Rolling Stone - USA (2020-02)

38 | Rolling Stone | February 2020

A

NTHONY FERRANTE had just
arrived for work at the Eisen-
hower Executive Office Build-
ing, next door to the White
House, when the first attack
hit. Around 7 a.m., internet
service went out across the United States and
parts of Europe. Reddit, Netflix, and The New
York Times website wouldn’t load. Ferrante
couldn’t check Twitter for updates because that
was down too. “No one knew what it was,” he
says. “It was definitely chaotic.”
It was Friday, October 21st, 2016. In two
weeks, Americans would pick a new president.
When Ferrante, a director in the White House’s
cybersecurity team, realized the internet had
gone dark across the country, he feared the
worst. Ferrante thought he was witnessing a
dry run for an attack on the election.
A native of Portland, Maine, with pale Nordic
features and a sharp widow’s peak, Ferrante
hacked his first computer when he was 10 and
studied computer science at Fordham. He was
destined for a cushy career as a cyber expert in
the private sector when the September 11th at-
tacks happened. He quit corporate America,
joined the FBI, and specialized in tracking ter-
rorists on the internet; in his first case at the
bureau, he helped foil the terrorist plot to blow
up the PATH train tunnel between New York
and New Jersey. Over the next decade, he rose
to become one of the FBI’s top cyber security
agents and helped write President Obama’s di-
rective that created the first chain of command
in the event of a major cyberattack on U.S. soil.
In late 2015, Ferrante moved to the White
House to run the National Security Council’s
Cyber Incident Response Desk, a small team
whose job was to lead the government’s re-
sponse to a major cyberattack. But by the sum-
mer of 2016, his focus had narrowed to a single
but growing threat: Russian interference in the
election. He and his colleagues had received in-
telligence reports about strange activity target-
ing state election websites. At first, the details

were sketchy and there wasn’t enough data to

draw any connections. Then, in July, the head

of elections for Illinois noticed a huge amount

of data flowing out of his voter registration sys-

tem. The FBI discovered that Illinois had been

hacked; the culprits accessed databases with in-

formation on hundreds of thousands of voters

and stole an unknown quantity of data.

The FBI sent an urgent alert to state election

chiefs, encouraging them to search their sys-

tems for any digital breadcrumbs that matched

data from the Illinois breach. Ferrante came

to work each morning to find that several new

states had been targeted with the same sorts of

tools and techniques that Illinois had experi-

enced. With the FBI’s help, his team concluded

that Russian-based hackers had penetrated

two state voter databases (Illinois was one, the

other was not publicly named) and scanned

election websites in every state. “We knew at

that point we were dealing with a large-scale

coordinated campaign,” Ferrante says.

President Obama wanted a national cyber-

security preparedness plan for the upcoming

election, and Ferrante was put in charge of

creating it. He and his team spent months re-

searching every detail of American elections

and running different scenarios. What if a mil-

lion people showed up to vote in Florida only

to be told there was no record of them as a

voter? What if a cyberattack took down the

division of the Associated Press that supplies

election-night reporting data to major news

organizations like CNN? What if the internet

crashed on Election Day?

That last scenario felt a lot less hypotheti-

cal on October 21st as Ferrante scrambled to

figure out why the huge swaths of the inter-

net were dark. He called his counterparts at

the FBI, CIA, Department of Homeland Secu-

rity, and National Security Agency; they were

just as confused as he was. By midday the out-

age was international news, spreading from

the East Coast to the West. It was only after

the third wave of attacks, Ferrante says, that

the FBI made contact with an internet-domain

company in New Hampshire called Dyn. The

company eventually shored up its servers that

day, and the internet was restored.

Ferrante and his team had by that point con-

ducted perhaps the most exhaustive study of

the potential threats to our convoluted vot-

ing system. There were the cyberthreats they

had envisioned and prepared for: hacked voter

registration databases, disruptions to the flow

of information on election night, faulty voter

equipment. By Election Day, these threats

weren’t all speculative: Two teams of Rus-

sian hackers, known as Fancy Bear and Cozy

Bear, had broken into the Democratic National

Committee and stolen reams of data. The Dyn

attack, resulting from a massive botnet that ex-

ploited flaws in internet- connected gadgets and

appliances such as home security cameras and

WiFi routers, showed it was possible to wreak

havoc on the internet itself. (To this day, the

culprit of that attack remains unknown. The

FBI hasn’t announced any arrests and won’t

comment on its investigation.)

For Election Day, Ferrante created the

first-ever cybercommand post in the White

House Situation Room. From six in the morning

until the election was called for Donald Trump,

he and his colleagues monitored the vote, but

the day passed without incident. The sense of

accomplishment he felt was outweighed by a

sinking feeling over what he knew Russia had

already done. By hacking the Democratic Party,

spreading disinformation on social media, and

compromising confidential voter data, it had

proved to the rest of the world it was possible

to successfully interfere in a U.S. election and

come away largely unscathed.

Obama hit Russia with new sanctions and ex-

pelled 35 of its diplomats in his final days in of-

fice, but it would be up to his successor to pro-

tect against future election attacks. Soon after

Trump took office, a team of cyber experts who

worked in the Obama White House met with a

group of Trump aides including Joshua Stein- FR

OM

LE

FT

:^ N

AI

RA

D

AV

LA

SH

YA

N/

AP

IM

AG

ES

/S

HU

TT

ER

ST

OC

K;^

SA

ND

RO

M

AD

DA

LE

NA

/

SH

UT

TE

RS

TO

CK

;^ F

OT

OG

RIN

/S

HU

TT

ER

ST

OC

K;^

MI

CH

AE

L^ N

EL

SO

N/

EP

A/

SH

UT

TE

RS

TO

CK

;^ F

AC

EB

OO

K;^

CR

OW

DS

TR

IKE

;^ M

.^ S

PE

NC

ER

G

RE

EN

/A

P^ I

MA

GE

S/S

HU

TT

ER

ST

OC

K

Do you

think we’ll

be able to

cut green-

house gas

emissions

in half

by 2030

to avoid

climate

catastro-

phe?

13%

Ye s

87%

No

Go to Rolling

Stone.com

for next

issue’s poll.

READERS’

POLL

SEEKING TROLLS
The newly formed
Internet Research
Agency — bank-
rolled by Russian
oligarch Yevgeniy
Viktorovich Prigo-
zhin — posts an ad
seeking “internet
operators,” or trolls.

TENSIONS RISE

Russia invades Ukraine and annexes

Crimea, dramatically escalating tensions

with the United States. Six years later, the

conflict still rages.

LICENSE TO

CONSPIRE

The nascent troll

farm launches

Project Lakhta,

which a DOJ indict-

ment will later call

a “conspiracy to

interfere in the U.S.

political system.”

USA FIELD TRIP

Two IRA employees

visit nine states

including the elec-

toral battlegrounds

of Michigan,

Colorado, and

Nevada to “gather

intelligence” on

American politics.

TARGET: CLINTON

The IRA seeks “any

opportunity to

criticize Hillary.”

Posing as Christian

activists, anti-

immigration zealots,

and civil-rights

radicals, their posts

reach 126 million.

DNC HACK

Fancy Bear, a

hacker group

associated with

the GRU, Russian

military intelligence,

spear-phish John

Podesta’s account

and steal 50,000

emails.

DATA BREACH

GRU hackers break

into the Illinois

State Board of

Elections, gaining

access to 200,000

voters’ registration

data — the first of

a series of attacks

across all 50 states.

THE LONG VIEW: RUSSIAN ELECTION INTERFERENCE

TIMELINE

AUG. 20 13 FEB. 20 14 APRIL JUNE FEB. 20 16 MARCH JUNE