Foreign Meddling Flooded the 2020 Election—but Not Hackers 1
A new ODNI report shows how extensive Russian and Iranian influence operations were, but it doesn’t mention a single hack-and-leak incident. 

After the pro-Trump hack-and-leak operations and disinformation campaigns that roiled the 2016 US election, the country braced for a second round of no-holds-barred foreign interference last year. But US intelligence agencies have now confirmed that didn’t entirely come to pass. The 2020 election was hit with meddling, trolling, and disinformation operations like those of 2016—but not the outright efforts to hack election infrastructure or political campaigns themselves.

On Tuesday, the Office of the Director of National Intelligence released a declassified report that outlines findings from US intelligence agencies including the CIA, NSA, FBI, and DHS on the overall picture of election interference by foreign actors in 2020. Those agencies agree that while more foreign powers than ever before attempted to influence the outcome of the election—using everything from disinformation to voter intimidation emails to social media campaigns—none actually seems to have used hackers to attempt to disrupt the election or access election infrastructure as they did in 2016.

“In 2020, the IC tracked a broader array of foreign actors taking steps to influence US elections than in past election cycles,” the report reads, naming Russia, Iran, Cuba, Venezuela, and even Lebanon’s Hizbollah Islamic extremist group as actors that sought to influence the election’s outcome. Russia in particular sought to support Trump’s reelection bid with everything from troll-farm social media postings to active smear operations that provided information directly to “Trump administration-linked persons.” Iran, meanwhile, worked against Trump’s reelection with social media campaigns and even fake, threatening emails designed to frame the Trump-supporting white nationalist group the Proud Boys—while not directly supporting Biden or any of Trump’s other political opponents.

But the report adds that the intelligence agencies “have no indications that any foreign actor attempted to interfere in the 2020 US elections by altering any technical aspect of the voting process, including voter registration, ballot casting, vote tabulation, or reporting results.”

More remarkable, perhaps, given the operation by Russia’s GRU military intelligence agency in 2016 to hack into the Democratic National Committee and the Clinton campaign and publicly leak their emails, the report contains no mention of any such hack-and-leak operation or any other disruptive hacking tactics targeting election organizations, politicians, or their campaigns. Instead, state-sponsored hacker intrusions appear to have been limited largely to more traditional espionage. That signifies a retreat from the most aggressive election-hacking tactics Russia demonstrated four years earlier, when it also broke into multiple states’ board of election voter rolls.

That shift away from hacking was likely driven by both higher costs and smaller gains associated with election-targeted hacking operations in 2020 compared to 2016, argues Clint Watts, a distinguished research fellow at the Foreign Policy Research Institute who focuses on influence operations. He points to Obama’s high-profile steps to punish Russia’s election-related hacking in 2016, just before leaving office, which included expelling diplomats, seizing Russian-owned properties in the US, and sanctions against Russian officials. 

With the polls leaning towards the Democratic ticket through much of 2020, the Kremlin and other foreign governments may have feared that a victorious Biden would implement a similarly punishing foreign policy. “Foreign adversaries knew if they messed around with the vote or a campaign, there would be a response,” Watts says. “If you’re a foreign country, you saw how charged the US got in 2016. If Biden won, as president, he’d probably do something. That changes your calculus.”

At the same time, Trump’s rhetoric about Biden and others generated enough “noise,” Watts says, that any hacked and leaked data would have been drowned out anyway. “Trump advances so many lies already, so much disinformation, so many claims, that it’s very difficult to shift things such that Biden would have to respond to it,” Watts says. “What can you say that would be more insinuating or more derogatory than what’s already out there?”

The ODNI report does confirm earlier findings by the cybersecurity firm Area1 that the GRU attempted to hack into Burisma—the Ukrainian gas company where Joe Biden’s son Hunter served on the board—likely in search of evidence of corruption. (Unlike Area1, the ODNI report stops short of confirming that those intrusions were successful.) But Watts notes that the Kremlin may have considered Burisma fair game, given that the company, unlike the GRU’s hack-and-leak targets in 2016, was outside of the US. “They were signaling: We’re not going to hack something in the United States,” Watts says. “We’re going where we can hack and it’s difficult for the Americans to have a clear response, because they don’t defend a Ukrainian company.”

The GRU certainly didn’t restrain itself from targeting US organizations related to the 2020 election altogether. Microsoft warned in September 2020 that GRU hackers known as Strontium or Fancy Bear had targeted more than 200 organizations over the previous year, including political campaigns, advocacy groups, think tanks, political parties, and political consultants on both sides of the partisan aisle, though Microsoft didn’t reveal how many were successful. The ODNI’s report doesn’t mention those attempted intrusions, and it’s not clear if any of that broad hacking, or the Burisma targeting, led to a hack-and-leak result—a result that may have been due to a change in Russia’s calculus about leaking versus traditional spying, or simply due to the hackers not obtaining materials worth leaking.

Hacking aside, the ODNI report includes a litany of other techniques Russia and others, particularly Iran, used to try to exert sway in 2020. The report states that Russia enlisted agents, including political consultant Konstantin Kilimnik and Ukrainian member of parliament Andrei Derkach, to insinuate themselves into Trump’s inner circle and make connections with US media. Their aim was to harm US relations with Ukraine and to create a narrative that the Biden family was associated with Ukrainian corruption. Just as in 2016, Russia’s Internet Research Association “troll farm” worked to exacerbate domestic divisions with disinformation and astroturf posts to social media.

Iran, meanwhile, expanded its own influence operations online in 2020, with thousands of fake social media accounts, according to the report, along with its short-lived Proud Boys impersonation.

On the other hand, the report explicitly notes that China weighed interfering in the election and decided it wasn’t worth destabilizing its relationship with the US.

That the ODNI report doesn’t mention hack-and-leak operations is noteworthy, says Thomas Rid, a professor of strategic studies at Johns Hopkins and author of the disinformation-focused book Active Measures. But he argues that those operations may have simply evolved to better obscure the “leak” side. Instead of publishing stolen documents through easily identified fake online personas like DCLeaks or Guccifer 2.0, as they did in 2016, the Kremlin may have stolen information and then used it in more subtle spin operations through their agents and connections to Trump-administration figures. “We don’t know for sure whether there was some more sophisticated form of leaking,” Rid says. 

Overall, Rid argues, foreign states and particularly Russia certainly didn’t dial down their influence operations in 2020. And if most or all of those operations didn’t require breaking into US networks, that may have only made them more discreet and stealthy. “Russian intelligence actors and proxies were far more prolific, more aggressive, and more risk-taking in the 2020 election cycle than many assumed, myself included,” Rid wrote in a Twitter post. “They were also more covert and more disciplined than in 2016. Expect more.”


More Great WIRED Stories