In an attack earlier this year, Iranian hackers allegedly stole an internal Republican campaign document containing information about vice presidential candidate JD Vance. They then tried to leak this information to the media, presumably to damage the Republican campaign. But the advocacy campaign failed. Media reported on the Iranian cyber attack instead of on the leaked data itself. It was in the summer.

Before the election, experts feared that foreign states would launch additional combined actions of this kind in the United States, creating confusion. In 2016, the Russians successfully conducted a similar hack-and-leak operation targeting Democratic Party emails. The authorities and media in the United States were overwhelmed.

But no such spectacular operations emerged during the 2024 election season. John Hultquist is a principal analyst at the cybersecurity firm Mandiant, now part of Google, and has studied digital influence and global threats for years. He has a few theories as to why the situation was different this year.

Editor’s Note: This interview has been edited for brevity and clarity.

Mr. Hultquist, the American election is now over. How significant were the efforts of foreign states to influence the process through disinformation or cyber attacks?

These did not have the same effects as we have seen in previous election years. I suspect some of that was due to preparation, and potentially also some of the activities being disrupted. At Mandiant, for example, we’ve tracked down the Russian and Iranian groups we know are responsible, and we’ve put additional protections in place for our customers. We believe that this may have made it more difficult for these actors to operate. Much of this activity is more difficult to accomplish when people are alert and looking for it.

What kind of contribution did the authorities make?

The government was more active than ever in immediately recognizing these acts and calling them out. In many cases before, it would take the government years to go and identify the business. There was probably a lot of discomfort with intelligence operations talking publicly about other intelligence operations. It was no ordinary activity. But for so much of this business, for it to be successful, it depends on our ignorance. So for the government to call these things out immediately and shine a light on them, I think this really hampered their ability to operate effectively.

You and other experts expected that there could be more attacks and influence attempts, especially just before or on election day. But it remained relatively quiet.

I think we definitely expected to see some activity that we ended up not seeing. There are actors, such as some Iranian actors, who have a history of running campaigns at the last minute. We didn’t see that. There could be many different reasons for that, but it’s ultimately good news.

What is the reason for this? Is it because defense mechanisms were so well set up this time? Or didn’t even the foreign states try?

I think potentially both. These actors are definitely under a ton of scrutiny. We take action and our peers take action against them regularly. It’s really hard to be successful under those circumstances. If you think about it this way, what they’re aiming to do is essentially be an influencer. And it is already difficult. They are trying to get more exposure to more people. But at the same time they try to hide the fact that they are secretly associated with governments or intelligence organizations. The more exposed they are to the world, the greater the risk they face of being caught. It is an ironic problem at the heart of their business. That makes it really tough.

In the past, Russian and Iranian groups have been better able to carry out such operations. Is it because the authorities and security companies were less active then?

In 2016, there was not as much experience in this business. They simply had a better opportunity. It’s much, much harder now. We constantly see businesses that have enormous amounts of resources. They spin up all these fake accounts and stories and things like that, and then they get shut down before they’ve really talked to anybody. It has become quite common.

Before the vote, artificial intelligence tools were seen as a major threat to influence the election. How important was AI to the attackers?

I think we saw some examples of that. But I don’t think it was the game-changing ability that many suspected it would be. The big lesson here is that AI or content isn’t really where these actors struggle.

What do you mean?

They have always been able to fake things. There are other methods of doing it that have been around for a long time. The obstacle has always been getting exposure to a lot of people. We see many influencer operations efforts operating without any follow-through. The actors are active on social media platforms, but what we generally see with many of them is that they are unable to break into the mainstream. There are some cases where it appears that they have leveraged a third party to amplify their messages and even launder their messages. In these cases, they may have been more successful. But ultimately, the lesson here is that the big hurdle is breaking into the mainstream. It’s very competitive, and it’s probably never more competitive than in the final days of an election cycle.

In September, US authorities revealed a media company in the US that had been financed by Russia, and had been paying right-wing influencers. Is this the procedure you are referring to?

I will say that historically in many different cases we have seen for example Russian actors fail to get the notoriety or the exposure they are looking for. They then make attempts to move their story through journalists, or as in 2016, through leak sites and such avenues. It’s a fairly standard procedure. In many cases, it may be the only way for them to get the effect they are looking for.

But it did not succeed in this election campaign. When Iranian actors leaked an internal republican document to several media outlets, this did not have the desired effect. Have the foreign attempts to influence the US election campaign had any effect at all?

It is notoriously difficult to measure the impact of those types of operations. But not many things have gotten bigger. And even those who did were a drop in the bucket. It is hard to imagine how these barely noticed operations were effective.

Was it an exaggeration to claim in advance that foreign influence operations could be dangerous?

That’s a really important part of this. I think we need to take this seriously. But we must also be careful not to do their work for them. In the end, they try to sow doubt about an election. If we overhype their threat to the election beyond what is realistic, we may find ourselves the ones planting doubt. It could be to their advantage, or maybe even part of their design.

What can we expect between now and Donald Trump’s inauguration in January?

There are a couple of things to keep in mind. I think our main problem would be intelligence. A new administration is formed. They will almost certainly have different foreign policies. And foreign intelligence agencies want insight into that policy. They will leverage their cyber espionage assets to gain that insight. So the game may change, but it’s still ongoing, unfortunately.

Latest articles

Global reporting. Journalism of Swiss quality.

In today’s increasingly polarized media market, Switzerland-based NZZ offers a critical and fact-based view from the outside. We are not in the latest industry. We offer thoughtful, well-researched stories and analysis that go behind the headlines to explain relevant events in the US, in Europe and around the world. To produce this work, NZZ has an industry-leading network of expert reporters around the world who work close to our main newsroom in Zurich.

Sign up for our free newsletter or follow us further Chirp, Facebook or WhatsApp.