Since the invasion of Ukraine in 2022 there have been growing fears of direct conflict between Russia and NATO, but NATO countries, including the UK, have already been in direct conflict with Russia for much of the last decade. They have been fighting a cyber-cold war, where information is weaponised, and casualties have included trust in our most sacred democratic processes. That conflict is going to escalate in 2024 due to elections in the UK and US.
According to Dov H. Levin, the US, as well as its blunt force attempts to change regimes such as the 2003 invasion of Iraq, has intervened in more foreign elections than any other country. Among 938 national elections examined by Levin from 1946 to 2000, the US intervened 81 times, from the CIA’s first covert action in 1948 when it secretly subsidised efforts to ensure that communist candidates were defeated in Italy’s elections, to plans made during the George W. Bush administration to covertly interfere in Iraq’s 2005 elections – the first since the fall of Saddam Hussein. These were blocked by congress at the last minute.
During the same period, the Soviet Union/Russia intervened the second most times, meddling in 36 foreign elections. During the cold war both countries, overtly and covertly strove to increase their influence. As the cold war ended Western intelligence services underestimated Russia’s desire under President Putin to continue to influence foreign elections. After the US elections and UK’s Brexit referendum in 2016, there was a realisation that the west had lost sight of this threat.
Released in 2019, the Muller Report was the culmination of the investigation by special prosecutor Robert Mueller into Russian interference in the 2016 US elections and links between former-President Trump associates and Russian officials. It identified significant Russian interference in the American democratic process, including the theft and release of emails from the Democratic National Committee (DNC) by hackers operating under the pseudonym “Guccifer 2.0” who are alleged by Muller to be from a GRU unit known as “Fancy Bear.” Revelations from the emails provided Trump and Fox News with endless attack lines during a tight presidential race. The report concluded that though the Trump campaign welcomed Russian interference, there was insufficient evidence of a criminal conspiracy to bring charges. It did result in other charges against 34 individuals, eight guilty pleas, and a conviction at trial.
For the 2020 elections, the US government, Big Tech and commercial cyber security firms were better prepared. Even so, US Intel Community experts warned Congress that Russia was interfering in Trump’s favour. They found that proxies of Russian intelligence promoted and laundered misleading or unsubstantiated narratives about Joe Biden to US media organisations, officials, and political influencers. Iranian and Chinese attempts to interfere were also highlighted.
In the UK, the Intelligence and Security Committee of Parliament (ISC) investigation into allegations of Russian interference resulted in “The Russia Report,” which was finally released in 2020. The committee found no evidence that Russian interference had affected the Brexit referendum. However, the report stated that “we have not been provided with any post-referendum assessment of Russian attempts at interference… in stark contrast to the US handling of allegations of Russian interference in the 2016 presidential election.” It recommended that the intelligence services “produce an analogous assessment of potential Russian interference in the EU referendum.” This recommendation was not followed up.
The report concluded that the government failed to investigate evidence of successful interference in democratic processes, that there was “credible open-source commentary” suggesting Russia attempted to influence the Scottish independence referendum, and that Russian influence in the UK is “the new normal”.
A lesser-known event in 2016 was also a significant turning point. Two weeks into the Democrat Party leaks in the US, a new Twitter account appeared in the name of a hacker group calling themselves the Shadow Brokers. It is not known who is behind this group, but bets are split between an US intelligence insider and Russian hackers.
The group claimed to have intercepted cyberweapons belonging to the Office of Tailored Access Operations at the NSA, America’s communications and data collection intelligence agency. Over a series of messages, Shadow Brokers provided any hacker or nation state with the code needed to not only steal information but also unleash mass destruction.
Post 9/11, the NSA rapidly developed its capability for large-scale digital espionage. They hunted every vulnerability in every layer of the digital universe they could and implanted themselves there. When they could not solve the problem, they reached out to the hacking community, often through a shady network of middlemen, to offer increasingly large bounty payments for what they needed. This created a black market in cyber “zero days” (vulnerabilities in a piece of software that its creator was unaware of, allowing hackers to exploit it by altering a program, the data it collects and the computers – even whole networks – using it).
As well as expanding its collection capabilities, NSA developed its offensive capabilities. The vulnerabilities it was exploiting for espionage could be injected with a payload that could physically destroy machines and infrastructure. The first major use of this capability came in 2007, with the Stuxnet attack by the US and Israel against Iran’s nuclear enrichment program. Stuxnet was a malicious computer worm that targeted the centrifuges needed to enrich uranium. It allegedly destroyed over a fifth of Iran’s nuclear centrifuges before it was discovered in 2010. After Stuxnet was identified, the former NSA director, Michael Hayden, predicted: “Somebody just used a new weapon, and this new weapon will not be put back in the box.” Hayden did not realise that hackers would empty the contents of that box all over the web.
During the cold war, Americans spied on Russian technology and Russians spied on American technology. Now everyone is using the same systems. The leaked NSA capabilities were focused on exploiting Microsoft operating systems, Gmail, Apple and Android phones, and types of microprocessors and industrial operating systems used around the world – in other words, all the systems that the West relies on for communications, transportation, power, banking, health and holding elections. In many cases, using NSA tools, our adversaries are already inside our nuclear sites, national grids, communications, health and election systems (the UK’s paper-and-pencil voting system makes direct interference harder).
A month after the Shadow Brokers’ communications, a crack developed by the NSA for Windows called Eternal Blue propagated the WannaCry ransomware attack. The attack hit the NHS and was estimated to have affected more than 300,000 computers across 150 countries. The US blamed North Korea for the attack.
Last year an indictment unsealed in a district court in Kansas indicated that three FSB officers tried to hide malware in software updates used by systems that control equipment in power plants. They were accused of using spear-phishing (a targeted attack via email and the like, intended to get its victims to share their information) and other tactics to home in on more than 3,300 people working in the energy industry, including the US Nuclear Regulatory Commission.
In one instance, the officers are alleged to have compromised the business network of Wolf Creek Nuclear Operating Corp. in Kansas. The GRU operatives were mapping out the plant’s networks for an attack that had the potential to cause a meltdown like the one that occurred at the Chernobyl nuclear plant. The Russians also conducted “digital drive-bys” of chemical, oil, and gas operators in the US.
Since the last elections in the US and UK, Russia has invaded Ukraine. Even before the invasion, Russia had been cyberattacking Ukraine. In 2014, a worm traced back to Russia targeted industrial control software makers there – commands embedded in the code included “die” and “turn off”. It resurfaced on the eve of elections, when it attacked two local media companies as they were set to report results. On Christmas Eve 2015, the Russians turned off the national grid. In 2017, the Russians targeted Ukraine, using Eternal Blue.
Two months before the 2022 invasion, about 70 government websites in Ukraine were taken offline by hackers. This was followed by two distributed denial-of-service (DDoS) attacks that brought down the websites of the defence ministry, army, and Ukraine’s two largest banks by flooding their servers with so many simultaneous requests that they were unable to respond. Russia is still regularly launching cyber-attacks using NSA-designed tools in support of ground offensives and stealing targeting information from everything from government intranet sites to cafe webcams.
Jen Easterly, director of the federal Cybersecurity and Infrastructure Security Agency, referenced Russia’s ongoing invasion and the US efforts to supply weapons to Ukraine as a motivator for cyberattacks against the US. The UK has also been a vocal critic of the invasion and supporter of Ukraine through the delivery of weaponry, training and intelligence. Russia will want to influence elections in both countries in 2024.
In the US, Russia will attempt to tip the result towards the Republicans. Even though only a small percentage of Republicans support Russia over Ukraine, 44% of Republicans and Republican-leaning independents now believe the US is giving too much aid to Ukraine (compared to 14% of Democrats and Democratic leaners) and the MAGA wing of the GOP has continually sided with Putin and against Ukraine.
In the UK, Russia will want to tip the result towards the Conservatives. While the two main parties in the UK are aligned in support for Ukraine (In February Keir Starmer met President Zelenskiy in Kyiv, and stated that if there was a change of government “support for Ukraine will remain the same”) the influential Eurosceptic wing of the Conservatives who have delivered on a “hard” Brexit and continue to drive wedges between the UK and our European allies, support Russia’s long-term foreign policy objectives. Starmer has also promised to bring in legislation to crack open the shell companies in which the oligarch’s, and even Putin’s, money is hidden, something successive Conservative governments have been slow to do.
The effectiveness of disinformation in tipping results, even when a small number of swing voters can make a difference, is debatable. However, Russia also wants to undermine our democratic process and cast doubt on the result, whomever wins. With this there is more of a chance for success. The ISC report claimed that Russia sees any action it takes which damages the West as “fundamentally good for Russia.” The most existential attack Russia can undertake against Western democracies is to attack their populace’s belief that they are democratic. Ultimately, Russia wants to hack public trust in both countries.
While trust in political systems does not begin or end with the ballot box, democratic legitimacy is impossible without trust in elections. This trust is called “procedural trust,” and is conditioned on the public believing that the process to reach an election result was transparent, accurate and not fraudulent. A key contributing factor is that losing candidates readily accept the outcome.
Driven by Trump’s lies that the 2020 election was stolen from him, there are many voters in the US who have very low levels of procedural trust. Trump has undermined the institutions and agencies that would have previously been seen as neutral arbiters of any future result. The judiciary and federal law enforcement have become heavily politicised. In the US, Russia has a cast of willing domestic allies who will help to undermine the process, to the point a result may well not be accepted by a significant portion of the population – the events of January 6, 2021, could seem tame by comparison. Russia will flood the information ecosystem with disinformation suggesting fraud and conspiracy, pouring petrol on the lies of their domestic allies. Russian cyber-activity will not just coarsen the national discourse but could lead to political violence.
In the UK, there are also political influencers who have proven to be allies of Russia in their attempts to undermine our democracy. In the cause of Brexit, right-wing media and even ministers have questioned the integrity of the UK legal system. Countless examples of corruption, negligence and rule-breaking, from PPE contracts to Partygate, have done Russia’s work for them.
Elections in Taiwan in January will give us an insight into new tools that could be used in elections in 2024. China will try to bring about an opposition victory to end the ruling DPP’s time in power, a period that has been marked by deteriorating relations with China. This will include the use of Artificial Intelligence (AI).
Easterly warned in a speech in May that AI, including generative AI, such as OpenAI’s ChatGPT, poses “epoch-defining” risks. AI is being used to counter disinformation, but at the same time these technologies are increasing the volume and quality of disinformation, including hyper-realistic images and deep fakes that could be viewed millions of times before being debunked (and there is evidence that beliefs linger even after debunking).
As well as creating more disinformation, AI will be used to increase targeted voter harassment. After stealing voter records from a state database in 2020, Iranian operatives threatened voters with unspecified consequences if they didn’t vote for Trump. The messages, which contained false allegations of vulnerabilities in election technology, were designed to look like they came from the right-wing Proud Boys. The US publicly outed Tehran’s involvement, but AI will allow this micro-targeting at scale and potentially in a more convincing manner.
We have the Geneva Conventions to limit the barbarity of war on the physical battlefield. The conventions regulate the conduct of armed conflict and seek to limit its effects. An equivalent set of conventions governing the use of cyberweapons is urgently needed to not only limit harm, but to protect our democracies. Developments in AI, potentially supercharging these weapons, increases this exigency. Britain, as well as increasing the cyber resiliency of our own democratic processes and better educating our voters on the emerging risks, should lead the call for these conventions. It will be in our interests to do so. It might even repair some of the damage to our international reputation that has been in freefall since 2016, when such cyberweapons almost certainly attempted to undermine our democracy. We should also seek to elect a political class that does not do our adversaries’ job for them.