Hunt for ‘Phosphorus,’ ‘Strontium’ in poll-time US

Hunt for 'Phosphorus,' 'Strontium,' 'Zirconium': Spectre of meddling by foreign hackers looms large over US presidential election

"For anyone wondering, whether foreign adversaries are trying to interfere in the 2020 US presidential election, the answer is clear – yes"

The US Senate Select Committee on intelligence, found “irrefutable evidence” to suggest that the Russian Government had engaged in “an aggressive, multi-faceted effort to influence, or attempt to influence, the outcome” of the 2016 American presidential election. But it “found absolutely no evidence” to suggest that Trump or his aides had “colluded” with the Russian Government. Credit: AFP

“Phosphorus,” “Strontium” and “Zirconium” are not merely chemical elements in poll-time United States. Their traces are what experts at Microsoft Threat Intelligence Center are always looking for, even as President Donald Trump and his rival former Vice President Joe Biden are criss-crossing the ‘battleground’ states seeking votes.

They are in fact hacking groups based in Iran, Russia and China, launching cyberattacks targetting people and organisations involved in the US elections.

The possibility of foreign influence looms large over the 2020 US presidential polls. The US Senate Select Committee on Intelligence on August 18 last released the fifth and final volume of the report on its three-year-long bipartisan investigation that confirmed what was already not only speculated and a subject of intense political debate, but was also probed by several agencies over the past few years – that Russia had indeed made attempts to meddle in the 2016 American presidential elections. And, according to the US agencies as well as tech biggies like Microsoft and Facebook, it is at it again.

“Let me say that for anyone who still wonders, whether foreign adversaries are trying to interfere in the 2020 American presidential election, the answer is clear – yes,” says David Levine, Elections Integrity Fellow at the Alliance for Securing Democracy, which is a bipartisan initiative of the German Marshall fund of the US.

Also Read | As Twitter and Facebook clamp down, Republicans claim ‘election interference’

The Internet Research Agency (IRA), a “troll farm” based at Saint Petersburg in Russia, had in 2016 allegedly used fake accounts to run a campaign in favour of Trump and against his rival Hillary Clinton. Besides, Russia’s military intelligence agency allegedly had engaged hackers to infiltrate not only the voter registration databases, but also the information systems of the Democratic Party’s committees as well as the aides of Clinton and then released stolen files and emails in public to undermine her campaign. It had also got it touch with Trump’s aides to offer damaging information on Clinton. The voter registration database of at least one state had also been infiltrated.

President Vladimir Putin’s government in Moscow, however, denied any involvement though.

The US Senate Select Committee on intelligence, found “irrefutable evidence” to suggest that the Russian Government had engaged in “an aggressive, multi-faceted effort to influence, or attempt to influence, the outcome” of the 2016 American presidential election. But it “found absolutely no evidence” to suggest that Trump or his aides had “colluded” with the Russian Government, Marco Rubio, the acting chairman of the panel, said on August 18.

Also Read | ‘Perception hacks’ and other potential threats to the US election

He also said that China and Iran had joined Russia ahead of the 2020 presidential elections in attempts to disrupt the US democracy, exacerbate societal divisions and sow doubts about the legitimacy and integrity of the institutions and the electoral process.

Facebook, as early as in October 2019, had detected and blocked attempts by Russia’s troll farm IRA to rerun its 2016 campaign to interfere in the 2020 US presidential elections too.

Microsoft on September 10 this year reported that “Strontium” operating from Russia had also been repeating its 2016 operation to harvest log-in credentials of people or compromise accounts of people, “presumably to aid in intelligence gathering or disruption operations”. The Strontium targeted more than 200 organizations and many of them are directly or indirectly affiliated with the US elections. The “Zirconium,” another hacker group operating from China, has attacked high-profile individuals associated with the election, including people associated with the “Joe Biden for President” campaign and prominent international affairs experts. The “Phosphorus,” which operates from Iran, on the other hand, attacked personal accounts of people associated with the “Donald J. Trump for President” campaign.

“The warning from Microsoft is a reminder that our election systems must be resilient against unforeseen problems that are likely to arise during the 2020 presidential election,” Levine says during a virtual briefing for foreign journalists organized by the Foreign Press Center of the US State Department.

The US agencies, however, learnt from the experiences of 2016, although aides of the American President sought to dismiss as hoax the reports of meddling by Russia.

Levine says that the US federal government now plays a much larger role in helping support the states and local election officials to pre-empt cyberattacks. “With Department of Homeland Security (DHS) at the lead, we saw that election infrastructure was designated as critical. We've seen the DHS along with other partners provide a whole host of resources to help ensure that state and local election officials are even more secure with regards to our election systems this time around.”

The US election infrastructure includes voter registration databases and associated Information Technology (IT) systems, IT infrastructure and systems used to manage elections (such as the counting, auditing and displaying of election results, and post-election reporting to certify and validate results), voting systems and associated infrastructure, storage facilities for election and voting system infrastructure and polling places, to include early voting locations.

The meddlers are unrelenting though. John Ratcliffe, Director of National Intelligence, said on October 21 that the US agencies had confirmed that some voter registration information had been “obtained by Iran, and separately, by Russia”. The data could be used by foreign actors to attempt to communicate false information to registered voters” to “cause confusion, sow chaos, and undermine confidence” of people in the US democracy, he said in a news conference, where Christopher Wray, Director of the Federal Bureau of Investigation (FBI), and Christopher Krebs, Director of the Cybersecurity and Infrastructure Security Agency (CISA) of the DHS, also joined him.

The US officials also accused state or non-state actors of Iran of sending spoofed emails – making them look like the ones sent by far-right ‘Proud Boys’ group – to registered voters of the Democratic Party intimidating them and asking them to vote for Trump. Ratcliffe said on October 21 that Iran was also circulating a video to support the false claim that individuals could cast fraudulent ballots from overseas. Krebs said that although foreign cyber actors could no way change the votes cast by the US citizens, they would not stop trying to introduce chaos in the elections and make sensational claims overstating their capabilities, particularly in the final stretch of the polls.

What adds to the concerns is that the Covid-19 pandemic made large number of the US citizens use mail-in ballots to cast votes and that it might leave the election authorities with incomplete on the night of November 3. “Foreign actors could exploit the time required to certify and announce election results by sharing information that includes reports of voter suppression, cyber-attacks, targeting election infrastructure, election fraud, and other problems with the intent to convince the public of the legitimacy or illegitimacy of the election,” says Levine.