Over the past two weeks, United States Cyber Command and a group of companies led by Microsoft have engaged in an aggressive campaign against a suspected Russian network that they feared could hold election systems hostage come November.
Then, on Monday, the Justice Department indicted members of the same elite Russian military unit that hacked the 2016 election for hacking the French elections, cutting power to Ukraine and sabotaging the opening ceremony at the 2018 Olympics. And in Silicon Valley, tech giants including Facebook, Twitter and Google have been sending out statements every few days advertising how many foreign influence operations they have blocked, all while banning forms of disinformation in ways they never imagined even a year ago.
It is all intended to send a clear message that whatever Russia is up to in the last weeks before Election Day, it is no hoax. The goal, both federal officials and corporate executives say, is to disrupt Russia’s well-honed information-warfare systems, whether they are poised to hack election systems, amplify America’s political fissures or get inside the minds of voters.
But behind the scenes is a careful dance by members of the Trump administration to counter the president’s own disinformation campaign, one that says the outcome on Nov. 3 will be “rigged” unless he wins.
So while President Trump continues to dismiss the idea of Russian intervention, a combination of administration and industry officials are pushing a different narrative: that U.S. intelligence agencies, Facebook, Twitter, Google and others are avoiding the mistakes of four years ago, when they all had their radars off.
But there is also no assurance it will work.
“We don’t like to admit it, but the Russians may not be deterrable,” said James A. Lewis, the director of the technology and public policy program at the Center for Strategic and International Studies in Washington. “How far do we have to go? Is this far enough? We are still scoping that out.”
Keep up with Election 2020
No one will be able to assess the effectiveness of the counteroffensive until after Election Day, when Washington circulates the cyberequivalent of battle-damage reports. But even now there are reasons to question whether the efforts to take on Russia, some of which began in the 2018 midterm elections, have been too timid.
It is hardly a coincidence that the indictments announced on Monday against hackers with Russia’s G.R.U. were unsealed 15 days before the election. But it is unclear what deterrent effect indictments can have when the G.R.U.’s officers are unlikely to ever see the inside of an American courtroom.
One of the hackers named in the indictment was previously charged with hacking U.S. election administrators four years ago. That did not stop him from a brazen hack on the country of Georgia last year. Likewise, even after Russia was outed for hacking the 2018 Pyeongchang Olympics, that apparently did nothing to dissuade it from hacking the postponed 2020 Tokyo games, British officials revealed Monday.
John P. Carlin, the former assistant attorney general for national security who developed much of the Justice Department’s strategy for indicting foreign hackers, and later wrote about it in the book “Dawn of the Code War,” said Mr. Trump’s denial of what happened four years ago gave Russia lots of leeway.
“The details in the indictment are stunning and reveal Russian operatives at the direction of the state attacking the whole world,” he said, adding that “the conspicuous absence of leadership from President Trump” on the issue was all the more striking given the efforts “to expose and disrupt this activity.”
“These attacks on countries and civilian behavior won’t stop until the commander-in-chief calls it out and works with the rest of the victimized world to deter future indiscriminate attacks,” Mr. Carlin said.
If the indictments are the public face of the offensive against the Russians, the effort to dismantle Trickbot — a vast network of infected computers used by ransomware groups — is the more covert element.
Late last month, the military’s Cyber Command started neutralizing Trickbot with a series of attacks. Microsoft’s Digital Crimes Unit secured federal court orders to shut down Trickbot’s infrastructure around the world.
On Tuesday, Microsoft said the operation had been largely successful. It has taken down over 90 percent of Trickbot’s command-and-control servers. The idea is to keep the Russians on the run, so distracted that they are unable to use those systems for ransomware attacks that could hold the election hostage.
“These guys are really good and really move fast, and we knew they would react to rebuild their systems,” said Tom Burt, the Microsoft executive who is running the team. “We were prepared to follow them, and tear down whatever they build up.”
But as Cyber Command and Microsoft were taking aim at Trickbot, a new hacking threat emerged.
Over the past two months, a different group of Russian hackers — known as “Energetic Bear” or “Dragonfly,” and believed to be operating within the country’s Federal Security Service, or F.S.B., the successor to the Soviet-era K.G.B. — has been targeting American state and local networks, according to government and private security researchers.
Their goal is still unclear, but the timing — so close to the election — and the actor, which was previously caught hacking American nuclear, water, and electric plants, has sent alarm bells ringing at Cyber Command and at security firms like FireEye. CyberScoop earlier published details of a leaked FireEye report on the campaign on Tuesday.
Officials worry that even if those hacks do not amount to much, the Russians’ very presence inside U.S. state and local systems could be used to support the president’s baseless allegations that the election is “rigged.”
That was part of the motivation behind an unusual nine-minute video posted online this month — titled “Safeguarding Your Vote”— featuring senior American law enforcement, intelligence and cybersecurity officials.
“We are not going to tolerate foreign interference in our elections or criminal activity that threatens the sanctity of your vote or undermines public confidence in the outcome of the election,” Christopher A. Wray, the F.B.I. director, assured voters.
Mr. Wray and his counterparts have been contradicted at every turn by the president, who continues to assail mail-in voting as an avenue for fraud, for which there is no evidence. Mr. Trump’s claims are often amplified by the Russians, whose main interest is to cast doubt about the credibility of free elections.
“Trump has been a godsend to Russia,” Mr. Lewis said.
In Silicon Valley, executives believe a “perception hack” may pose the greatest threat to the election and have been mounting their own counternarrative.
Facebook, Twitter and Google have all talked up coordination with one another and the government. The companies were credited, with Cisco’s Talos cybersecurity unit, as having played a role in the indictments of the six G.R.U. officers announced on Monday.
Twitter has talked up its takedown of state-backed influence campaigns from Russia, Saudi Arabia, Thailand, Cuba and Iran, and has slapped more overt warning messages on tweets that violate its policies, including those from the president.
Facebook has advertised its takedowns of foreign influence campaigns from China and the Philippines and 300 Russian assets. It has also lowered its tolerance for disinformation.
After years of allowing Holocaust deniers a place on its platform, Facebook started censoring that content this month and stepping up its crackdown of QAnon, which promotes a conspiracy that the world is run by Satan-worshiping pedophiles plotting against Mr. Trump.
The question is whether these efforts, so late in the election cycle, will have the intended effect, since the president has already primed his supporters, and others, to distrust the “fake news,” the “deep state” and now, the election.