Election interference is defined as an attempt by a government to influence an election in another country for political gain. Via covert and overt operations, both nation states and individuals have been able to accomplish regime change. The only thing that has changed in terms of foreign electoral intervention is the way current operations are conducted in a digital age.
The digital evolution has had a positive and a negative impact on election processes around the world. While information and news travel at a faster rate, the powers that be have leveraged this exposure for political gain and exploitation. The digital evolution of the election process has created a larger threat landscape than most anticipated.
Today, there are a few fundamental ways an adversary could digitally interfere with an election process. A malicious actor could interfere with an election through disinformation campaigns, information-based campaigns or disruptive attacks.
Disinformation campaigns can leverage social network bots to spam the world with misinformation to influence an array of people. Targeted disinformation campaigns make use of information and intelligence gathered from big data leaks and paid ad campaigns on social media platforms that target specific people and groups.
Information campaigns typically involve spear phishing and malware-based attacks designed to gain access to critical systems to either alter, leak or destroy the data. Normally, the malicious actors look to steal campaign strategies and sensitive information to manipulate, overstimulate and emotionally-compromise social media users. This is accomplished by targeting the personal/professional emails or social media accounts of election officials, campaign staff or volunteers so they can discredit and smear a targeted campaign at strategic moments. By compromising digital users with information, a threat actor can influence an election.
The other form of election interference comes in the form of disruption that can sometimes be caused by the majority party to silence their opposition. Attacks can range from disruptive calls and messages designed to flood campaign resources to malicious acts such as denial-of-service attacks on election-related website and reporting systems. Additionally, outages designed to impact power, water, internet, telephone and transportation services are used to cause chaos, project national instability and influence voters at critical moments.
The Upcoming U.S. Election
The threat landscape for the United States election has been quiet given the recent shifts in processes due to COVID-19. Recently Microsoft disclosed attempts by Russia, China and Iran to breach email accounts associated with the Biden and Trump campaigns. As election day approaches, tactics to influence shift from information campaigns to one of disruption and chaos.
With the changes to the election process this year, it is expected that denial-of-service attacks will likely be used to disrupt polling results as the US will likely not converge in an instant and uncontested result.
Disruptive attacks on the election process can have just as much impact on society as an disinformation campaign. The two are quite different but have the same result. In one, the actor floods users with (false) information hoping to manipulate and control the masses while the other limits or prevents information from being shared with the masses, resulting in panic and chaos.
From elections to revolutions, availability of information and the ability to communicate are critical elements, and inhibitors at the same time, of political society. Those looking to silence or limit the flow of information during an election process are often the same who are attempting to interfere with the election process.
For effective DDoS protection, Radware recommends the following:
- Hybrid DDoS Protection – On-premise and cloud DDoS protection for real-time DDoS attack prevention that also addresses high volume attacks and protects from pipe saturation
- Behavioral-Based Detection – Quickly and accurately identify and block anomalies while allowing legitimate traffic through
- Real-Time Signature Creation – Promptly protect from unknown threats and zero-day attacks
- A Cyber-Security Emergency Response Plan – A dedicated emergency team of experts who have experience with Internet of Things security and handling IoT outbreaks
- Intelligence on Active Threat Actors – high fidelity, correlated and analyzed date for preemptive protection against currently active known attackers
Radware also recommends the following web application security essentials:
- Full OWASP Top-10 coverage against defacements, injections, etc.
- Low false positive rate – using negative and positive security models for maximum accuracy
- Auto policy generation capabilities for the widest coverage with the lowest operational effort
- Bot protection and device fingerprinting capabilities to overcome dynamic IP attacks and achieving improved bot detection and blocking
- Securing APIs by filtering paths, understanding XML and JSON schemas for enforcement, and activity tracking mechanisms to trace bots and guard internal resources
- Flexible deployment options – on-premise, out-of-path, virtual or cloud-based
To read the full alert on this, click here.