Today marks two weeks since Election Day 2020 in the U.S., when tens of millions went to the polls on top of the tens of millions who had voted early or by mail in the weeks leading up to November 3.

The whole affair was expected to be a hot mess of suffrage, what with a closely divided public and access to the world’s most powerful office hung on the outcome of voting in a few, key districts sprinkled across a handful of states. Election attacks seemed a foregone conclusion.

Election Attack, Anyone?

Memories of the 2016 Presidential contest are still fresh in the minds of U.S. voters. During that contest, stealthy disinformation operations linked to Russia’s Internet Research Agency are believed to have swayed the vote in a few, key states, helping to hand the election to GOP upstart Donald Trump by a few thousands of votes spread across four states.

Listen: Russian Hacking and the Future of Cyber Conflict

Adam Meyers CrowdStrike
Adam Meyers is the Vice President of Threat intelligence at the firm Crowdstrike.

In 2020, with social media networks like Facebook more powerful than ever and the geopolitical fortunes of global powers like China and Russia hanging in the balance, it was a foregone conclusion that this year’s U.S. election would see one or more cyber incidents grab headlines and – just maybe- play a part in the final outcome.  

But two weeks and more than 140 million votes later, wild conspiracy theories about vote tampering are rampant in right wing media. But predictions of cyber attacks on the U.S. presidential election have fallen flat.

From Russia with…Indifference?

So what happened? Did Russia, China and Iran decide to sit this one our, or were planned attacks stopped in their tracks? And what about the expected plague of ransomware? Did budget and talent constrained local governments manage to do just enough right to keep cyber criminals and nation state actors at bay? 

Allan Liska is a Threat Intelligence Analyst at the firm Recorded Future,

To find out we invited two experts who have been following election security closely into the Security Ledger studios to talk.

Allan Liska is a Threat Intelligence Analyst at the firm Recorded Future, which has been monitoring the cyber underground for threats to elections systems.

Joining Allan is a frequent Security Ledger podcast guest: Adam Meyers the Senior Vice President of Threat Intelligence at the firm Crowdstrike back into the studio as well. Crowdstrike investigated the 2016 attack on the Hillary Clinton presidential campaign and closely monitors a wide range of cyber criminal and nation state groups that have been linked to attacks on campaigns and elections infrastructure. 

To start out I asked both guests – given the anticipation of hacks targeting the US election – what happened – or didn’t happen – in 2020. 


As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

The 2020 election in the U.S. is less than a week away and warnings about cyber threats to the vote are coming out with about the regularity as polls of the presidential contest between Joe Biden and Donald Trump. 

Public Sector Mega-Vendor Tyler Technologies Says It Was Hacked

On October 9, for example, the FBI and DHS warned that so called “Advanced Threat” actors were chaining together multiple vulnerabilities in an attempt to compromise federal, state and local government networks and elections organizations.

Rob Bathurst is the Chief Technology Officer at Digitalware.

Also this month, an outbreak of the Dopplepaymer ransomware affected elections infrastructure in Hall County, Georgia, disabling a database used to verify voter signatures in the authentication of absentee ballots. 

Which leads us to ask: despite years of warnings, are state and local governments ready for what Russia, Iran or any number of ransomware gangs have in store for them? 

To help answer that question, we invited Rob Bathurst into the studio. Rob is the Chief Technology Officer at Digitalware, a Denver area company that specializes in risk analysis  and risk management with Federal, state and local government and F500 companies. 

Episode 96: State Elections Officials on Front Line against Russian Hackers

In this conversation, Rob and I talk about what the biggest cyber risks are to state and local governments and how worried we should be about warnings about cyber threats to elections systems are. 

Vulnerabilities are just a reality in government networks, Rob says. The key is to avoid being surprised by attacks and also to ensure that you can keep voting systems and other critical systems available even if they are the target of an attack. 

Episode 175: Campaign Security lags. Also: securing Digital Identities in the age of the DeepFake

In this conversation, Rob  and I talk about the bigger picture of cyber risk for federal state and local governments. We also talk about incidents like the recent hack of government ERP provider Tyler Technologies. 

Rob Bathurst is the Chief Technology Officer at the firm Digitalware. he was here talking to us about cyber risks in local governments and the risk to elections systems. 

Keyboard to the internet

The DOJ indicted a Russian national for his role in “Project Lakhta,” a campaign to undermine the U.S. election…and mine some cryptocurrency along the way. It is the latest evidence of Russia’s willingness to use cyber criminals to conduct state-sponsored espionage.


A global pandemic, mass social unrest, economic crisis, and a divisive presidential election: there is no better time for Russia to be chumming the waters for political mayhem. And, if a newly released indictment is any indication, that’s exactly what experts say is happening.

With a little over fifty days until election day, the U.S. Department of Justice (DOJ) on Thursday charged Artem Mikhaylovich Lifshits, a Russian national, for his alleged role in a conspiracy to use the stolen identities of U.S. persons to open fraudulent accounts at banking and cryptocurrency exchanges.

Report: China, Like Russia, Uses Social Media to Sway U.S. Public Opinion

Lifshits was a part of “Project Lakhta,” a Russia-based campaign of political and electoral interference operations that dates to 2014. The project encompasses a range of activities including the Internet Research Agency (IRA), which gained notoriety for disinformation campaigns around the 2016 U.S. presidential election.

Project Lakhta Endures

According to the court document, Project Lakhta’s stated goal is to “disrupt the democratic process and spread distrust towards candidates for political office and the political system in genera disrupt the democratic process and spread distrust towards candidates for political office and the political system in general.”

Feds, Facebook Join Forces to Prevent Mid-Term Election Fraud

Lifshits worked as a manager of The Translator Department, which directed Project Lakhta’s influence operations – operations that are still ongoing, according to G. Zachary Terwilliger, U.S. Attorney for the Eastern District of Virginia.

“This case demonstrates that federal law enforcement will work aggressively to investigate and hold accountable cyber criminals located in Russia and other countries, which serve as safe-havens for this type of criminal activity,” Terwilliger said in a statement.

“Lifshits participated in this fraud in order to further Project Lakhta’s malign influence goals and for his own personal enrichment,” said Assistant Attorney General for National Security John C. Demers in a statement.

As Cybercrooks Specialize, More Snooping, Less Smash and Grab

Lifshits is just the latest Russian national indicted for crimes linked to foreign interference in U.S. domestic politics. Thirteen members of the Internet Research Agency were indicted in 2018 for influence campaigns as part of Robert Meuller’s probe into Russian activities in the 2016 election. Given Russia doesn’t extradite its citizens to the US, legal maneuvers do little to stamp out the work of hackers like Lifshits, a 27-year-old living in St. Petersburg, Russia.

Russia Taps Hackers-for-Hire

Lifshits’ mixture of financial fraud and political influence allegations are characteristic of Russian cyber operations, the authorities said.

“This case provides a clear illustration of how these malicious actors fund their covert foreign influence activities and Russia’s status as a safe-haven for cyber criminals who enrich themselves at others expense,” said Assistant AG Demers.

Earlier this year, Facebook identified Russian campaigns linked to cyber criminal groups in Nigeria and Ghana. Within Russia, robust black markets for info-ops exist in which operators are driven by financial incentives, according to research by firm Recorded Future.

The issue expands beyond Russia. Even beyond the “big-four” (Russia, China, Iran, North Korea), nations in the Middle East, Asia, and South America are showing evidence that hacker-for-hire groups are on the rise.

While attribution of these campaigns to electoral outcomes is difficult if not impossible, Project Lakhta’s work demands to be taken seriously. Microsoft warned last week that China and Iran are working to move the needle on elections as well.