Nearly a year after Russian government hackers meddled in the 2016 U.S. election, researchers at cybersecurity firm Trend Micro zeroed in on a new sign of trouble: a group of suspect websites.
The sites mimicked a portal for U.S. senators and their staffs. Emails to Senate users urged them to reset their passwords — an apparent attempt to steal them.
The attempt to infiltrate the Senate network and others reported recently point to Russia's continued efforts to interfere in U.S. politics, which Moscow official denies. There is no clear evidence, experts said, of Kremlin efforts specifically designed to disrupt elections in November.
Still, "we fully realize that we are just one click away of the keyboard from a similar situation repeating itself," Dan Coats, the director of national intelligence, said in July.
Michael McFaul, architect of the Obama administration's Russia policy, has said he believes Russian President Vladimir Putin perceives little benefit in major disruption now, preferring to keep his powder dry for the 2020 presidential contest.
Experts said it is too late to safeguard U.S. voting systems and campaigns this election cycle. Trump's recent decision eliminating the White House cybersecurity coordinator's post confirmed his lack of interest in countering Russian meddling, critics say. Congress has not delivered any legislation to combat election interference or disinformation.
But there is time to take stock of interference that has come to light — and to assess the risks of what we don't know.
In mid-2016, hackers got into Illinois' voter registration database. Special counsel Robert Mueller's indictment of a dozen Russian intelligence agents this July said the hackers had stolen information on 500,000 voters.
It is the most notable case of foreign tampering with U.S. election systems made public. There has been no evidence of efforts to change voter information or tamper with voting machines, but experts caution hackers might have planted unseen malware in systems that could be triggered later.
"My unofficial opinion is that we're kind of fooling ourselves if we don't think that they tried to at least make a pass at all 50 states," said Christopher Krebs, the undersecretary for critical infrastructure at the Department of Homeland Security.
Before the 2016 general election, Russian agents sent spear-phishing emails to 122 state and local elections officials who were customers of election software vendor VR Systems. At least 21 state systems were probed by the same Russian unit, officials said. But federal officials have moved slowly to share intelligence. As of mid-August, 92 state election officials had been given clearances.
Much of the machinery used to collect and tabulate votes is antiquated, built by a handful of unregulated and secretive vendors, the outdated software highly vulnerable to attacks, researchers say.
"If someone was able to compromise even a handful of voting machines I think that would be sufficient to cause people to not trust the system," said Sherri Ramsay, a former National Security Agency senior executive.
Democratic Sen. Claire McCaskill of Missouri, seeking re-election in a state that voted overwhelmingly for Trump, provided little detail in July when an attempt by Russian hackers to infiltrate her campaign came to light.
"While this attack was not successful, it is outrageous that they think they can get away with this," McCaskill said.
The failed hack, which included an attempt to steal the password of at least one McCaskill staffer through a fake Senate login website identified by Microsoft, is the most notable instance of attempted campaign meddling by Russia made public this year. Microsoft executives said recently that the company had detected attempts by Russia's GRU military intelligence agency to hack two senators.
Since mid-2017, the group behind that attempt has aggressively targeted political groups, universities, enforcement agencies and others, according to TrendMicro.
"Russian hackers appear to be broadening their target set, but I think tying it to the midterm elections is pure speculation at this point," said Michael Connell, an analyst at the federally funded Center for Naval Analyses in Arlington, Virginia.
Eric Rosenbach, assistant secretary of defense for global security during the Obama administration and now at Harvard, said Russian intrusion that has come to light may be only a tip to larger, hidden schemes.
"There probably have already been compromises of important campaigns in places where it could sway the outcome or undermine trust in the election," Rosenbach said. "We might not see that until the very last moment."
By the time a group called "ReSisters" began organizing a rally against white nationalism, it had spent a year sharing left-wing posts. But in late July, Facebook shut down ReSisters' account and 31 others that researchers said echoed Russian troll operations before the 2016 election.
Since 2016, we've learned much more about social media infiltration. House Democrats' May release of thousands of ads placed on Facebook by Russian agents revealed a deliberate campaign to inflame racial divisions in the U.S. Tech companies say they are working hard to combat such behavior.
But companies must be forced to act faster against such campaigns and be more accountable, said Dipayan Ghosh, who has worked at the White House and Facebook on tech policy and is now at Harvard.
It is difficult to assess the threat of Russian disinformation efforts. In 2016, the greatest damage was done by hacking and leaking emails from Hillary Clinton's campaign and Democrats' national organization, widely reported by the news media. But comparatively few saw individual pieces of misinformation on social media, making it unlikely they swayed many votes, said Brendan Nyhan, a University of Michigan political scientist.
Still, it is clear the Russian efforts have stirred others, like Iran, to try similar strategies, with long-term goals of influencing U.S. politics.
"We can't just think in the context of the next election," said Lee Foster, manager of information operations analysis at the cybersecurity firm FireEye. "It's not like this goes away after the midterms."