Hacking the Vote: Who Helped Whom?

Bryan Bedder/Getty Images for Concordia Summit

Cambridge Analytica CEO Alexander Nix speaking in New York City, September 19, 2016

In recent months, we have learned much about how successful the Trump campaign was in micro-targeting voters in crucial swing states. In the waning days of the 2016 campaign, especially, Trump’s data team knew exactly which voters in which states they needed to persuade on Facebook and Twitter and precisely what messages to use. The question is: How did the Russians know this, too?

Last week, it was reported that both Congressional investigators and the FBI are now exploring whether Russian operatives were guided in their efforts by Trump’s digital team, and the House Intelligence Committee has invited Trump’s digital director, Brad Parscale, to testify. Largely ignored in this discussion, however, is another possibility: that the Russians themselves, through their hacking of Democratic Party records, were supplying crucial information to the digital team. 

According to its own account, Trump’s digital team, which was run by Parscale and overseen by Jared Kushner, used standard marketing tools, especially Facebook’s, to target voters in the rust belt states that decided the election. The team’s algorithms and models, which were developed by the data analytics firm Cambridge Analytica, were essential to this effort. Using data culled from its database of 5,000 bits of personal information—such as religious affiliation, gun ownership, and buying habits—on 220 million Americans, Cambridge Analytica was able to determine where Trump had the best chances to motivate people who typically didn’t vote, where Clinton’s support among legacy Democrats was weak, and where the candidate himself should show up, especially in the last days of the campaign.

This granular view of the electorate apparently gave the Trump digital team the edge it needed to win the election. In April, when Virginia Senator Mark Warner, the ranking member of the Senate Intelligence Committee, spoke on the popular podcast “Pod Save America,” he wondered aloud if the Trump team’s data could have been passed along to the Russians, given what he called their ability “to target states and levels of voters that the Democrats weren’t even aware of” with their social media propaganda. This followed Warner’s comments during a rare open session of the intelligence committee where he was unequivocal that Russian agents had “interfered in the election by [employing] thousands of paid Internet trolls and botnets [networks of computers running bots] to push out information and fake news.”

The Internet is an ideal medium for a propagandist. Twitter, where only 16 percent of American adults receive their news is, nonetheless, an easy conduit into the popular mind. This was best described by former FBI agent, Clinton Watts, who is now a fellow at the Center for Cyber and Homeland Security at George Washington University, during his testimony at the open Senate Intelligence Committee hearing:

You can create more personas in Twitter, for example, which makes it look like there are more people than there really are. It’s a strategy, essentially, that amplifies your appearance. So what they do is, they launch those simultaneously….The goal is to get…in the top of [the] Twitter stream so mainstream media has to respond to that story. When mainstream media responds to it or looks at it without commenting on it, it takes over organically and you’ll see it move over the Internet like a virus.

So-called “twitter bots” are automated Twitter accounts that look and behave like real people. They are relatively easy to create. Recently, I spent a few hours programming one to impersonate my dog, retweeting posts with the hastag #puppy every twenty minutes, using instructions I found on the Internet; within a few hours the puppy bot had fifty followers. I also found companies willing to create whole armies of bots able to interact with other Twitter users. One of these, TweetAttacksPro 4, claims that it can “run thousands of twitter accounts at the same time 24/7 to auto-follow, unfollow, follow back, tweet, retweet, reply, favorite, delete tweet, unretweet, unfavorite, add to list, and send messages to your new followers. Every account can have its own settings thus preventing twitter from becoming suspicious about the account, plus the software can simulate human operation perfectly!” This may have been similar to what the Russian bots were doing during the campaign. As Clinton Watts said at the Senate hearing, “…whenever you’re trying…to convince [someone] that the information [they are seeing] is true, it’s much more simple because you see someone and they look exactly like you, even down to the pictures.”

But even more telling was another point in Watts’s testimony. Not only is it fairly easy to create and deploy an army of bots to spread false information, he explained, it is also fairly simple to make that army resemble real people in the places where the information being spread will have the greatest effect. “If you do appropriate target audience analysis on social media,” he said, “you can actually identify an audience in a foreign country or in the United States [and] parse out all of their preferences. One of the reasons [the bios of those bots] had conservative Christian, you know America, all those terms in it, those are the most common ones. If you inhale all of the accounts of people in Wisconsin, you identify the most common terms in it, you just recreate accounts that look exactly like people from Wisconsin.”


Similarly, bots can be programmed to search for certain keywords and particular users. That could account for why Russian bots were propagating anti-Clinton messages in places like Wisconsin: they might have simply been following the lead of other pro-Trump Twitter users. Moreover, once the bots’ Russian handlers saw attention being focused on the Rust Belt near the end of the campaign by Trump’s team, they would not have needed insider information to direct their fake accounts to spread false information in those precincts. As Issie Lapowsky observed recently in Wired, “…there’s nothing preventing a Russian actor or anyone else from reading the news and understanding the American electorate, and thanks to readily available digital tools, targeting that electorate is simple.”

But none of this puts to rest the other possibility, that coordination or cooperation between Trump’s digital team and Russian agents might have gone the other way, from the Russians to the Trump team. The Russians, after all, hacked into the Democratic National Committee, the Democratic Congressional Campaign Committee, and targeted the voter registration systems of anywhere between twenty-one (according to the Department of Homeland Security) and thirty-nine states (as reported by Bloomberg, based on anonymous government sources). All of those efforts would have offered valuable data to the algorithm builders and modelers—Cambridge Analytica—on Trump’s digital team. (It should be noted that conspiracy theorists have had a field day with the fact that on June 20, 2016, around the time that Cambridge Analytica began working for Trump, a Trump organization server began communicating regularly with an Alfa Bank server in Moscow, and that there is at least a real estate connection between Vincent Tchenguiz, who had been the largest shareholder of Cambridge Analytica’s parent company, SCL, and Mikail Fridman, the co-founder of Alfa Bank.)

Computer models get stronger, and more robust, the more information they have. It is likely that no one knows this better than the major Trump donor Robert Mercer, who was a central architect of IBM’s Watson artificial intelligence engine before he became a hedge fund billionaire, Breitbart investor, and primary owner of Cambridge Analytica. Quantity is what leads to quality, as more data points are added, and as new data confirms or corrects what is already known. Cambridge Analytica’s 5,000 data points on 220 million Americans comes from both commercial and public sources. While all of it may be useful to a political campaign whose major task is to find likely supporters and convince them to show up on election day, according to the political scientist Eitan Hersh, the most useful of all are “the identifiers stored in public registration databases that signal a person’s [party] affiliation or primary history.” These are the most predictive of “persuadables”—the holy grail of campaigns, and in Trump’s case, the people who were crucial to his victory. 

Voter registration information is available, either for free or, more likely, for sale, in every state, though what those files contain, and who is able to access them and for what purpose, differs from state to state. For example, according to, thirty states collect a full or partial social security number from each registrant, but only one state supplies that number to secondary sources. Eleven states record driver’s license numbers, but six redact it. Some states, like Illinois, only allow candidates access to the voter files, and they may only be used for non-commercial purposes. In Minnesota, however, anyone can purchase voter information as long as it’s not for commercial use, but the files will not contain a person’s date of birth, driver’s license number, military ID, or passport number. Perhaps most crucially, Wisconsin, where Trump won by 22,177 votes and Michigan, where he won by 10,704, are among the states, according to Hersh, that do not release party affiliation or primary voting histories—the very information that, he argues, is most valuable to a campaign.

It is precisely because the publicly available voting records differ from the full records maintained by each state that we should hardly be reassured by the fact that, according to the Department of Homeland Security, the persistent attacks on American voter registration systems of twenty-one states did not, apparently, result in the subversion of vote tallies during the election. So far, DHS has refused to name the affected states or the extent of the intrusions. However, a report from the Board of Elections in Illinois, one of the few states to document an attack, stated that its voter registration system recorded five attempts per second every day between June and mid-August 2016 to gain access to its database. In most ways a failure—none of the records were changed or deleted—the hackers nonetheless were able to steal 90,000 voter files. While the attacks on Illinois and the other twenty states may be a prelude to something more nefarious in the future, it would be short-sighted to assume these hacks had no consequences in this election cycle. To put it as simply as possible: Russia’s hacks of the Democrats could have yielded information far more valuable than John Podesta’s email musings. They could have provided Russia, and then potentially the Trump campaign, with priceless information about which voters were most likely to be persuaded to vote for Donald Trump, and which voters might be persuaded not to show up at the polls to cast a ballot for Hillary Clinton, information that may not have been available in other ways.


The theft of material from the Democratic Congressional Campaign Committee, though it received far less attention than the hacking of the DNC, may have offered a trove of particularly valuable data. In one of the stranger episodes of this election, a Florida political functionary and blogger named Aaron Nevins contacted the (alleged Russian) hacker Guccifer 2.0 requesting any information he may have obtained about Florida from his hack of the DCCC. Not long afterward, Nevins received 2.5 gigabytes of DCCC strategy documents, including the party’s voter turn-out analyses and get-out-the vote game plans in swing states. Nevins then posted some of the material on his blog and also sent a link to Trump advisor and king-maker, Roger Stone. (Stone was also in contact with Guccifer 2.0 himself.) According to Alexandra Berzon and Rob Barry, writing in The Wall Street Journal, “after studying the voter turnout models [stolen from the DCCC], Mr. Nevins told the hacker, “Basically, if this was a war, this is the map to where all the troops are deployed.”

Data is now the artillery of political campaigns. Its value cannot be overlooked or underestimated. (Nevins apparently told Guccifer 2.o that the information he supplied was “probably worth millions of dollars.”) As Brad Parscale explained to Fox News host Megyn Kelly last November, “the [Trump] data operation …I think for the first time in history… ran everything from TV buying to where we were on the ground to all of the different operations. And so, and having that data right there, we could start to where the persuadable targets are, get out the vote—everything we needed to know.” 

How they knew what they knew is what investigators should want to know, now, too.

New York Review + Paris Review covers

Save $168 on an inspired pairing!

Get both The New York Review and The Paris Review at one low price.

Already a subscriber? Sign in