U.S. Says Russia Directed Hacks to Influence Elections
The Obama administration on Friday formally accused the Russian government of stealing and disclosing emails from the Democratic National Committee and a range of other institutions and prominent individuals, immediately raising the issue of whether President Obama would seek sanctions or other retaliation.
In a statement from the director of national intelligence, James R. Clapper Jr., and the Department of Homeland Security, the government said the leaked emails that have appeared on a variety of websites “are intended to interfere with the U.S. election process.”
The emails were posted on the well-known WikiLeaks site and two newer sites, DCLeaks.com and Guccifer 2.0, identified as being associated with Russian intelligence.
“We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities,” the statement said.
It did not name President Vladimir V. Putin of Russia, but that appeared to be the intention.
The statement from Mr. Clapper and the Department of Homeland Security, which is primarily responsible for defending the country against sophisticated cyberattacks, said the intelligence agencies were less certain who was responsible for “scanning and probing” online election rolls in states around the country. It said that those “in most cases originated from servers operated by a Russian company,” but stopped short of alleging the Russian government was responsible for those probes.
The announcement came only hours after Secretary of State John Kerry called for the Russian and Syrian governments to face a formal war-crimes investigation over attacks on civilians in Aleppo and other parts of Syria. Taken together, the developments mark a sharp escalation of Washington’s many confrontations with Moscow this year.
For weeks, aides to Mr. Obama have been debating whether to openly attribute the cyberattacks to Russia, and as recently as Wednesday the director of the National Security Agency, Adm. Michael Rogers, refused to publicly accuse Moscow.
But with little more than a month to go before the presidential election, one senior administration official said that Mr. Obama was “under pressure to act now,” in part because a declaration closer to Election Day would appear to be political. Two days ahead of the second presidential debate, the announcement also puts the Republican nominee, Donald J. Trump, more on the defensive over his assertion last month that Mr. Putin is a better leader than Mr. Obama.
In the first debate, former Secretary of State Hillary Clinton, Mr. Trump’s Democratic rival, blamed Russia for the cyberattacks on the Democratic National Committee, but Mr. Trump said there was no evidence that Russia was responsible; he suggested it could have been the Chinese or “somebody sitting on their bed that weighs 400 pounds.”
Soon after the administration accused the Russians of hacking into the committee, WikiLeaks published hacked emails from John D. Podesta, the Clinton campaign chairman.
In a Twitter message Friday evening, Mr. Podesta said that “I’m not happy about being hacked by the Russians in their attempt to throw the election to Donald Trump.’’
WikiLeaks has released troves of hacked Democratic emails, but has not revealed their source.
A major question is how Mr. Obama might respond without setting off an escalating cyberspace conflict with Russia between now and Nov. 8. One possibility is that the announcement itself — an effort to “name and shame” — will deter further action.
But Mr. Obama’s aides have assembled a range of possible responses, from using economic sanctions to covert action against Russian targets, potentially including the computers used in the hack.
The official accusation against Russia comes after anonymous American intelligence officials told The New York Times in July that they had “high confidence” that the Russian government was behind the hack of the D.N.C., which led to the resignation of Representative Debbie Wasserman Schultz, the Florida Democrat, as committee chairwoman, amid evidence that the committee was favoring Mrs. Clinton over her competitor for the party nomination, Senator Bernie Sanders of Vermont.
The months of subsequent silence frustrated some in Congress, and several weeks ago the top Democrats on the House and Senate intelligence committees, Adam Schiff and Dianne Feinstein, both of California, said Russia and its leaders were responsible, citing classified briefings.
Mr. Schiff, who had urged the Obama administration to name Russia and better prepare American voters for the possibility of interference between now and the election, on Friday praised the decision “to call out Russia on its malevolent interference in our political affairs.”
“I hope this will establish a deterrent to further meddling,” he said. “I don’t think the Russians have decided yet how much they plan to continue their interference, so I think this attribution is very timely. We’re also encouraging the administration to work with our European partners, who have been the subject of even worse meddling, to coordinate a response to this.”
Mr. Schiff said he was afraid Russian hackers might attempt to delete or manipulate voter rolls, causing long lines at the polls and delays in counting votes because people would be forced to cast provisional ballots. (Voting machines themselves are not linked to the internet, so it is effectively impossible to hack them in a systematic way and change the outcome, specialists say.)
But as “profound” as that concern is, Mr. Schiff said, he and others see as “the most grave risk” something else: Russia could take emails it has already stolen, manipulate them to create a false impression that a candidate has done something outrageous or illegal, and cause them to be published online shortly before the election.
That, he said, “could have an election-altering effect.”
Federal officials are trying to help states plug holes in their internet defenses for election management systems. One thing they will not do before the election is pronounce such systems “critical infrastructure,” as the secretary of Homeland Security, Jeh Johnson, proposed in August.
Mr. Johnson’s notion provoked a backlash from conservatives. Republicans like Brian P. Kemp, the secretary of state in Georgia, and Jon A. Husted, his counterpart in Ohio, accused the Obama administration of overreaching, saying it was trying to carry out a federal takeover.
Administration officials said that the idea of declaring elections systems critical infrastructure is dead for now, lest it discourage states from working with the federal government.
“Our focus right now, in the remaining days before Nov. 8, is to encourage states to come forward and request our assistance,” Mr. Johnson said in a recent interview.
The department has offered states two kinds of help, both for free: a remote cyber “hygiene” scan of their servers by department officials who look for known vulnerabilities and can recommend patches, and a more intensive on-site analysis by a team of computer security specialists.
The department’s emphasis on voluntary measures has met with mixed success: So far, 28 states have accepted that offer, the department said, but it declined to name them. Officials with election agencies in the large swing states of Ohio, North Carolina, and Pennsylvania said they were participating. (Pennsylvania is particularly important because its electronic voting machines lack a paper audit trail for recounts.)
Florida, another large swing state, is not participating in this program, but officials in the office of its secretary of state said they had already been working with federal partners.
Still, while the number of participants has been slowly creeping up, the window is closing. A Homeland Security official said it takes about a week to complete the necessary paperwork to permit the department to begin the work, and that the more intensive on-site effort takes about two weeks.
That suggests that soon after the middle of October, it will be too late to provide any help to late takers.
The fact that 22 states are not as yet participating does not necessarily mean all of them are vulnerable in ways that participants are not. Kay Stimson, a spokeswoman for the National Association of Secretaries of State, noted that some states had already been taking cybersecurity measures that are likely equivalent to what the department is offering.