Multiple sources confirmed to ABC News in recent days that both the efforts that slowed computer systems at the Health and Human Services Department Sunday night and the weekend rash of bogus text messages warning a national quarantine is imminent were the products of foreign actors or components of foreign governments or entities connected to them.
“We are seeing multiple disinformation campaigns right now,” said one federal official briefed on the situation.
The two types of cyber incidents are different, but both are aimed at sowing panic in the American population and feeding distrust in government, according to intelligence officials. Federal officials said the two most likely perpetrators are Russia and China, two nations with the sophistication, skill and desire to carry out such campaigns against the U.S.
Tune into ABC at 1 p.m. ET and ABC News Live at 4 p.m. ET every weekday for special coverage of the novel coronavirus with the full ABC News team, including the latest news, context and analysis.
In the case of the HHS incident, officials said outsiders deployed automated users — called bots — to target the public-facing computer system. A source familiar with the investigation into the incident told ABC News that it is thought to be either a widespread campaign to scan HHS systems for vulnerabilities, or possibly a “clumsy” attempt to paralyze public online systems with a flood of visitors, something called distributed denial of service, or DDOS.
“When you’re dealing with something like a denial of service attack on HHS during a pandemic, that’s a very grave action for another country to take,” Attorney General William Barr told The Associated Press Tuesday, confirming that an investigation is ongoing. “So, if it is another country doing this, I’m sure the ramifications will be severe.”
More insidious was the attack that began late last week in the New York City area and then broadened to Washington, D.C., Boston, Kansas and the West Coast where an entity infiltrated the cellphone MMS and SMS text-messaging system to send out realistic-looking warnings about an impending shutdown of public and government services because of the coronavirus outbreak.
Sunday afternoon, suspicious texts made their way to medical staff in at least one department of a top hospital the Boston area, according to a recipient there. The person who had passed it along to the department said they had received the original message from an out-of-state “friend,” who was described as credible and had received the message from elsewhere. Texts were also received by doctors in at least one major hospital in San Francisco and by some members of the military around the country.
In New York City, the messages spread like wildfire and told people to stock up on money and food because bridges, tunnels and mass transit would be shutting down.
By the weekend, messages were pinging cellphones all over the nation’s capital region saying that an unnamed friend’s brother had come out of a meeting and that the president was poised to enact a national quarantine within days. The message instructed recipients to share it — like a panic-inducing chain letter.
Late Sunday night, one official told ABC News, “It was a cyberattack — we’re trying to track and origin.” By Monday, the intelligence community, officials said, had determined the source was foreign and that the technique was sophisticated. The U.S. intelligence community is leading the effort to find the culprits; by law, agencies like the CIA are confined to working outside U.S. borders, making it clear that the government believes the perpetrators are connected to a foreign power.
The attacks also confirmed the fears that U.S. officials voiced as worries of the coronavirus spread through government in the last two weeks.
“So much focus has been on meddling in the election,” said one senior administration official involved in cyber defense. “The goal of [foreign attackers] is really just creating instability in society and trying to erode trust in a situation like this, to drive messages — frequently polar opposite messages — to incite distrust and anger.”
During a congressional hearing nearly two weeks ago, a top State Department official told members of the Senate Foreign Relations Subcommittee on Department Management that the Russians have been spreading disinformation aggressively in connection with the global pandemic.
Lea Gabrielle, head of the Global Engagement Center, told senators her agency’s recent analysis shows “accounts tied to Russia, the entire ecosystem of Russian disinformation has been engaged in the midst of this world health crisis. … It’s well known at this point that there are false narratives out there around coronavirus.”
At the same time, China’s government has been aggressively pushing propaganda that blames the West for the pandemic, though the virus was first identified in Wuhan, the capital of China’s Hubei province.
Officials at the federal Cybersecurity and Infrastructure Security Agency told ABC News that the government “has taken a number of steps over the last several weeks to increase cybersecurity preparedness across federal civilian agencies, including enhanced monitoring, issuing recommendations as agencies shift to telework, and identifying and protecting particularly important systems supporting COVID response efforts,” said spokeswoman Sara Sendek.
John Santucci and Mel Madarang contributed to this report.