Foreign Hacking In 2020 Election Averted; Domestic Disinformation Still A Threat Officials feared the worst on Election Day: foreign-inspired disinformation and hacking. It didn't happen. Here's how government and private cyber sleuths helped keep the system safe.
NPR logo

How The U.S. Fended Off Serious Foreign Election Day Cyberattacks

  • Download
  • <iframe src="https://www.npr.org/player/embed/936214790/936973382" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
How The U.S. Fended Off Serious Foreign Election Day Cyberattacks

How The U.S. Fended Off Serious Foreign Election Day Cyberattacks

  • Download
  • <iframe src="https://www.npr.org/player/embed/936214790/936973382" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

RACHEL MARTIN, HOST:

With all the focus on recounts and baseless claims of fraud being made by the president, something may have gotten lost in this election. Foreign adversaries, those hackers who were supposed to crack into voter systems or spread disinformation, they didn't have much of a role. Tim Mak and Dina Temple-Raston of NPR's investigations team explain why.

TIM MAK, BYLINE: Geoff Brown, head of New York City's Cyber Command in downtown Manhattan, spent November 3 watching for hackers, for anyone who might have been trying to use the Internet in some way to undermine the election.

GEOFF BROWN: It's like a game of chess with a sentient opponent on the other side. And I think all the indications was that opponents were trying to test and interfere with elections all over the globe.

MAK: So he watched and waited and nothing happened.

BROWN: On the night of the election and running up to the election in this cycle, no, we didn't see anything strange. We didn't see any suspicious behavior.

MAK: But Brown said the threat was there.

BROWN: I don't think it was overstated at all. I think it was a real threat. And I think that being prepared was exactly what we needed to do.

DINA TEMPLE-RASTON, BYLINE: In some ways, November 3 became a kind of Y2K of election nights. So much was supposed to go wrong, but very little actually did. Stu Solomon is the chief operating officer at Recorded Future, a cybersecurity firm. And he was watching for hackers on election night, too.

STU SOLOMON: And in this case, the good guys won. The bad guys are not deterred. They're just going to simply look for another element of the attack surface where they could create the outcomes they want.

TEMPLE-RASTON: Microsoft and the U.S. military's Cyber Command targeted a huge network of computers controlled by Russian cybercriminals known as TrickBot. Solomon says one of the reasons we didn't see massive cyberattacks on the system was because of that.

SOLOMON: So the fact that it was disrupted right at the same time that the elections were kicking into high gear is not a coincidence. And yes, it definitely had impact.

MARK ARENA: The people behind TrickBot are very, very experienced, compromising a huge number of people's computers globally.

TEMPLE-RASTON: That's Mark Arena, the CEO of Intel 471, a cyber intelligence firm. He's been watching TrickBot for some time, and he figures Microsoft and CyberCom targeted TrickBot because if there was going to be a massive attack on U.S. election systems, TrickBot probably would have been involved.

MAK: There were other pre-emptive strikes that may have helped protect the election. Facebook and other social media companies took down fake accounts linked to the Chinese, Iranian and Russian governments. Arena said that over the past few years, social media organizations have significantly improved how they monitor their sites.

ARENA: It's obvious to me that Facebook and other social media companies have massively upped the spending on resources to identify these sources within their platforms. They should be commended for it.

MAK: So there are two reasons why the election appears to have avoided the kind of mischief that marred the 2016 contest. First, a huge purveyor of ransomware, TrickBot, was hobbled.

TEMPLE-RASTON: And second, social media companies were more proactive about taking down fake accounts.

MAK: And there's one more piece that local officials say was critical. And it came from the Department of Homeland Security.

TEMPLE-RASTON: Its Cyber Infrastructure and Security Agency, to be precise, which was run by a man named Christopher Krebs.

MAK: His agency had spent the years since the 2016 election fanning out to various states to help them beef up security around their election systems and voter rolls.

TEMPLE-RASTON: Which, given how smoothly everything went, brings us to what may have been the most surprising cyber event of the political cycle. After Krebs said 2020 was the most secure election America has ever had...

MAK: President Trump fired him in a tweet.

TEMPLE-RASTON: And that was the one thing before the election no one had prepared for. For NPR News, I'm Dina Temple-Raston in New York.

MAK: And I'm Tim Mak in Washington.

(SOUNDBITE OF AK'S "23.01.2018")

Copyright © 2020 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.