Less than one month out from the 2016 US Presidential election, it is clear that foreign agents have made their imprint on the electoral process. The Democratic National Committee (DNC) announced in June that they had experienced a compromise that bore all the hallmarks of the notorious Russian adversary designated by CrowdStrike as Fancy Bear, in addition during an incident response investigation, CrowdStrike identified a second actor Cozy Bear. Subsequent announcements from the Democratic Congressional Campaign Committee, the voter registration databases in Illinois and Arizona, and the New York Times also intonated that Russian adversaries likely Fancy Bear had intruded on their networks as well. The Tools, Tactics, and Procedures of this actor are well known within the information security community and have been tracked for almost a decade. Targeting of political parties is not a new phenomena; influencing, manipulating, and embarrassing politicians and statesmen has been critical tradecraft since the dawn of espionage. This is not new, and it is not unprecedented, however understanding the objectives of hostile actors seeking to influence the political process can help us better prepare and hopefully disrupt the objectives of these adversaries.

The Russian Playbook

In February 2013 General Valery Gerasimov, Chief of the Russian General Staff, published an article in Voyenno-Promyshlennyy Kurier (VPK) entitled “The Value of Science Is in the Foresight: New Challenges Demand Rethinking the Forms and Methods of Carrying out Combat Operations”. In this article he explains that ‘a perfectly thriving state can, in a matter of months and even days, be transformed into an arena of fierce armed conflict, become a victim of foreign intervention, and sink into a web of chaos, humanitarian catastrophe, and civil war.’ This statement provides a glimpse at what is possible through the use of what he describes as indirect and asymmetric methods. The article explores the role of private military contractors, special operations, and irregular forces in modern conflict. Gerisamov notes while pondering information warfare that the adoption of technology played a significant role in influencing events in North Africa during what he calls the color revolutions.

Considering the doctrine detailed by Gerisamov in this article, and retrospectively exploring the events that emerged in the last Ukraine election, one can reasonably define a playbook for using indirect and asymmetric to influence.

Leak embarrassing or sensitive documents about unfriendly candidates - in one of the more sensational leaks of a political candidate, 21 year old Valeria Prokopenko a mayoral hopeful for the city of Odessa was the victim of a leaked video. The video features Prokopenko performing a strip tease, and ultimately resulted in her dropping out of the race, paving the way for pro-Russian candidate Gennadiy Trukhanov to become mayor. In 2016 Trukhanov himself became the victim of a leak, the Panama papers exposed his possession of a Russian passport and undisclosed business dealings.

Use Distributed Denial of Service (DDoS) Attacks - As polls were closing during the 2014 Presidential election, a DDoS attack against targeted systems used to aggregate poll results delaying the official tallying of votes by several hours. In the run-up to parliamentary elections in October 2014, the Ukraine election commission website sustained DDoS attacks which rendered it offline. Reportedly the Russian state news agency RIA Novosti quoted the website of the Ukrainian prosecutor general saying “that the electronic vote counting system was out of order and that Sunday's ballots would have to be counted by hand.”

Targeted Intrusions/Destructive Attacks- Reports by the Security Service of Ukraine (SBU) indicate that in the days before the heavily contentious 2014 Ukraine Presidential election, the central election computers were compromised and files were deleted. Ultimately a claim for these attacks was made by Cyberberkut an alleged hacktivist group whose escapades are often prepended by intrusions conducted by groups CrowdStrike closely associates with the Russian government. This attack was further characterized by leaked documents from the Ukraine central election commission, and claims by the SBU that another implant would have released a story that nationalist/right-wing candidate Dmytro Yarosh won 37 percent of the vote. Interestingly Russia’s Channel One aired this story despite the fake story not publishing.

Incite Chaos and Confusion - During the 2014 Presidential election reports from Ukrainska Pravda indicated that outdoor digital advertising screens in Kiev were compromised and used to display violent imagery and accused nationalist politicians of being war criminals. In December 2015 disruptive attacks against the Ukraine power grid enabled by suspected Russian intrusion actors highlighted the ability to utilize information warfare to disrupt critical infrastructure. Such disruptions can create widespread panic and distrust of the political and governmental authorities that are responsible for their safe keeping.

The picture that emerges when reviewing the events in Ukraine over the last several years is a comprehensive attempt to disrupt the political system of a country that broke from Russian alignment. In the wake of the #Euromaidan protests the people of Ukraine ousted a pro-Russian candidate, and began aligning with the European Union initiating a comprehensive and multifaceted campaign against Ukraine.

Disrupting the 2016 US Presidential election

The mark of success of an irregular/asymmetric action against the US election may not necessarily manifest as one candidate winning over another. Simply causing the American people to question the validity of the results would likely cause widespread disruption across the US media, legal, and political systems. In the 2000 election, the United States became embroiled in a confusing and tumultuous debacle as we spent a month discerning who the President elect would be. In this election year which has already been marred with Russian intrusion activity, we must remain vigilant to identify and prevent attacks which may lead to additional leaks, disruptive/destructive attacks, and fake media stories that could disrupt the very fabric of democracy.

To address today’s complex threats, organizations need prevention, detection, visibility, and intelligence that can work together seamlessly and harden defenses against sophisticated and determined adversaries. Modern threats, whether geo-political or economic in nature, are easily bypassing traditional defenses, creating a necessity for the business suite to think about security differently.



