30+ Years of Freedom of Information Action

Cyber Brief: 2016 Presidential Election

Published: Feb 21, 2018

Edited by Michael Martelle

Cyber Brief: 2016 Presidential Election

On Friday February 16th, 2018 the United States Justice Department indicted three organizations and thirteen Russian individuals for Conspiracy to Defraud the United States and Conspiracy to Commit Wire Fraud and Bank Fraud related to actions before and after the 2016 Presidential Election designed to manipulate American politics. Today’s posting includes the indictment as well as a selection of documents from the Cyber Vault pertaining to Russian use of cyberspace as a tool of political influence.


New to the Cyber Vault

From the Cyber Vault

Rep. Tom Carper, Ranking Member, House Committee on Homeland Security and Governmental Affairs, Letter to Terry McCauliffe and Brian Sandoval, September 14, 2016. Unclassified.

This letter from Rep. Tom Carper, written in response to reports of possible Russian cyberattacks on state elections systems, provides information to two officials of the National Governors Association on cyber security resources available from the Department of Homeland Security.

Barack Obama, Executive Order, "Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities," w/Annex. December 29, 2016. Unclassified.

This executive order announced publicly acknowledged measures taken by the Obama administration in response to Russia's alleged involvement in the hacking of Democratic National Committee and other computer systems. The annex identifies the entities targeted by the measures - including the Russian security service (FSB) and military intelligence (GRU).

National Intelligence Council, Background to "Assessing Russian Activities and Intentions in Recent US Elections": The Analytic Process and Cyber Incident Attribution, and National Intelligence Council, ICA 2017-01D, Assessing Russian Activities and Intentions in Recent US Elections, January 6, 2017. Unclassified.

The Intelligence Community Assessment concerning Russian activities and intentions in recent U.S. elections is an unclassified version of a joint CIA-FBI-NSA assessment. It begins with the observation that "we assess with high confidence that Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election," and includes conclusions about the nature of the campaign, the extent of the effort compared to previous efforts, and the existence of a "new normal" in Russian influence efforts. An annex consists of a December 2012 report on Russian televisions attempt to influence U.S. politics.

National Cybersecurity and Communications Integration Center, Department of Homeland Security, AR-17-20045, Enhanced Analysis of GRIZZLY STEPPE Activity, February 10, 2017. Unclassified. [4006]

This report is a greatly expanded version of the GRIZZLY STEPPE analysis released in late December 2016, and focuses on the use of the Cyber Kill Chain model (whose components are reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on the objective) to analyze malicious cyber activity.

National Association of Secretaries of State, "BRIEFING: Key Facts and Findings on Cybersecurity and Foreign Targeting of the 2016 U.S. Elections," March 20, 2017.

This two-page briefing on foreign cyber activity and the 2016 U.S. elections makes five points, which concern reports or assertions concerning the "hacking" of the presidential election, Russian intrusions into state and local election boards, attempted intrusions into state and local boards, Department of Homeland Security assistance to the states, and current safeguards and plans to improve those safeguards.

National Security Agency, "Russia/Cybersecurity: Main Intelligence Directorate Cyber Actors, [Redacted] Target U.S. Companies and Local U.S. Government Officials Using Voter Registration-Themed Emails, Spoof Election-Related Products and Services, Research Absentee Ballot Email Addresses; August to November 2016," May 5, 2017. Top Secret//SI//ORCON//Rel to USA, FVEY/FISA.

This top secret codeword report provides details on a GRU (Russian military intelligence) cyberattack on a U.S. voting software supplier and spear-phishing campaign targeting more than 100 local election officials (conducted days before last November's presidential election).

Sen. Mark R. Warner to John F. Kelly, Secretary of Homeland Security, June 20, 2017. Unclassified.

In this letter to the secretary of homeland security, Warner, vice chairman of the Senate Select Committee on Intelligence, notes his concern about the danger of future foreign interference in U.S. elections and urges the secretary to work closely with state and local election officials "to disclose publicly which states were targeted, to ensure that they were fully aware of the threat, and to make certain that their cyber defenses are able to neutralize this danger."

Janis Sarts, Director NATO Strategic Communications Centre of Excellence, "Russian Interference in European Elections," June 28, 2017. Unclassified.

In his testimony before the Senate Select Committee on Intelligence, Sarts presents case-study research conducted at the NATO Strategic Communications Centre of Excellence on the tools used by Russia in conducting influence operations and Western responses before making a series of policy recommendations.

United States Congress, Clint Watts Statement Prepared for the US Senate Committee on the Judiciary Subcommittee on Crime and Terrorism "Extremist Content and Russian Disinformation Online: Working with Tech to Find Solutions", October 31, 2017. Unclassified.

This testimony was presented at a hearing to examine the use of the internet and social media by Russian Intelligence Agencies and extremist groups as well as strategies to counter threatening activity.

United States Senate Select Committee on Intelligence, Testimony of Sean J. Edgett Acting General Counsel Twitter, Inc., November 1 2017. Unclassified. [30122]

This testimony concerns Russia's use of social media to influence American political discourse.