Google is seeing “surprisingly little” in terms of attempts to attack US election infrastructure ahead of the November midterms, says Shane Huntley, director of the company’s Threat Analysis Group.
Huntley’s main goal for 2018 was that it “doesn’t look like 2016,” in which Russia-linked hackers targeted election systems and the email accounts of political operatives. So far, things are looking healthy: “We, really surprisingly, haven’t been seeing on the hacking side that sort of targeting towards elections—with some very, very small exceptions,” Huntley said at a Google Zeitgeist event on Oct. 22.
While it’s possible that there is sustained hacking activity and Google’s analysts are missing it, Huntley says there are “some good reasons” to believe that’s not the case. “It’s not just us. I talk to everybody out there, and I ask this question of everybody I know, whether in government or other companies, or you name it. If somebody knows something, I want to know about it. And I know a lot of people, and they’re not seeing a lot either with regards to direct targeting,” he said.
The comment aligns with an Oct. 19 statement by several US government agencies, which said they “do not have any evidence of a compromise or disruption of infrastructure” that would affect the midterms. However, Microsoft said in July that it had worked with the US government to foil Russian hacking attempts on three midterm candidates.
Speculating on why they’re seeing fewer direct hacking attempts than 2016, Huntley said: “If the goal at that time was to create a world where there was less faith in the democratic institutions, that we were a divided country, that there was hyper-partisanism, and it was like driving a wedge between the different sides of the democracy, one might say there’s not a lot of hacking that needs to happen at this current point to actually engender that—because we’re already here.”
Disinformation campaigns by Russia, China and Iran
None of this means there haven’t been serious attempts to interfere with the elections through disinformation, rather than hacking. In the Oct. 19 statement, the government agencies also said they “are concerned about ongoing campaigns by Russia, China and other foreign actors, including Iran, to undermine confidence in democratic institutions and influence public sentiment and government policies.”
Just after the statement was released, the Department of Justice said Russia’s infamous Internet Research Agency troll farm in St Petersburg is again conducting “information warfare” on the United States, as it charged a Russian woman who works as an accountant there. The criminal complaint revealed that the IRA doubled its budget earlier this year.
Tech companies have been making regular moves on such foreign disinformation efforts. Twitter recently deleted thousands of accounts belonging to Russian and Iranian trolls and bots, and Facebook deleted dozens of Iranian propaganda accounts that the company said were trying to “sow discord” and had reached a million people.
Huntley said Google has seen less of this activity, but noted that in August it deleted 39 YouTube channels that it said were part of an Iranian government influence campaign.
“They were playing directly out of Russia’s playbook here that we saw with their Internet Research Agency,” Huntley said, explaining that they were pretending to be American in an effort to influence the political debate. “That’s the big change that we’ve made as companies. We actually sort of understand this more, and are defining these policies, that that’s not OK. You can’t hide who you are, pretend to be American, have this coordinated political activity and operate on our platforms. That’s against our terms of service, so we’re hunting down that activity and taking it down when we find it.”