But they went from propaganda to deliberate interference in this election,” John Hultquist, senior director of FireEye, a Silicon Valley security firm, said after Wednesday’s announcement.
“Their aim here is to address existing fears that electoral infrastructure is subverted and hacked, as well as fears of voter intimidation,” he said.
Mr. Ratcliffe and Mr. Wray have spoken little about Russia. Still, until the wave of fake emails, Moscow was the first concern of the National Security Agency, the United States Cyber Command, and the CyberInfrastructure and Security Agency of the Department of Homeland Security, responsible for helping states secure their voting systems.
Two weeks ago, Cyber Command, part of the military, helped cripple a complex network developed by Russian-speaking hackers and used in ransomware attacks on towns and villages across the United States, as well as many businesses. Microsoft led a team of companies doing the same, armed with court orders allowing them to remove the command and control servers used to distribute the tools, called TrickBot. The decision was made to disrupt the system, not to be used to lock voter registration systems.
In recent days, another Russian hacking group called Energetic Bear, often linked to the FSB – one of the successors to the Soviet Union’s KGB – appears to have focused its attention on access to state and local government networks. This has attracted federal investigators’ attention, as until now, the group has primarily targeted energy companies, including utilities.
But there is no evidence that hackers directly attacked an electoral infrastructure. Cybersecurity experts fear that they might attempt to move sideways through voter registration databases once inside local government networks.
So far, there is no evidence that they have attempted to do so, but officials have said that such a decision will only happen in the final days of the election campaign, if at all.