US intelligence officials to review midterms for signs of foreign interference

The U.S. intelligence community will review the midterm elections for evidence of foreign interference, the first such probe since they were mandated to assess election security by a Trump administration executive order issued in September.

U.S. officials and expert observers said on election night they did not see coordinated cyber activity targeting the midterms, unlike the hack-and-leak attacks and infrastructure probing Russia is suspected to have conducted ahead of and during the 2016 presidential election. But researchers and social media firms said Russia has indeed continued its online influence campaigns to sow distrust in American democratic institutions.

That election night view still stands, a DHS official told ABC News on Friday. A more intensive review, however, will aim to say for sure.

“The Director of National Intelligence will provide an assessment of any foreign interference in our elections within 45 days,” Kellie Wade, a spokesperson for the Office of the Director of National Intelligence, told ABC News on Wednesday. “This assessment will be fully coordinated within the intelligence community, and will be provided to the President and to relevant Cabinet members.”

Wade said the ODNI will also work to make some unclassified information available to the public “to the greatest extent possible.”

In the September 12 executive order, President Donald Trump declared a “national emergency” to deal with election interference and mandated that the ODNI and others in the intelligence community assess any evidence, as “foreign powers have historically sought to exploit America’s free and open political system.”

“The assessment shall identify, to the maximum extent ascertainable, the nature of any foreign interference and any methods employed to execute it, the persons involved, and the foreign government or governments that authorized, directed, sponsored, or supported it,” the order reads.

On Friday, however, Trump appeared to poke fun at the idea of foreign interference in the midterms with a tweet suggesting the United States “demand an immediate apology” from Russian President Vladimir Putin as uncertainty continued to swirl around races in Florida and Georgia.

“You mean they are just now finding votes in Florida and Georgia – but the Election was on Tuesday?” Trump tweeted. “Let’s blame the Russians and demand an immediate apology from President Putin!”

In the run-up to the midterm elections, Christopher Krebs, a top election security official at the Department of Homeland Security, said the U.S. government was on the lookout for the three major methods of interference: a hack-and-leak campaign, like the one that splashed the contents of Hillary Clinton campaign chairman John Podesta’s emails across the internet; the probing of election infrastructure systems through cyber activity, as U.S. officials say Russia likely did to systems in all 50 states last election; and the online influence campaign in which a Russian troll factory purportedly set up hundreds of fake social media accounts and pretended to be Americans to stoke political divides and sow chaos online.

Krebs said that while Russian trolls – and now some Iranian operators – appeared to remain active on social media, DHS did not see significant evidence of the first two tactics. When it comes to election infrastructure, a DHS official said on election night that there was extensive scanning of election systems, but nothing that was out of the usual, or anything the government could attribute to any foreign power.

Russia has broadly denied meddling in the 2016 election, and a Kremlin spokesperson publicly shrugged at the results of this week’s midterms.

But John Sipher, a former spy who once ran the CIA’s Russia operations, stressed that even if Russia decided to pull back during the midterms it would be a grave error for the U.S. to assume the threat to election security is over.

“Breathing a sigh of relief is a mistake,” Sipher told ABC News. “The Russians are really good at this stuff… and they’re going to keep doing it and others are going to learn from them.”

Sipher said it’s always possible there was a successful, more covert cyber operation that has not been discovered, but Russian President Vladimir Putin also may have calculated that blatantly interfering with the midterms just wouldn’t be worth the potential backlash.

“He realized that if he pushed it too far, he risked turning a powerful country against him… and he pretty much already accomplished all that he wanted to before [in 2016] by getting Americans to turn on each other,” Sipher said.

April Doss, a former attorney at the National Security Agency who worked as counsel to Democrats on the Senate Intelligence Committee’s Russia probe, said that sanctions and past indictments of Russian and Chinese nationals allegedly involved in cyber operations might have changed the cost-benefit balance. She also credited law enforcement and state and local officials for strengthening their security posture and communication about threats.

“It looks like we’re in a better place now than we were in 2016,” Doss said. “And we’ll hopefully be in a better place in 2020, but it’s definitely not something we’ll want to take our eyes off of.”

Oren Falkowitz, a former NSA hacker, told ABC News in October that the U.S. had a long way to go, from patching remaining vulnerabilities in the election infrastructure to understanding that candidates will have to invest in cybersecurity to protect themselves.

Falkowitz, who now runs a private cybersecurity firm that specializes in anti-phishing measures, predicted that cyber activity related to 2020 would pick up the day after the midterms were over. “I think that people still haven’t learned,” he said.

The one area where the Russians have continued operating, officials and experts said, was on the online influence front, despite efforts by social media giants Facebook and Twitter to combat fake accounts and disinformation.

“I think we need to give credit where credit is due and recognize that everyone – the platforms, election officials, law enforcement, and the media – was far better prepared to handle disinformation threats [on election night] than they were in 2016,” said Bret Schafer, the social media analyst at the German Marshal Fund’s Alliance for Securing Democracy. “That said, the narrative that Russia ‘sat out’ this election is not accurate.”

Schafer said an online dashboard called Hamilton 68 that the Alliance for Securing Democracy had set up to track Russia-aligned propaganda saw approximately 15,000 tweets a day ahead of the midterm election, many of which “focused on issues that directly or indirectly influence voters’ perceptions of candidates or political parties.”

On Monday and Tuesday Facebook said it took down over 100 Facebook and Instagram pages or accounts that were suspected to be linked to a Russian troll factory, just the latest in a series of take-downs by social media companies targeting inauthentic accounts since the 2016 election.

Ben Nimmo, an information defense fellow at the Atlantic Council’s Digital Forensic Research Lab, said that if Russia’s online influence campaign looked smaller than in 2016, it was likely for two reasons: new security measures have made it more difficult for Russian trolls to operate, and the social media company crackdowns got rid of thousands of their accounts, along with the large audiences that took months to build.

“Two years ago the trolls were playing on a wide open field,” he said. “Now it’s very constrained.”

Nimmo said he wouldn’t be surprised, however, if Russian accounts still lurked online in the “audience building” phase and could be unleashed during the next presidential election in 2020.

“There’s no room at all for complacency,” he said.