The hackers chose their targets carefully, such as Clinton campaign manager John Podesta, and in some cases succeeded simply because of lax security hygiene.
"Had John Podesta had two-factor authentication the last month of the campaign would have looked very different," Mandia said.
Hacking social media with fake news
Watts described an elaborate and coordinated campaign that through a mix of human and computer-driven activity published and promoted fake news stories, propelling that content to the top trending lists on popular social media platforms thanks in part to armies of bots with profiles carefully crafted to match a target demographic, such as middle-class voters in a swing state like Wisconsin.
As those stories began to go viral on social media, ideologically driven news sites would pick them up, and sometimes mainstream news outlets would address them, as well, Watts said. As stories of nonexistent terrorist attacks, unfounded claims of voter fraud and other fictions built a critical mass, many internet users accepted them as legitimate news stories.
The Russian effort to skew the election, a digital update of a longstanding espionage and disruption strategy known as "active measures," succeeded in part because the winning candidate was all-too-eager to amplify some of the spurious claims, according to Watts.
"Part of the reason active measures have worked in this U.S. election is because the commander-in-chief has used Russian active measures at times against his opponents," he said. "He's made claims of voter fraud, that President Obama's not a citizen, that, you know, Congressman Cruz is not a citizen. Part of the reason active measures works, and it does today in terms of Trump Tower being wiretapped, is because they parrot the same lines."
But those efforts, while at the time executed in service of electing Trump, could just as easily swing the other way, depending on where the Russian interests lie.
"They might go after a Republican person in this room tomorrow and then they'll switch. It's solely based on what they want to achieve in their own landscape, whatever the Russian foreign policy objectives are," Watts said. "Let's say president Trump wins and turns against [Russia]. They will turn on President Trump as well. They win because they play both sides."
A Consumer Reports for fake news?
He suggested that Facebook, Twitter and other social media sites could band together to form a sort of rating system to help consumers understand the quality of information found on various sites. He proposed that the internet community could adopt the model of Consumer Reports, offering easy-to-understand rankings that would help users determine which news sites are credible.
In the meantime, the Russian interference in the election raises crucial diplomatic and foreign-policy questions, according to Gen. Keith Alexander (Ret.), the former director of the National Security Agency and U.S. Cyber Command, who now serves as president and CEO of IronNet.
Alexander called for a "quiet engagement" with Russia on the subject of the 2016 hacking, with U.S. diplomats confronting their counterparts with evidence of the interference, while also calling on lawmakers to advance a broader cyber doctrine that would establish protocols for responding to attacks from foreign nation-states.
"If there were a massive attack, we'd have to go back and get authority to act, where if it were missiles coming in we already have rules of engagement, so I think we need to step that up as well," Alexander said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.