Hackers, trolls and the fight over your vote in the 2018 midterm elections

What’s old is new again as Election Day draws near. Here’s what you need to know.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
5 min read
Democratic Senate Candidate Doug Jones Votes In Alabama Special Election

"I voted" stickers are displayed on a voting machine in Alabama. 

Justin Sullivan / Getty Images

The election interference that came to define the 2016 presidential race hasn't stopped.

It's not as intense as in 2016, as far as we know. But there are plenty of indications that the hacking and social media manipulation techniques used then are still going on. Hackers have been busted trying to steal passwords from the staff of US senators, and social media companies have been deleting hundreds of accounts they say are associated with coordinated misinformation campaigns.

The stakes are high. Even though the US isn't voting on its next president, voters are preparing to decide 33 US Senate seats races, as well as all 435 seats in the House. There are also 36 races for governor, and three more in US territories too.

As to how bad hacking could be, the US Department of Homeland Security and other US intelligence agencies have said they're bracing for more of the same.

"The intelligence community has said we have every reason to expect that this foreign influence activity will continue," Jeanette Manfra, the chief cybersecurity official at DHS, told CNET in an interview in February.

So now's the time for a refresher course on what happened in 2016 and how it applies to what's going on now. The information comes from intelligence agencies, cybersecurity experts and social media companies that are still dealing with the fallout of 2016 while also keeping tabs on what hackers and trolls are up to today.

Hacked political organizations in 2016

Let's start with the hacking. In 2016, the Russian government allegedly ran a hacking campaign that targeted major US political organizations and staff members of Hillary Clinton's presidential campaign.

Those hackers leaked sensitive emails through WikiLeaks and Russian-controlled websites, which caused significant political fallout, such as the resignation of Democratic National Committee chair Debbie Wasserman Schultz and backlash over Clinton's previously private speeches to bankers at Goldman Sachs. It also fed conspiracy theories like Pizzagate, which grew on social media sites like Twitter and Reddit, and eventually led to one man to fire a gun at the Washington DC pizza parlor named by conspiracists in the hoax.

Russian hackers also tried, sometimes successfully, to hack into the voter registration systems of 21 states. Russia has denied it targeted the US elections in 2016 with a campaign of hacking and influence ever since the news first broke.

Hacked political organizations in 2018

Hackers have been caught with their hands in the cookie jar again in 2018. In particular, they attempted to steal usernames and passwords from the staff of three sitting US senators who are running for re-election, according to Tom Burt, Microsoft's vice president of customer security and trust.

One of the senators was Missouri Democrat Claire McCaskill, and the other two senators' identities aren't known. McCaskill said the hacking attempt wasn't successful.

Watch this: Adam Schiff is worried there's a lot more election interference coming

When it comes to hacks of election websites and other infrastructure, so far there's been one attack on a website run by elections officials in Knox County, Tennessee, which took the website down just after polls had closed on the night of a mayoral primary election.

What's most notable this late in the election season is that there haven't been any hacked emails released.

Trolls in 2016

Separately from the hacking operation, a Russian organization called the Internet Research Agency reportedly created networks of fake US personas on social media platforms including Twitter, Facebook , Reddit and Google-owned YouTube. All of those companies have acknowledged that Russian-backed fake accounts coordinated to spread misinformation on their platforms.

For example, an account on Twitter, called TEN_GOP, was reportedly run by Russians posing as the Republican Party in Tennessee. The account, like other fake accounts identified as part of the interference campaign, spread inflammatory messages.

Facebook said in 2017 that 126 million users saw posts made by 80,000 Russian-backed accounts. On top of that, the company said at the same time that over 10 million Facebook users saw 3,000 ads, which cost about $100,000 to post. Twitter said around the same time that 36,746 inauthentic accounts automatically generated 1.4 million election-related tweets, reaching Twitter users about 288 million times.

Google in 2017 said it found 18 YouTube channels associated with an influence campaign, which posted about 1,100 videos, seen more than 165,000 times. Two accounts paid for $4,700 in election advertising. Reddit acknowledged in March that it removed "hundreds" of accounts it said were of Russian origin or were linking to known propaganda sites.

Trolls in 2018

Troll campaigns remain a problem. Facebook three times so far in 2018 has acknowledged taking down new groups of fake accounts. The company declined to name those responsible for accounts it took down in July, but said in August that a different set of accounts it took down originated in Russia, and another in Iran. Google said at the same time that its users were targeted in an Iranian influence campaign.

On Oct. 12, Facebook said it was pulling down a third group of accounts. This one seemed to be motivated by money and not politics -- the accounts were spreading posts and ads that were political in tone and directed users to outside websites to drive ad revenue. Facebook said those accounts originated in the US.

And on Oct. 15, Facebook said it would ban all misinformation about voting leading up to the election, meaning it would take down posts that mislead people about long lines, violence at polls or voter ID requirements.

Investigations of 2016

Our understanding of what happened in 2016 is the result of a report from several US intelligence agencies, cybersecurity experts, the social media companies whose platforms were involved and an investigation by special prosecutor Robert Mueller, who has indicted 13 Russian hackers as well as the alleged funder and several employees of the Internet Research Agency.

It also comes from outside cybersecurity firms, like Crowdstrike, which determined that two separate Russian spy agencies infiltrated the DNC's computers, stealing documents and emails.

Investigations in 2018

US prosecutors haven't announced any investigations into current efforts to hack politicians or run disinformation campaigns on social media. But cybersecurity firm FireEye has turned its hacker-tracking powers on chasing the digital trails of troll campaigns.

The company used external data of the web tools the trolls were using, like websites and email addresses, to pin down the actors behind specific interference campaigns on Facebook, Twitter and Google , according to FireEye's research.

Voting machine security in 2016

There's no indication that voting machines were successfully hacked, despite high-profile stunts at the Defcon hacker conference showing they can be. DHS officials say it's unlikely, but not impossible, for hackers to sway an election.

Voting machine security in 2018

That's why a report from a group of hacking experts who examined machines that record and tally votes is frightening. The experts found one vote-tabulation machine in particular was vulnerable to a hacker with remote access, giving hackers the power to potentially sway an election.

It's too early to say anything definitive, but so far reports show that hacking and political influence campaigns are much more limited than they were in 2016.

With only a few weeks to go before Election Day, it's still possible we'll see an "October surprise." That's the political term for a late-breaking scandal that changes the course of an election. And in this political era, it wouldn't exactly be a surprise if hacked materials emerged at the last minute.

Election Security: Midterm elections, social media and hacking: What you need to know.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.