Skip to content
Naked Security Naked Security

DOJ to publicly disclose election tampering schemes

Under a new policy, US organizations and individuals will be told if they're the target of foreign operations trying to influence elections.

In the months leading up to the 2016 US presidential election, how many of us knew that Russia was tinkering with the race?
…or that Russia had targeted us with propaganda, tried to suppress the vote, or deliberately tried to puncture Hillary Clinton’s chances by leaking stolen information from her campaign, the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC)?
At least one outfit knew much of that: the Obama administration. Too bad it didn’t tell the country.
But if the US Department of Justice (DOJ) stays true to a newly announced policy, we can expect to hear a whole lot more about foreign cyberattacks and propaganda/disinformation campaigns targeting the country’s democracy – hopefully before a given election takes place, not after.
On Thursday, Deputy Attorney General Rod J. Rosenstein announced at the Aspen Security Forum that under a new policy, the DOJ will inform US businesses, organizations and even individuals if they’re being targeted by foreign operations in an attempt to influence the country’s elections.
As the New York Times notes, the Obama administration knew for months before the 2016 election that Russia was trying to interfere in the race. President Obama didn’t reveal the plot, however, given his concern that it would be seen as a partisan move and his reluctance to add fuel to then-GOP-nominee Donald Trump’s fire with regards to Trump’s claims that the election was rigged.
Keeping these schemes in the dark doesn’t help, said Rosenstein. Engadget quoted the Deputy Attorney General:

Exposing schemes to the public is an important way to neutralize them. The American people have a right to know if foreign governments are targeting them with propaganda.

The report comes less than a week after the DOJ indicted 12 Russian intelligence officers connected to attacks on the computers and email systems of the DNC in the months leading up to the election.
This is the first comprehensive report to come out of the US Attorney General’s Cyber-Digital Task Force, and marks the first time that the DOJ has publicly articulated the types of threats posed by malign foreign influence operations and formally described how, in coordination with other federal departments and agencies, it’s responding.
The report identified five types of malign foreign influence intended to harm the US political system: attacks on voting infrastructure, including voter registration databases and vote-tallying systems; theft and weaponization of data; secret assistance of politicians, including how Russians behind the Guccifer 2.0 and DCLeaks Twitter accounts engaged with politicians to offer them damaging information on their opponents; the spreading of false information and propaganda, such as the use of trolls on social media to spread fake news; and unlawful lobbying efforts.
But to get back to the let-us-know-when-you-know department, the report also announced a new policy governing the disclosure of foreign influence operations: a policy that’s governed by the principle that the DOJ has got to stay politically neutral, has to comply with the First Amendment, and has to do its disclosures in a way that maintains public trust.

During his speech at the Aspen Security Summit, Rosenstein said that Russia’s effort to influence the 2016 election “is just one tree in a growing forest. Focusing merely on a single election misses the point.”
Rosenstein cited Director of National Intelligence Daniel Coats, who last Friday said that Russia’s actions didn’t stop with the conclusion of the 2016 elections. Rather, they’re still ongoing.

As Director Coats made clear, these actions are persistent, they are pervasive, and they are meant to undermine America’s democracy on a daily basis, regardless of whether it is election time or not.

One example: Also at the Aspen Security Summit, Microsoft revealed that it’s already detected and helped to block hacking attempts against three congressional candidates this year, marking the first known example of cyber interference in the upcoming midterm elections.
Tom Burt, Microsoft’s vice president for security and trust, as quoted by Politico:

Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks. And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections.

Burt declined to name the targets and didn’t specify whether or not the attacks came from Russia. But he did say that the targets were “people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint.”


“On Thursday, Deputy Attorney General Rod J. Rosenstein announced at the Aspen Security Forum that under a new policy, the DOJ will inform US businesses, organizations and even individuals if they’re being targeted by foreign operations in an attempt to influence the country’s elections.”
I can see it now…
“Dear Trump empire,
The DOJ regrets to inform you that your organization appears to have been consistently targeted by foreign governments attempting to disrupt the US democratic electoral process.”
But in all seriousness I think this is a good thing. People can’t make informed decisions if they’re kept in the dark. They can still make uninformed decisions after being given salient information—but at least it’s on them at that point, and that’s okay. Well done, DOJ! I hope this comes to something.


You probably should have mentioned that in 2016 President Obama ordered a ‘stand down’ of the investigation into Russia interference in American elections.
[URL removed]


The order to “stand down” is interesting, and people have every right to question whether it was the right course of action or not, but it was not “a ‘stand down’ of the investigation” as you put it, although there are plenty of 2nd hand sources that would love you to believe it was.
According to Michael Daniel himself though (the person cited in the Washington Examiner article you linked to), the “stand down” order did not relate to the investigation.
What it referred to was the preparation of options for hacking back at Russia – specifically the “range of potential actions that we could use to use our cyber capabilities to impose costs on the Russians, both openly, to demonstrate we could do it, as a deterrent, and also clandestinely…”
I have watched the relevant part of his testimony, and in it Daniel explains to Senator Risch that the development of these offensive options was scaled back during the period in the run up to the election, but did not stop. It’s pretty clear that Daniel is describing the prioritisation of defensive action over offensive action as the election approaches.
Daniel: “…there were many concerns about how many people were involved in the development of the options so the decision at that point was to neck down the number of people that were involved in developing our ongoing response options. It’s not accurate to say that all activity ceased at that point.”
He goes on to say that:
“We shifted our focus in that September and October timeframe to focus heavily on … assisting the states in better protecting the electoral infrastructure and ensuring that we had as great a visibility as possible into what the Russians were doing, and developing our, essentially an incident response plan for election day”.
Risch: “…but as far as your cyber response, you were told to stand down?”
Daniel: “We were… those actions were put on the back burner, yes, and that was not the focus of our activity during that time period.”


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!