Skip to content

Illustration by Security Management

Russia Spreading Ukraine-Based Hacking Theory

In a closed-door briefing with U.S. senators, The New York Times reports that U.S. intelligence officials confirmed that Russia has been spreading a disinformation campaign about Ukrainian efforts to interfere in the 2016 U.S. presidential election.

In the briefing, “American intelligence officials informed senators and their aides in recent weeks that Russia had engaged in a yearslong campaign to essentially frame Ukraine as responsible for Moscow’s own hacking of the 2016 election,” according to the Times.

The information shared in the briefing closely aligns with the testimony given by Fiona Hill—a Russian scholar and former senior White House official—on Thursday. Hill was called before the U.S. House of Representatives Intelligence Committee to testify as a fact witness in the impeachment inquiry that members are using to examine the Trump administration.

“Based on questions and statements I have heard, some of you on this committee appear to believe that Russia and its security services did not conduct a campaign against our country—and that perhaps, somehow, for some reason, Ukraine did,” Hill said in her opening statement. “This is a fictional narrative that has been perpetrated and propagated by the Russian security services themselves.”

“The unfortunate truth is that Russia was the foreign power that systematically attacked our democratic institutions in 2016,” she continued. “This is the public conclusion of our intelligence agencies, confirmed in bipartisan Congressional reports. It is beyond dispute, even if some of the underlying details must remain classified.”

Despite Hill’s testimony and the briefing, many U.S. politicians continue to spread the theory that Ukraine was involved in 2016 election meddling—including U.S. Representative Devin Nunes (R-CA), the ranking member on the House Intelligence Committee.

“Once you understand that Ukrainian officials were cooperating directly with President Trump’s political opponents to undermine his candidacy, it’s easy to understand why the president would want to learn the full truth about these operations and why he would be skeptical of Ukraine,” Nunes said.

Hill’s testimony and news of the briefing come roughly one year before the 2020 presidential election, which U.S. officials are actively attempting to protect. The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) is leading most of these efforts—partnering with state and local election officials to enhance election system security.

“For us, a top priority at CISA has been to improve and ensure the proper communications channels are in place and that information is shared, timely and actionably, to state and local officials so that they can manage risks to their systems,” says Matthew Masterson, senior advisor on election security at CISA.

But the U.S. federal effort to bolster election system security has been hampered by an inability to create cybersecurity standards for state and local authorities holding elections, a lack of funding, and departures from agencies overseeing the work.

Just this week, CISA Assistant Director for Cybersecurity Jeanette Manfra announced that she would be stepping down from her post.

“Manfra has been a key liaison for the agency, speaking about cyberthreats to U.S. supply chains, election infrastructure, and industrial control systems to both the private sector and Congress,” CyberScoop reported. “She has also represented DHS at top cybersecurity conferences like RSA and DEF CON.”

CISA and other organizations have also been wrestling with how to combat the spread of disinformation campaigns and raise awareness of them. In 2019, the agency debuted the War on Pineapple—a viral Internet campaign that demonstrated how actors can exploit divisions within the United States by spreading false information.

While most of the focus for these campaigns has been on politics and democracy, the spread of false information can also harm businesses and organizations.

“For corporations, some of the most serious fake news risks relate to stock manipulation, reputational damage, and the related loss of business—through boycotts for example—and direct threats to staff and property,” wrote Jeremy E. Plotnick for Security Management.