So far, 2020 has been anything but uneventful when it comes to election processes around the world. From disruptive DDoS attacks to influential campaigns, several countries have already experienced election interfering cyberattacks this year. So, as we head into October, I figured now might be a good time to cover some of the recent alerts and threats related to the upcoming presidential election in the United States.
FBI PIN: 202000204-001
Potential Distributed Denial of Service Attack against State-level Voter Information Website.
This was one of the first election-related alerts for the 2020 election. Back in February, the FBI reported a potential risk for DDoS attacks against state-level voter information websites. This Private Industry Notification came after an undisclosed attack was observed. The threat specifically covers state-level voter registration and voter information websites. These websites experienced a denial-of-service attack known as a DNS Recursive Flood or Pseudo-Random Subdomain Attack (PRSD). The attacks are reported to have been persistent, lasting up to a month, with attacks in two-hour intervals peaking at 200,000 DNS requests during a period that normally would see 15,000 requests.
In September, Radware published an assessment of recent DDoS attacks related to election processes around the world. Throughout the year, several countries have experienced service degradation caused by Denial-of-Service attacks during their election processes. Typically, voting machines were not directly targeted during these attacks. Instead, malicious actors targeted the election infrastructure, reporting websites, and the ISPs themselves. These attacks were specifically designed to delay information such as polling results or to project political instability at a critical moment.
One of the biggest issues about the election process is the digitalization of the process. With the introduction of technology came a threat landscape that grew larger than some anticipated…or could control. For example, for a Denial-of-Service attack to be successful, there must be a large number of users who are dependent on a service, like digital polling results.
Come November 3rd, 300 Million Americans will be refreshing their browsers all night long trying to load the most recent election results. This bottleneck and peak of traffic on its own could cause a naturally DDoS attack for polling sites on election night. If the malicious actor’s goal is to spread disinformation regarding the 2020 election results, an attack designed to delay or disrupt election results could easily be launched given the increased volume of natural traffic and would cause chaos, driving Americans to look for other unofficial results that might be part of information operations.
Alert Number: I-092220-PSA
On September 22nd the FBI and CISA announced in a bid to raise awareness for a potential threat targeting the United States election in November. The FBI and CISA are concerned foreign actors and cybercriminals will attempt to spread disinformation regarding the 2020 election results. The agencies suspect the increased use of mail-in ballots due to COVID-19 protocols could leave election officials without a complete result on election night. Malicious actors will likely leverage this opportunity to spread disinformation regarding the 2020 election results, voter suppression fraud, or cyberattacks targeting election infrastructure.
Regardless of what happens on November 3rd, not only will foreign actors and cybercriminals attempt to spread disinformation regarding the 2020 election results, but American political radicals might also attempt to spread disinformation about results, suppression, and cyberattacks in an attempt to cast doubts on the legitimacy of their defeat.
One of the major concerns about these alerts and announcements is how they can be chained together. For example, if malicious actors launched a DDoS attack and disrupted polling results, it would give others, or themselves, an opportunity to begin spreading disinformation regarding the 2020 election results or casting doubt about the legitimacy of the election itself.
Alert Number: I-092820-PSA
A week later the FBI and CISA issued another announcement on September 28th related to the upcoming election. This time the FBI and CISA are trying to raise awareness about the potential threat posed by attempts to spread disinformation regarding cyber-attacks on the US voter registration databases or voting systems. The agencies report that during the 2020 election season, foreign actors and cybercriminals have been spreading false and inconsistent information through various online platforms in an attempt to manipulate public opinion, discredit the electoral process, and undermine confidence in U.S. democratic institutions. Specifically, narratives suggesting that voter registration data has been “hacked” or “leaked.”
In the report, the agencies noted that voter information can be purchased or acquired through publicly available sources. While most of this is known, the biggest concern regarding leaked data is that of political leaders. This kind of data is often dumped weeks before an election and used in disinformation campaigns designed to influence swing or non-voters.
In general, I think it’s safe to say the United States will likely not converge on an instant and uncontested result this year and many doubts will be cast about the legitimacy of the election. Overall, the threat landscape for the United States election has been fairly quiet when compared to 2016. The main concern at this point, as we approach election days, is whether or not we will experience election interfering cyberattacks designed to disrupt the election process and projection political instability as we get closer to November 3rd.
How to Prevent These Threats?
While many are concerned about nation-state disinformation campaigns, I’m growing more concerned about Information Operations becoming more localized. By this, I mean I’m concerned that foreign actors will soon have to compete with mentally and technically savvy voters inside the country they are attempting to target. And while most think election interfering cyberattacks are complicated, I welcome them to read about how Andrés Sepúlveda rigged elections in multiple Latin American for decades. As we evolve, these Tactics, Techniques, and Procedures used to interfere, and rig election will eventually become leveraged by the average voters themselves.
There is no way around it. Humans are the low hanging fruit for election hacking and information campaigns can only be successful if people fall for them. At the core, the problem is we currently live in a period where people overshare their personal, political, and religious viewpoints. This wealth of information can and will be used against them at some point.
Bottom line: If you expect privacy and expect that no one will attempt to manipulate you based on your digital footprint, you likely shouldn’t engage in open political discussion on social media.
I’ll leave off on a final lesson in OPSEC and how to prevent influential campaigns from impacting you during this election. Limit what you share online. Sometimes we feel empowered to change and influence other’s political point of view, while we are the first to scream and complain about election interference. In general, those that wish to influence do not want to prevent you from oversharing, they will encourage you to speak up and express opinions to expose you and make you vulnerable… so eventually they can flip the coin an influence you.
If they do not know your position, and you do not overshare, attempts at influencing you will become powerless.