US government agencies and social media companies are taking a proactive role in combatting Russian disinformation and cyberattacks ahead of the November midterms.

But a string of recent revelations indicates that, if anything, Russia and other foreign actors are using more sophisticated methods to poke at the weak links in an already explosive US political environment.

One cybersecurity expert described the process as playing whack-a-mole.

"You whack that mole and he pops his head up somewhere else," he said. "You can never sit back and think you've got the adversary figured out, because you don't."

The first sign of Moscow's meddling in the 2016 election came in September 2015, when the FBI noticed that Russian hackers had infiltrated a computer system belonging to the Democratic National Committee.

Three years later, further reporting and testimony from current and former intelligence officials have painted a portrait of Russia's 2016 election interference as a multifaceted, well-planned, and coordinated campaign aimed at undermining the backbone of American democracy: free and fair elections.

Lawmakers and government officials have since said that they have taken steps to combat malicious activity from foreign actors, particularly as the 2018 midterms come around the corner.

But a string of recent revelations indicates that, if anything, the US's adversaries are using more sophisticated methods to continue to poke and prod at the weak links in an already explosive domestic political environment.

Facebook and Twitter take center stage

In July, Facebook announced that it had discovered and shut down 32 phony pages and profiles that were created between March 2017 and May 2018.

The social media giant said the accounts, many of which lawmakers and experts linked to Russia, reached 290,000 users with ads, events, and posts about politically divisive issues like feminism, race, and fascism.

Facebook said one of the most popular pages it shut down was tied to the Internet Research Agency, the notorious Russian troll farm that the special counsel Robert Mueller charged with conspiring to interfere in the 2016 election by mounting a social media disinformation campaign to stoke political tensions.

One month later, Facebook announced it had removed an additional 652 fake accounts and pages that it said were used to influence politics in the US, UK, Middle East, and Latin America. Most of the pages, the company said, were linked to Russia and Iran.

Last week, Twitter joined the fray when it released a massive trove of 10 million tweets it said were tied to foreign influence operations it discovered on its platform since 2016. The disclosure included information about 3,841 accounts the company believes are linked to the IRA, and 770 accounts it says originated in Iran.

Facebook and Twitter made up a key facet of Russia's disinformation campaign during the 2016 campaign season.

Last year, Facebook sent shockwaves through the political sphere when it revealed it had shuttered nearly 500 pages tied to the IRA, which was also accused of buying targeted political ads that approximately 10 million users saw.

Two months later, Twitter revealed to Congress that Russia-linked accounts on its platform "generated approximately 1.4 million automated, election-related tweets, which collectively received approximately 288 million impressions" from September 1 to November 15 of last year.

Both Facebook and Twitter drew criticism following the 2016 election for what critics said was an unwillingness to monitor and root out fake accounts.

The companies' disclosures about state-backed influence campaigns on their platforms in the months leading up to the midterms appear to be an attempt at addressing those concerns, and cybersecurity experts say the move is a step in the right direction.

"What we're seeing is a concerted effort to sound the alarm about a coordinated campaign at the highest levels of the Russian government to interfere in our 2018 midterms," said John Carlin, the former assistant attorney general for national security and the chair of Morrison & Foerster's Global Risk and Crisis Management group.

Jeff Bardin, the CIO of the cybersecurity firm Treadstone 71 and a former member of the US Army and Air Force intelligence community, said Facebook and Twitter made the right call in publicly announcing influence operations on their platforms.

"I think they should have done it earlier, but better late than never," he added.

From Cold War to code war

A tweet from a fake Twitter account believed to be linked to the IRA. Twitter

Lawmakers and experts say that as Facebook, Twitter, and other social media companies take a more proactive role in rooting out influence operations, foreign actors have also begun using more sophisticated methods to cover their tracks.

On Facebook, for instance, some Russia-linked accounts used third parties to buy ads on their behalf and didn't use Russian IP addresses or pay with Russian currency.

The company also said the phony accounts shifted their attention to more heavily promoting events and rallies, which Facebook doesn't monitor as closely as politically targeted ads.

Larry Johnson, the CEO of CyberSponse and a 24-year veteran of the US Secret Service, described the process of countering Russia's activities as playing whack-a-mole.

"You whack that mole and he pops his head up somewhere else," Johnson said. "So it's all about continuously being vigilant and building walls. You can never sit back and think you've got the adversary figured out, because you don't."

Bardin echoed that view.

"Politics is a reflex for a lot of people," he said. "It's all emotion and feeling and thought without evidence, and the Russians love that. They know people are going to go with what makes them feel good — the comfortable lie instead of the inconvenient truth — and their specialty is tapping into that."

Carlin, who previously served as Mueller's chief of staff at the FBI, compared the Russians' use of information warfare to a modern-day "code war."

"It's not like traditional warfare," he said. "There's this low-intensity conflict happening day in and day out affecting companies or individuals or, in this case, our democracy. And like the Cold War, in the code war, the leader of the free world has to take charge."

"He has to recognize that this is not an attack on one person or party, but on us as Americans," he added.

Déjà vu

A tweet sent from a Russia-linked Twitter account. Twitter

Social media isn't the only avenue Russia and other foreign actors are using to meddle in the upcoming midterms.

Earlier this month, NBC News reported that the US Department of Homeland Security said it has identified an increasing number of attempted cyber attacks on US election infrastructure ahead of the November elections, and is working to figure out who or what is behind them.

The disclosure is reminiscent of the revelation last year that election systems in as many as 39 states could have been attacked during the 2016 election, though voting tallies are not believed to have been altered or manipulated in any way.

The news was bolstered by a leaked NSA document published by The Intercept detailing how hackers connected to Russian military intelligence had attempted to breach US voting systems days before the election.

This month, the department's Cyber Mission Center said in an intelligence assessment obtained by NBC News that it is "aware of a growing volume of cyber activity targeting election infrastructure in 2018."

"Numerous actors are regularly targeting election infrastructure, likely for different purposes, including to cause disruptive effects, steal sensitive data, and undermine confidence in the election," the assessment continued, adding that while the federal government does not yet know who is behind the attacks, all of them were either prevented or mitigated.

Both Russia and China are actively working to influence the US political atmosphere, the assessment reportedly said, by spreading disinformation with hackers posing as Americans and through more conventional propaganda efforts.

"The Russians see that they had a lot of success with the 2016 election cycle and what it did to American political discourse and how it took over our news cycles," said David Kennedy, the CEO of the cybersecurity firm TrustedSec and a former hacker for the National Security Agency and the Marine Corps.

"So obviously now we're going to see more mentions of them in news cycles, but they don't slow down in between elections," he said. "It's a concerted effort, a concerted campaign, focused on causing as much disruption as they can for anything that's happening."

'Russia is accelerating its campaign and this isn't the last — or worst — we'll see of it'

Robert Mueller. AP Photo/Andrew Harnik

Experts say that despite President Donald Trump's apparent reluctance to publicly condemn Russia and other foreign actors for their meddling, they're encouraged that the rest of the US government has been aggressive in identifying and publicly prosecuting foreign agents.

Mueller has so far charged 25 Russian nationals and three Russian entities as part of his investigation into Russia's interference in the 2016 election.

And on September 25, the DOJ announced a new policy on the disclosure of foreign influence operations.

The updated guidelines say the DOJ will "investigate, disrupt, and prosecute the perpetrators of illegal foreign influence activities where feasible," and that it will alert "victims and unwitting targets" of such activities whenever possible.

The guidelines also say that while investigative or operational considerations may sometimes bar the DOJ from disclosing foreign influence operations, "public exposure and attribution of foreign influence operations can be an important means of countering the threat and rendering those operations less effective."

Three days after the new policy was announced, the DOJ indicted a Russian woman working for a close ally of Russian President Vladimir Putin with conspiring to meddle in the 2018 midterms. The charging document was made public last week.

Prosecutors said the disinformation campaign the woman, Elena Khusyaynova, was involved in created thousands of email and social-media accounts to conduct "information warfare against the United States."

They added that the operation, "Project Lakhta," had a budget of more than $35 million and "continues to this day."

The same day prosecutors announced Khusyaynova's indictment, the Office of the Director of National Intelligence warned in a joint statement with the DOJ, the FBI, and the DHS that Russia and other actors like China and Iran were conducting "ongoing campaigns" that were designed to "undermine confidence in democratic institutions and influence public sentiment and government policies" and could include meddling in the midterms and even the 2020 election.

Kennedy said tracing malicious activity back to specific individuals and naming them in indictments helps the US because it leads to political backlash.

"One thing we haven't really done a good job on is the cyber front," he said. "We've been going after the money flow and applying political and economic pressure in the hopes that it would slow them down. But we haven't seen that yet. If anything, Russia is accelerating its campaign and this isn't the last — or worst — we'll see of it."

Carlin agreed.

"What we've already seen is that this is of pretty enormous scope," he said of Russia's operation. "I don't think we've ever seen anything like it."