Since the realization that foreign and domestic disinformation played a central role in driving certain narratives during the 2016 elections, many Americans have tried to grapple with what this means, how it affects us and our communities, and what we can do about it.
This series explores those lessons we haven’t learned well enough since 2016, and what we should learn from them to be better information citizens and break patterns of how disinformation works.
Lesson 2: Hacking and cyberattacks are about narrative as much as targets.
A series of Kremlin-backed cyberattacks during the 2016 elections — including the hacking of the DNC & RNC servers and the attempted hacking of elections systems in all 50 states — raised serious concerns about elections security. Far less attention was paid to understanding how these attacks contributed to the essential information architecture that framed discussions of the elections.
In US discussions on information warfare and disinformation, there has not been enough attention paid to the overall concept of narrative — that is, the purpose of a piece of information or an article, the story that information is telling, or the overall framework it contributes to that helps us understand both that information and other information like it in the future.
Disinformation is as much about building narrative as the specific tactics that are used to get content in front of us — about the construction of this information architecture that guides how we see and interpret information. Current events contribute to those disinformation narratives, and can be used to help build them.
In the case of the various hacking events conducted by the Kremlin before the 2016 elections — including the hacking of the DNC servers, some RNC email, and John Podesta’s personal email, as well as the attempted hacking of parts of the elections systems in all 50 states — these activities helped tell a story.
For the public, which was largely unaware of the targeting of elections systems until after the election, the focus was on “the emails.” Which emails never mattered, since the narrative of “emails” hiding guilt or wrongdoing had been long-established by the stories about Hillary Clinton’s private email server. In this case it was primarily about “juicy” or “salacious” details from the Podesta hack. The Podesta emails were nothing more than voyeurism, but that didn’t matter: the fact that they had been hacked and released contributed to existing narratives about hidden secrets and “Clinton corruption.” The perception that there was dirt to be found beyond gossip and complaining was enough. This bolstered the narratives that Trump and his campaign, parallel to Russian propaganda, were using to target Clinton.
The targeting of election infrastructure also created a narrative, but one that initially targeted decision-makers in the government. There were deep concerns in the Administration that there would be attempts to change vote counts or voter rolls to disrupt either the conduct of the vote or the counting, creating chaos on Election Day and leaving questions about the legitimacy of the election. Officials were torn between making more information public and the fear that doing so was playing into the Kremlin’s hands, as captured by this finding from the Senate’s report on the hacking of election infrastructure:
In 2016, officials at all levels of government debated whether publicly acknowledging this foreign activity was the right course. Some were deeply concerned that public warnings might promote the very impression they were trying to dispel – that the voting systems were insecure.
In hindsight, the success of these hacking operations themselves didn’t matter very much. Certainly, the Kremlin would have liked to have known they had the option of directly altering American election results. The immediate point, however, was to drive a narrative via security and intelligence channels which would fixate the White House on the hacking threat at the cost of ignoring the more widespread information operations targeting American voters. Notably, when President Obama told Putin to “knock it off” in the summer of 2016, he was referring to these cyberattacks on electoral systems, not the broader information effort. The hacking itself was a form of disinformation, and now contributes to a narrative of election insecurity and systemic weakness that is embraced in certain ways by both sides of the political spectrum in America.
Hacking as part of broader narrative efforts is also visible in other operations.
Attempted cyberattacks by Russian intelligence-aligned groups targeting critical US infrastructure — like water, power, and communication grids, as well as nuclear power plants — are partially about probing and infiltrating systems for the future, but partially about telling the story of guerrilla and irregular capabilities unleashed against a more powerful adversary across multiple domains. Even if they can’t plant some devastating virus or permanent backdoor in our networks, they can sow the seeds of fear and doubt about our security, and they can conjure a specter about the high cost and likelihood of retaliation if we try to hold them accountable for invading their neighbors, shooting down civilian airliners, and conducting assassinations on foreign soil.
Likewise, ransomware attacks conducted by Russian-aligned groups against local governments and city-level services are partially about the hacking, partially about earning income to self-fund future intelligence operations, and partially about deepening the narrative from 2016 — that the fragility in our infrastructure is more systemic and deeper than we thought.
Hacking events are also still used to create the perception of wrongdoing or hidden information. For example, Burisma, a Ukrainian gas company, was hacked during the impeachment process. No information acquired from that hack was revealed, but it helped to build the narrative that Burisma and the Bidens had something to hide, which was a part of the defense of the president’s misconduct. As with the Podesta hack, the story of the hack itself is wrongly viewed by many as evidence that “there must be something there.”
And it isn’t just the Russians who know how to use hacking as narrative: think back to the Sony hack in 2014. North Korea’s hackers were able, at almost no cost to the country, to send a very loud message that there were consequences if anyone messed with North Korea and its dictator.
So, what can you do about it? Understand the role you play as an individual in spreading and accelerating the amplification of news stories that have a meaning deeper than the surface. With stories about hacking in particular, try to understand the broader narrative they contribute to. Help put the story in that context for others. This can ensure that information can be shared without achieving the narrative goals of attackers.