The Hack Next Time

Why the threats to our elections are more sophisticated and widespread than ever

By Andy Kroll | RollingStone Magazine | February 2020

Anthony Ferrante had just arrived for work at the Eisenhower Executive Office Building, next door to the White House, when the first attack hit. Around 7 a.m., internet service went out across the United States and parts of Europe. Reddit, Netflix, and The New York Times website wouldn’t load. Ferrante couldn’t check Twitter for updates because that was down too. “No one knew what it was,” he says. “It was definitely chaotic.”

It was Friday, October 21st, 2016. In two weeks, Americans would pick a new president. When Ferrante, a director in the White House’s cybersecurity team, realized the internet had gone dark across the country, he feared the worst. Ferrante thought he was witnessing a dry run for an attack on the election.

A native of Portland, Maine, with pale Nordic features and a sharp widow’s peak, Ferrante hacked his first computer when he was 10 and studied computer science at Fordham. He was destined for a cushy career as a cyber expert in the private sector when the September 11th attacks happened. He quit corporate America, joined the FBI, and specialized in tracking terrorists on the internet; in his first case at the bureau, he helped foil the terrorist plot to blow up the PATH train tunnel between New York and New Jersey. Over the next decade, he rose to become one of the FBI’s top cyber-security agents and helped write President Obama’s directive that created the first chain of command in the event of a major cyberattack on U.S. soil.

In late 2015, Ferrante moved to the White House to run the National Security Council’s Cyber Incident Response Desk, a small team whose job was to lead the government’s response to a major cyberattack. But by the summer of 2016, his focus had narrowed to a single but growing threat: Russian interference in the election. He and his colleagues had received intelligence reports about strange activity targeting state election websites. At first, the details were sketchy and there wasn’t enough data to draw any connections. Then, in July, the head of elections for Illinois noticed a huge amount of data flowing out of his voter registration system. The FBI discovered that Illinois had been hacked; the culprits accessed databases with information on hundreds of thousands of voters and stole an unknown quantity of data.

The FBI sent an urgent alert to state election chiefs, encouraging them to search their systems for any digital breadcrumbs that matched data from the Illinois breach. Ferrante came to work each morning to find that several new states had been targeted with the same sorts of tools and techniques that Illinois had experienced. With the FBI’s help, his team concluded that Russian-based hackers had penetrated two state voter databases (Illinois was one, the other was not publicly named) and scanned election websites in every state. “We knew at that point we were dealing with a large-scale coordinated campaign,” Ferrante says.

President Obama wanted a national cybersecurity preparedness plan for the upcoming election, and Ferrante was put in charge of creating it. He and his team spent months researching every detail of American elections and running different scenarios. What if a million people showed up to vote in Florida only to be told there was no record of them as a voter? What if a cyberattack took down the division of the Associated Press that supplies election-night reporting data to major news organizations like CNN? What if the internet crashed on Election Day?

That last scenario felt a lot less hypothetical on October 21st as Ferrante scrambled to figure out why the huge swaths of the internet were dark. He called his counterparts at the FBI, CIA, Department of Homeland Security, and National Security Agency; they were just as confused as he was. By midday the outage was international news, spreading from the East Coast to the West. It was only after the third wave of attacks, Ferrante says, that the FBI made contact with an internet-domain company in New Hampshire called Dyn. The company eventually shored up its servers that day, and the internet was restored.

Ferrante and his team had by that point conducted perhaps the most exhaustive study of the potential threats to our convoluted voting system. There were the cyberthreats they had envisioned and prepared for: hacked voter registration databases, disruptions to the flow of information on election night, faulty voter equipment. By Election Day, these threats weren’t all speculative: Two teams of Russian hackers, known as Fancy Bear and Cozy Bear, had broken into the Democratic National Committee and stolen reams of data. The Dyn attack, resulting from a massive botnet that exploited flaws in internet-connected gadgets and appliances such as home security cameras and WiFi routers, showed it was possible to wreak havoc on the internet itself. (To this day, the culprit of that attack remains unknown. The FBI hasn’t announced any arrests and won’t comment on its investigation.)

For Election Day, Ferrante created the first-ever cybercommand post in the White House Situation Room. From six in the morning until the election was called for Donald Trump, he and his colleagues monitored the vote, but the day passed without incident. The sense of accomplishment he felt was outweighed by a sinking feeling over what he knew Russia had already done. By hacking the Democratic Party, spreading disinformation on social media, and compromising confidential voter data, it had proved to the rest of the world it was possible to successfully interfere in a U.S. election and come away largely unscathed.

Obama hit Russia with new sanctions and expelled 35 of its diplomats in his final days in office, but it would be up to his successor to protect against future election attacks. Soon after Trump took office, a team of cyber experts who worked in the Obama White House met with a group of Trump aides including Joshua Steinman, a cybersecurity aide to the new national security adviser, Lt. Gen. Michael Flynn. (Steinman is now the cybersecurity adviser to the president.) According to people familiar with the meeting, when the Obama staffers told Steinman they wanted to talk about Russian interference, they were met with a blank stare.

Nothing happened, was Steinman’s reply: Russia didn’t interfere in the election.

The Obama team was stunned. Inside the Trump White House, the election security issue “was taboo,” says Andy Grotto, an Obama-era holdover who wrote Trump’s 2017 cybersecurity executive order. Grotto got calls from intelligence agencies asking if they were still allowed to work with their European counterparts on interference issues. (The Trump White House didn’t respond to a request for comment for this story.) Ferrante had seen enough. Three months into Trump’s presidency, he handed in his resignation.

Anthony Ferrante

Obama’s Cyber Expert: Anthony Ferrante worked from the White House to try to secure the 2016 election. Afterward, he briefed the Trump team on the threat but they refused to admit Russian meddling. Ferrante was told there’s no “there” there. Photograph courtesy of Anthony Ferrante

Four years ago, for an embarrassingly modest price, Russia pulled off one of the more audacious acts of election interference in modern history. The Internet Research Agency, the team of Kremlin-backed online propagandists, spent $15 million to $20 million and wreaked havoc on the psyche of the American voter, creating the impression that behind every Twitter avatar or Facebook profile was a Russian troll. Russian intelligence agents carried out the digital version of Watergate, infiltrating the Democratic Party and the Clinton campaign, stealing tens of thousands of emails, and weaponizing them in the days and weeks before the election. Russian-based hackers tested election websites in all 50 states for weak spots, like burglars casing a would-be target. “The Russians were testing whether our windows were open, rattling our doors to see whether they were locked, and found the windows and doors wide open,” says Sen. Mark Warner (D-Va.), the top Democrat on the Intelligence Committee. “The fact that they didn’t interject themselves more dramatically into our election was, I think, almost luck.”

Did Russia’s hack-and-leak operation and disinformation blitz tip the election to Trump? Kathleen Hall Jamieson, a communications professor at the University of Pennsylvania, argues in her book Cyberwar that Russia helped Trump win, but the debate over that question rages on to this day. What’s not in doubt, however, is how unprepared and vulnerable the U.S. was.

We can’t say we weren’t warned. European allies raised the alarm for years about Russian aggression and cyberattacks in Estonia and Ukraine on internet infrastructure, election-reporting systems, and the power grid. In the spring of 2015, a panel of experts testified before Congress about “Confronting Russia’s Weaponization of Information.” One of the witnesses was Peter Pomerantsev, a propaganda expert who experienced President Vladimir Putin’s war on truth and