The Helsinki Summit - Risk Dimension Update

Our original risk assessment considered three distinct but connected problems:

  1. Russian meddling in our elections, by way of sustained, persistent cyber warfare, including disinformation campaigns, trolling, and hacking

  2. The adoption of Russian disinformation and trolling methods by domestic political campaigns and organizations

  3. The polarized state of the American electorate, driven by the persistent disinformation and propaganda campaign perpetrated by Russia, cooperatively amplified (if unwittingly so) by domestic political organizations, with an effect multiplied by prevalent cognitive bias

In our May / June update, we added an additional risk dimension: a persistent disinformation and propaganda campaign originating from the Trump administration, multiplied by partisan adherents at other levels of government, including state executive leadership, and then amplified by partisan media.

Following Trump’s recent destructive travels through Europe, culminating in the summit with Russian president Vladimir Putin in Helsinki, Finland, we must re-calibrate our risk assessment to position the Russian cyber measures against the United States as a much more pronounced risk to campaigns of all levels than we originally theorized, as opposed to just something that high profile campaigns needed to worried about. While high profile campaigns may be targeted for direct action like spearphishing, every Democratic campaign is currently at risk of compromise by Russian intelligence operations.

It is also worth outlining another distinct risk to Democratic campaigns. We have previously argued that Democratic campaigns using hacked campaign materials or falling into the easy trap of duplicating these propaganda strategies need to be publicly disavowed as effectively aiding and abetting a foreign power in an attack against the United States meant to destabilize our democracy.

It is not far-fetched to expect that foreign operatives will seek Democratic campaigns willing to receive stolen data. This would achieve many of Russia’s goals: it would fuel division, it would neutralize the narrative of Trump-Russia collusion and undercut the Mueller investigation, and it would provide a king-hell prime example of what-aboutism. The most potent poison for Democratic momentum going into the 2018 midterms would be evidence, no matter how thin, that both sides are the same. 

A recent round of indictments from Special Counsel Robert Mueller show the Democratic National Committee (DNC)’s analytics and related applications were stolen during the 2016 hack by the GRU, Russia’s military intelligence directorate. This was late in the cycle for their advanced persistent threat (APT), and they’d been in the system for a long time – they went back specifically for this data.

Around the same time, significant changes were made to at least one part of Trump’s media plan – the TV and radio buying strategy. These changes were erratic and sudden from a campaign that hadn’t even started advertising on TV until August 19th of 2016. In fact, these shifts were so strange they rated a think piece from Advertising Age. And it didn’t live only with the Trump campaign -- other candidates and operatives had access to and used this data besides Roger Stone.

Further investigation of Cambridge Analytica has proven out a number of disquieting facts, including their role in cheating the Brexit referendum. Most germane to our domestic concern is the final proof that Russia had access to Cambridge Analytica’s Facebook dataset, the result of a UK Electoral Commission investigation. John Bolton’s super PAC spent more than a million dollars with Cambridge Analytica – a super PAC which saw $5 million in donations from Robert Mercer, one of the firm’s principals.  

The Prime Risk

The bell we have been ringing since February of this year sounds an awful lot like where we have ended up with these individual conclusions, so finally getting here isn’t a surprise. What I failed to properly weigh in our original analysis is the cumulative effect of all of these events, and the context in which they have occurred.

The very top of that context, the rudder which steers it and the engine which drives it, is Trump’s obviously compromised position with Russia. And while, after Helsinki, some Republican elected officials have started using the “everybody does it” argument, we say this: This is not "Russia interfering with our elections." This is an organized crime syndicate which has captured the state-security apparatus of the world's second-largest nuclear power, now engaged in an active cyberwar to capture the institutions of state of the world's largest nuclear power -- which just happens to also be the country we live in.

This is a Russia which not only dedicated considerable time and resources to hacking the DNC and working actively against the Clinton campaign in 2016, but which also built an advanced persistent threat on Twitter, spending years building audiences for dozens of local news look-alike accounts, distributed nationally, which had yet to post any false information. Think of the discipline and organization that kind of effort requires, and what the long game might be from a group like the Internet Research Agency.  

This is a Russia which is running a propaganda campaign right now to convince Democrats to leave the Democratic Party, under the #Walkaway hashtag. These tweets have already shown up in the mentions of high profile campaigns like Beto O’Rourke for Senate, but have also started showing up in Texas congressional campaigns, especially those that recently raised their profiles through fundraising success, like Gina Ortiz Jones, Lizzie Fletcher, MJ Hegar, and Sri Kulkarni. (I didn’t check more odious conspiracy theory hashtags like Q Anon, because I knew what I would find and didn’t want to read it.)

This is the same Russia from which oligarch Vladimir Potanin invested in a Maryland state elections vendor who works on the voter registration system, and from where the Internet Research Agency continues to spin up new digital properties. The threat of voter database corruption is very real, as the theft of a list of 500,000 registered voters from Illinois shows. You don’t have to manipulate vote tallies to manipulate the vote --  the real danger is that a voter file together with some fairly simple techniques can be turned into a targeting device for identifying voters to discourage and thereby dampen turnout. Voter suppression is part of the plan.

When you start to sew the details together, the magnitude of the risk becomes clear.

For instance, the National Rifle Association (NRA) spent three times as much money to elect Trump as it did Romney, and is currently avoiding answering questions about connections to Russian oligarchs. To say that the recently indicted Russian agent Maria Butina “infiltrated” the NRA in her quest to connect Republican political figures with the Russian government is to downplay the NRA’s knowing role. The NRA has long worked to conceal where it’s money comes from. And late on Monday, while Trump was on his way back from Helsinki, the Treasury Department announced that from now on, organizations like the NRA have to disclose even less about the sources of their donations.

The most recent indictments show that Russian military hackers attacked the Democratic Party directly. Bot and troll activity is undeniably on the rise, right now. Since September 2017, foreign contractors have been flooding Google with positive disinformation about Trump’s Russian business connections. It is easy to forget that in 2016, Clinton was not the only target of Russian hacking – so too were Democratic candidates for the House. They are being targeted again in 2018. In fact, the National Republican Congressional Committee created a market for hacked campaign materials when they declined to join the Democratic Congressional Campaign Committee in pledging not to use them.

In the original Dark Matter paper, we explored the risk of Russian interference but focused more specifically on the adoption of their methods by domestic political campaigns and organizations. I now believe that to be a mistake. In dealing with a truly environmental set of risks – a threat matrix that is all-encompassing – we should not understate the severity of the core danger which drives the whole system.

Everything happening now flows from Russian activity. Domestic actors have learned from them. American political campaigns have benefitted from their cyber attacks on the United States by using the stolen information to gain advantage on their opponents. Propaganda and disinformation flows from everywhere – Russia, the Trump administration, lesser elected officials, political candidates, Fox News, Breitbart, InfoWars, Sinclair, 4chan – and is aggressively amplified by and between every platform imaginable.


In the interest of political advantage and expediency, American citizens and elected officials are participating in this campaign against their own country. The reach of Russia's effort – the multiplicative nature of it, the momentum – should terrify you. And the Helsinki Summit – both Trump’s actions and the refusal of House and Senate Republicans to stop him – should alert us all to the fact that we are now living in a global emergency, the kind that endangers every structure which has held mankind together since the end of World War II.

You know this is true. You feel it. You, personally, know someone who believes some totally crazy shit. Maybe you’re related to them. Maybe you’ve known them all your life and now, because of what they’ve come to believe, and because of how those beliefs have only hardened in the last year and half, you can barely recognize them.

When you hear people talk about how Russia has weaponized information, believe it. The United States is under attack, and we are at war. It doesn’t look like the war you’re used to, but it is war nonetheless.

There is no logical or credible reason to believe the Trump administration, or Congress, or any American institution can or will stop the Russian attack on the United States. Republican campaigns will happily seek amplification by their bots and trolls, and will use hacked campaign materials at every opportunity.

The Russian risk is critical and ever-present, and while I acknowledged it early on, I didn’t outline it severely enough. I talked myself out of believing some things that seem obvious now. Of course Russia has advanced persistent threats, malware and backdoors and access, buried in voting machines and state election systems. Of course they have advanced persistent threats lodged in the systems of candidates and campaigns and elected officials and government agencies. Of course they will use what they learned running a multi-state targeted disinformation campaign based on good targeting data in a general election as the foundation for running a similar campaign in dozens of races nationwide. Of course campaigns at every level are vectors for this threat.

Russian computational propaganda is not just coincidentally and gratefully amplified by domestic, Republican groups and campaigns adopting their methods. Rather, that synergy is how this attack was designed to work.

Risk analysis, threat assessment, intelligence analysis – these processes are about observing the world objectively, as it is rather than as you’d like it to be. We take those observations and use them to consider possible outcomes and weigh probabilities. With skill and seriousness, we project ourselves forward into the future.

In the best version of the work, we use our understanding of what might happen to defeat or avoid the risks we’ve considered. If we can see all of this headed to a place we don’t want to go, how do we keep from ending up there?

For now, the answer is vigilance. We have to change our personal habits to make our campaigns and our organizations less vulnerable to hacking and compromise. We have to change our strategies to make our message and our constituent audiences more durable. We have to be willing to do the work this change requires.

Any campaign which doesn’t take this seriously is a danger to itself and other campaigns, and that is part of Russia’s plan, too. It isn’t too late to defend yourself, but you’re already under attack.