russia is everywhere
September 20, 2018

The Kremlin began working behind the scenes to disrupt the 2016 election more than two years in advance. But even when Russian interference became obvious, U.S. officials spent weeks watching the infiltration occur before they could fight it off.

The Democratic National Committee's cybersecurity contractor, CrowdStrike, announced in June 2016 that Russian hackers had compromised the organization's network. The New York Times reported Thursday that CrowdStrike had actually been battling with hackers for weeks. Robert Johnston, a lead investigator for the company, said the hackers "were like a thunderstorm moving through the system — very, very noisy."

Despite the noise, CrowdStrike and the DNC didn't make any noise of their own about the hacking, choosing instead to quietly work to discern how Russians had broken in and figure out how to block them. Russia managed to obtain thousands of documents from the DNC's network, and provided them to WikiLeaks for publication.

"We knew it was the Russians, and they knew we knew," Johnston told the Times of the cyberwarfare. "I would say it was the cyber equivalent of hand-to-hand combat." Russian hackers may have intercepted communications about the DNC's efforts to fend off their attacks, helping them to dodge attempts to shut down their malware. Twelve Russian intelligence officers were indicted in July 2018 for the break-in. Read more at The New York Times. Summer Meza

September 12, 2017

Before the 2016 presidential election, Russians using fake identities organized inflammatory protests in the United States and advertised them on Facebook, including an anti-Muslim and anti-immigrant rally in Twin Falls, Idaho, The Daily Beast reports.

Last week, Facebook announced that Russians hiding behind false names had paid to promote about 3,000 divisive political Facebook posts in the U.S., and a spokesperson confirmed to The Daily Beast that they also paid to share events. While most of the events have been deleted, The Daily Beast was able to find in a search engine cache a Facebook event scheduled for August 27, 2016, hosted by a group calling itself SecuredBorders, which earlier this year was revealed to be a Russian front. When SecuredBorders' page was shuttered by Facebook last month, it had 133,000 followers.

Their event was a protest called Citizens Before Refugees, to be held at the Idaho Falls City Council chambers. It said it was time to "stop taking in Muslim refugees! We demand open and thorough investigation of all cases regarding Muslim refugees!" The Daily Beast says 48 people said they were interested in attending, and only four said they showed up. Whether or not an event is ever actually held, people can RSVP to it as long as an event page is set up.

Twin Falls has long welcomed refugees, and a Chobani plant there had said it would employ refugees. Several pro-Trump media outlets, including InfoWars and Breitbart, had started publishing defamatory stories about refugees in Twin Falls earlier in 2016, with InfoWars publishing at one point a video titled "Idaho Yogurt Maker Caught Importing Migrant Rapists." Chobani sued, and InfoWars' Alex Jones settled and issued a retraction of the false story. Read more about the elaborate Facebook scheme and how many people may have been caught up in it at The Daily Beast. Catherine Garcia

See More Speed Reads