “conducting the reconnaissance to do the network mapping, to do the topology mapping, so that you could actually understand the network, establish a presence so you could come back later and actually execute an operation.”

Of particular concern is the Russians’ hacking of three companies that provide states with the back-end systems that have increasingly replaced the thick binders of paper used to verify voters’ identities and registration status.

Current and former officials say American intelligence agencies determined in 2017 that the companies’ systems had been penetrated. But officials still cannot say how far the hackers got or whether any data was stolen or corrupted.

The companies operate without federal oversight — it is states, after all, that run American elections, yet most lack the resources or expertise to oversee what are essentially tech firms. As a result, little is known about the companies’ security, employee requirements or supply-chain practices, experts said.

One of the targeted companies, VR Systems, provided e-poll books to Durham County, North Carolina, where malfunctions with the electronic systems in 2016 led to scores of voters being told incorrectly that they had already cast ballots or were ineligible to vote.

Though officials concluded last week that configuration errors, not an attack, were to blame for the problems in Durham, experts say the Election Day chaos there highlighted the risk of an attack or ordinary malfunction that blocks voters from casting their votes in swing states.

Advertising

The rise of ransomware — which typically locks a system until victims pay the attackers in a cryptocurrency like Bitcoin — has given another weapon to attackers looking to sow chaos and digitally disenfranchise voters.

American cities and towns faced a record number of ransomware attacks last year, with more than 100 federal, state and municipal governments hit.

Homeland Security officials are investigating whether Russian intelligence was involved in any of the attacks, according to two department officials who spoke on the condition of anonymity to discuss sensitive intelligence. They are looking into whether cybercriminals, who appeared to be motivated by greed, were used as decoys to test the defenses of states and cities that might make ideal targets closer to the election. Among the towns hit hardest by ransomware last year was Riviera Beach, Florida, in Palm Beach County — which played an outsize role in deciding the contested 2000 presidential election.

Manipulating voting machines

In the immediate aftermath of the 2016 election, there was an intense focus on America’s voting machines, particularly the pricey touch-screen devices that lack the paper trail necessary to audit random samples of the tallies or conduct a reliable — if slow — manual recount.

Yet many machines remain vulnerable, as J. Alex Halderman, a professor at the University of Michigan, often demonstrates when he runs fake elections between George Washington and Benedict Arnold, and manipulates the software that prepares the ballots to assure a victory for America’s most famous traitor.

Advertising

“In every single case, we found ways for attackers to sabotage machines and to steal votes,” he told the Senate Intelligence Committee, describing his research.

A study published in December by Interos, a risk-management firm, raised questions about the security of the hardware used in the machines, as well. Two-thirds of the companies that supply critical components for voting machines maintain offices in Russia and China, where foreign companies are regularly required to give security officials sensitive technical information, including software code in some cases. Chinese-owned companies make about a fifth of the voting machine components.

Each of those parts presents an opportunity for foreign interference. “There has been insufficient attention to the potential problems of the actual voting machines being hacked,” said David Dill, founder of the Verified Voting Foundation.

Come November, eight or so states will still be without full paper backup. These include battleground states, like Pennsylvania, that are out of funds to replace paperless machines.