Tech

Russia's hack into the US election was surprisingly inexpensive, Mueller report shows

Key Points
  • Russian hackers used "straightforward" techniques to hack into computer networks for the Democrats' 2016 election campaign, experts told CNBC following the release of special counsel Robert Mueller's report.
  • The main method was "spearphishing" where a malicious email is sent to a targeted recipient. 
  • Experts noted that the hacking and the social media campaigns carried out by Russian internet trolls appeared to require limited resources. 
Robert Mueller
Tom Williams | CQ Roll Call | Getty Images

Techniques used by state-backed Russian hackers to interfere in the 2016 U.S. elections were apparently inexpensive, experts told CNBC, highlighting the ease at which a foreign government was able to meddle in a Western democracy.

The report released by special counsel Robert Mueller lays out how Russian trolls used social media to try to influence the outcome of the election in which Donald Trump was made president and outlines the way in which hackers stole documents from the campaign of Hillary Clinton.

Spearphishing attacks

Beginning in March 2016, units of Russia's military intelligence unit known as GRU hacked the computers and email accounts of organizations, employees and volunteers supporting the Clinton presidential campaign, including the email account of campaign chairman John Podesta, the Mueller report said.

The Russian group also hacked the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC).

Initially, the GRU employed a hacking technique known as spearphishing. That's when a hacker sends an email to a person that contains something like a link to a fake website or an attachment. When a person clicks that link or downloads that document, it could lead to malicious software being installed on that person's computer or mobile device. The spoof website might ask for personal details about a person, which could include passwords to certain services they use.

Once the hackers were into the DCCC network after a successful spearphishing attempt, they were also able to get into the DNC network. From there, they implanted malicious software, which was able to log keystrokes, take screenshots, and gather other data about the infected computers. In this way, the GRU was able to steal thousands of documents from the Democrat campaign, including emails, which ended up on various online platforms including WikiLeaks.

Much of the information was previously disclosed in the 2018 indictment of Viktor Netyksho, the officer in charge of one of the GRU's units. But experts noted the ease with which the hackers were able to get into the networks initially.

"The GRU famously posses tools and techniques which would widely be regarded as sophisticated, but one thing that is striking in the descriptions of the attacks is how the attack used more straightforward techniques," James Chappell, founder at London-based cybersecurity firm Digital Shadows, told CNBC on Tuesday.

However, Chappell added that the specific malware used by the Russians was sophisticated and developed specifically for the purpose of spreading across a network and extracting the files.

It wasn't just Clinton's campaign the GRU attempted to hack, it was also the computer systems containing voter information. In one instance, the Russian hacking group used a technique known as "SQL injection" to compromise the computer network of the Illinois State Board of Elections. An SQL injection involves a piece of malicious code that is able to extract information from a database. In this way, the GRU got data related to "thousands of U.S. voters," according to the Mueller report.

An SQL injection is another common and well-known type of hacking attack.

Social media campaign

Mueller's report also laid out how "dozens" of people were employed by a Russian troll group known as the Internet Research Agency (IRA) to operate accounts on social media platforms including Facebook and Twitter.

In 2014, two IRA employees traveled to the U.S. on an intelligence gathering mission to obtain information and photographs for use in their social media posts.

The IRA first set up accounts claiming to be American individuals. But by early 2015, "the IRA began to create larger social media groups or public social media pages that claimed (falsely) to be affiliated with U.S. political and grassroots organizations," Mueller's report said, adding that the IRA continued operating through 2016, the year of the U.S. elections.

"IRA employees also acknowledged that their work focused on influencing the U.S. presidential election," another part of the report added. The words after that were redacted.

Facebook said last year that the IRA purchased over 3,500 advertisements and spent around $100,000.

Ian Bremmer, president of global political risk research and consulting firm Eurasia Group, said in a recent note that Russia appeared to have relied only on "limited" resources in both the hacking attacks and the IRA social media campaign.

"Given (Russian President Vladimir Putin's) willingness to take on the risk of retaliation, it's remarkable how low a lift it is for the Kremlin to interfere with western democracies," he said in a note Tuesday.