AnalysisCyber Security

US Elections: Trolling Campaigns of Russia and Iran Favour their respective candidates, but China attempts to sabotage entire democratic systems

If Russia’s influence operations are bursts of bad weather, China’s growing operations are like climate change that are far more destructive – says Ken McCallum, MI5 Chief

by Prasad Nallapati

The US Presidential race is in the final lap, but Russia remains the “big” elephant in the room, with the “ghosts” of China and Iran too looming large on the horizon to undermine the election.  The issue came up for a sharp exchange between the two Presidential candidates in their third and last of the debates yesterday (October 22) focusing on recent release of a set of emails maligning Democratic nominee Joe Biden.

The New York Post, a little-known tabloid, published the emails last week purported to have been obtained from an old laptop of Hunter Biden, son of Joe Biden. These indicate that the latter, as Vice President in the Obama administration, influenced the then Ukrainian government to drop investigations into its gas company, Burisma, where Hunter served as a Director. The post stated that it obtained the emails from Rudy Giuliani, personal attorney of President Trump. The intriguing part was that the emails were handed over to Giuliani by a Delaware repair shop, where the laptop was said to have been left unclaimed.

Biden denied the allegations while accusing the President of peddling Russian propaganda.  Giuliani had long been seen as an active agent of Russian influence operations to help Trump win the elections. This looks like a re-enactment of the 2016 Presidential election where the Russian state hackers were believed to have retrieved and published emails from the computer systems of the then Democratic campaign of Hillary Clinton that had contributed to her defeat.

The Presidential debate also focused on the concerns of intelligence agencies over Iran’s electoral interference with Biden pointing to failure of the Trump administration’s policy toward the Islamic Republic.

In a press conference on October 21, Director of National Intelligence (DNI) John Ratcliffe and FBI Director Chris Wray disclosed Iranian hand in a voter intimidation campaign designed to hurt Trump’s electoral prospects. A series of fake emails, purported to have been from the white supremacist group, “Proud Boys”, were sent to Democratic voters in multiple “battleground” states that sought to intimidate them from voting for Biden. This is seen as an unusual escalation of Iran’s interference that is pushing boundaries using bold and innovative approaches.

The Department of Justice had seized 92 domain names which were masqueraded as genuine news outlets but were used by Iran’s IRGC to engage in a global disinformation campaign. Four of these domains,,, and, targeted the US with pro-Iranian propaganda in an attempt to influence the American people to change its foreign and domestic policy toward Iran and the Middle East. The remaining 88 domains targeted audiences in Western Europe, the Middle East, and South East Asia.

President Trump, at a rally in North Carolina this week, said “Iran doesn’t want to let me win. China doesn’t want to let me win,” while downplaying alleged Russian operations.

China’s trolling campaigns to influence current election cycle are limited but its disinformation operations are considered a more insidious menace to US democracy that will continue well past the election day.  The Chinese Communist Party is trying to portray the superiority of its systems over that of the US, drawing parallels between its successful handling of Covid-19 pandemic and Washington’s mishandling that led to the highest number of infections in the world, causing deaths of over 200,000 American people.

It is a strategy to denigrate the US democratic systems and promote Beijing’s autocratic model of government. Its goal is not just confined to the US but to win influence across the globe, particularly among the American allies in Southeast Asia, Middle East, Africa, Europe and even South America.

In a report titled “Operation Naval Gazing,” the social media research company Graphika identified Facebook posts praising China’s generosity in offering coronavirus vaccines to these countries. A pro-Chinese network, “Spamouflage Dragon,” was seen spreading videos on Twitter, YouTube and Facebook on racist killings and “Black Lives Matter” protests. In August 2019, Twitter took down 936 troll accounts linked to Chinese state actors.

Ken McCallum, the new chief of the MI5, the British domestic intelligence service, stated “If Russia’s influence operations are bursts of bad weather, China’s growing operations are like climate change” that are far more destructive.

Briefing congressional intelligence committees last month, Ratfliffe said dozens of US lawmakers had been more broadly targeted by Chinese influence campaigns, four times higher than that of Russia and eight times of Iran.

The National Security Agency, the US technical spy agency, issued a warning on October 20 that Chinese government hackers were targeting American computer networks involved in national defense, calling it a critical priority that need urgent attention. The alert listed a series of vulnerabilities that Chinese hackers were trying to exploit to access networks holding sensitive information. A review carried out by the Navy last year found that many of its systems and that of its industry partners were “under cyber siege” by the Chinese hackers.

Although Trump downplays threats of Russian interference, security agencies claim to have mounted coordinated effortsto prevent a repeat of 2016.  While shoring up the defenses of election networks in cooperation with technology giants, the Cyber Command has been targeting Russian spies to “disrupt their plans by repeatedly knocking them off the Internet, confusing their planners and depriving them of their hacking tools.”

The Microsoft stated on October 20 that it had thwarted a potential Russian operation to disrupt elections by seizing servers of Trickbot botnet based in the US, a network of computers infected by malware that could be controlled remotely for launching ransomware attacks to compromise integrity of systems linked to the polls.  Security experts, however, doubt the Microsoft’s claims as a small number of Trickbot command-and-control servers continue to operate in Brazil, Colombia, Indonesia and Kyrgyzstan.

The Department of Justice unveiled on October 19 criminal charges against six Russian officers of its Military Intelligence Directorate (GRU) unit 74455 for their involvement in some of the most damaging cyberattacks worldwide, including disruption of Ukraine’s power grid and deployment of `NotPetya’ ransomware virus.  The GRU was previously charged for their role in the 2016 US presidential election.  The group was also responsible for hacking the systems of the 2018 Winter Olympics in South Korea and stealing emails of the French Presidential campaign in 2017, besides other attacks in the UK.

Prospects for Global Mechanism to Prevent Cybercrimes

There have been many attempts, including at the United Nations, to create robust cyber-security norms but none of them has shown any promise so far.  Western countries led by the USA and Europe championed for an open, free and secure model of the internet while countries like Russia and China are advancing a proposal for an expanded state control. The UN adopted in December 2019 a resolution moved by Russians to establish a Committee of Experts to consider a new Cybercrime Treaty.  Russia’s draft convention, backed by China, however raised serious concerns over human rights issues.

President Putin proposed last month a comprehensive bilateral cooperation with the US on international cybersecurity, which inter alia include suggestions against using information and communication technology to strike each other and guarantees of non-interference in each other’s domestic affairs, including elections.  The Trump administration, however, has rejected the proposal questioning Putin’s honesty.

A similar cybersecurity agreement that the previous Obama administration had signed with China in September 2015 was proven to be a mockery as Beijing’s global cyber operations have since expanded not only in scale but also in sophistication.  Even as this agreement was being signed, the US had lost its moral authority to clinch more tougher terms as American whistleblower, Edward Snowden, exposed a whole gamut of US cyber operations across the world.

Hence, a more strident and coordinated approach is needed to coerce these major powers to agree to a more biting UN mechanism on cybersecurity similar to other treaties relating to nuclear and missile control measures.

(Prasad Nallapati is President of the Centre for Asia-Africa Policy Research and former Additional Secretary to the Govt of India)