Over 160 million Americans just voted in the 2020 presidential election. Not only did this recent U.S. election command the most votes in the nation's history, and it also had the second-highest voter turnout. Almost 67 percent of all eligible voters mailed in ballots or turned up at the polls. For the history buffs, in 1900, over 70 percent of voters re-elected President McKinley to his second term.
As President Trump faced off against former Vice President Biden, election officials worked hard to ensure the public that the U.S. election remained secure. According to CNET, Chad Wolf, the acting secretary of the Department of Homeland Security, spoke on election day to assure the public that cybersecurity experts remained on high alert to protect election infrastructure and integrity.
Even with federal agencies and their partners guarding the election, plenty of stories about cyberattacks, disinformation campaigns, and other attempts to damage voting integrity have made the news from this and previous elections. Naturally, this sort of election news raises concerns. Here at RedTeam, we would like the chance to answer some common and timely questions about election cybersecurity.
According to the Department of Homeland Security, the agency works with vendors, the federal government, and state or local election officials to protect critical infrastructure. They define this election infrastructure to mostly include:
Some security measures include sensors on voting networks that will alert them to attempted cyber attacks and a policy of patching vulnerabilities immediately. They also hold periodic meetings with local election officials to brief them on potential or recent threats.
The DHS does not provide election security for non-governmental bodies, like campaigns or political action committees. For instance, Microsoft stated on their blog that they detected attempted attacks against both Republican and Democratic campaigns.
The DHS also does not explicitly focus upon disinformation campaigns, such as when foreign agents attempt to sow misinformation through social media. At the same time, the Department of Defense has been working with the State Department to curb this dangerous nuisance at the federal level.
Laura Cooper serves as the assistant secretary of defense for Eurasia, Ukraine, and Russia. She admitted that this issue could interfere with official attempts to provide accurate news. Other potential nation-state sources of disinformation may include China and Iran. As an example, the DoD reported that news stories that claimed the U.S. caused the coronavirus came from Iranian disinformation campaigns.
According to the Federal Bureau of Investigation, they focus upon such federal crimes as election officials abusing their office, false voter registrations, and voter suppression.
Both the FBI and the Cybersecurity and Infrastructure Security Agency, or CISA, emphasized that digital criminals have no way to change votes. At the same time, they believed the biggest threats to U.S. election security included influencing voters in a deceptive way that might either keep them from voting or convince them to participate in an illegal election scheme.
These are a Couple of Examples:
Shortly before the election, Wired Magazine covered a press conference offered by the country's top security officials. They announced that, in spite of all precautions, both Iranian and Russian hackers had obtained voter registration data. The hackers used this information to spread election misinformation.
That sort of thing isn't new, but the incident troubled security officials even more because it was only one of many such events that had occurred that week, despite the best effort of the government and its partners. With that in mind, consider the main types of events that concern the government, other political organizations, and of course, the voting public.
In the past year, ransomware attacks have struck local governments in Baltimore, Atlanta, and even dozens of smaller towns in Texas. Because they're so common, these kinds of cyberattacks top the list of official concerns over voting. In theory, a ransomware attack could paralyze voting, either because the attackers hope to profit or simply wants to deter voting.
In 2016, foreign hackers managed to penetrate voter registration databases in multiple counties. In the worst case, they even changed voter data in one California county, which caused confusion when some of those voters were turned away at their normal polling places.
Though probably not caused by malicious parties, slow connections generated long lines for Georgia's early voting. If it's intentional or not, connectivity problems can slow and discourage voting.
So far, officials have put down the few discrepancies between voter intention and actual votes to software bugs or human error. Still, it's a nightmare scenario that has some security experts concerned.
Although the government invests quite a bit into ensuring the security of voting machines, the results get posted to various state websites and then reported to news organizations. If a cyberattack targeted some of these sources of information, it might get resolved easily but could also damage faith in both the integrity of election results and the attacked organization.
As an example, pro-Russian hackers did exactly this to Ukraine's Central Election Commission site. Not only did they show fake results, but Russian media also published those numbers, which sowed even more confusion.
A DDoS attack can freeze computer systems and websites. In 2016, officials entertained concerns that pre-election botnets were trial runs to target campaign or election websites during the actual election. Luckily, the FBI said that threat did not materialize in this country. Still, DDoS attacks did freeze up UK websites for two political parties during an election.
Besides the IT infrastructure, the voting process also relies upon electricity, plumbing, and other infrastructure. On a positive note, attacks like this remain very rare in the world. Still, accidental problems can and have happened, such as typical power outages, construction mishaps, or even transportation problems.
In 2016, stories about leaked emails from the Democratic National Committee made the news for months and still haven't left the public consciousness. More recently, outlets published news about claims of hacked emails from Hunter Biden.
Spreading misleading information may pose one of the most pervasive threats to elections. Some examples could include social media posts or emails with inaccurate information about polling procedures, mail-in ballot rules, or even election dates and deadlines. The FBI has issued a warning that hackers may use such typical phishing tactics as spoofing official websites and emails.
The Stanford Internet Observatory published a recent oped on the Washington Post that talked about the way Russian operatives used real documents — like stolen emails — to promote a narrative about the 2016 election. While they called the effective campaigns that used actual documents to support them deepfakes, they referred to the recent rash of forged documents that circulated in 2020 cheap fakes. Either way, these stories got widely circulated as part of an effective disinformation campaign.
The most famous example of a social media threat came from North Korea. The hackers used images of 9/11 to threaten theaters against showing a comedy they found disparaging. In response, the studios canceled the release because theaters refused to risk showing it.
Security analysts have long had concerns that the same tactics would also work against campaign rallies, election sites, and similar events. This year, emails and posts claimed to originate with a white supremacist organization and threatened voters in key states. Intelligence experts traced these messages to an Iran-based organization.
Many states have allowed mail-in ballots for years, mostly for absentee voting and for the disabled or elderly. Because of the COVID pandemic, many states also adopted more flexible vote-by-mail rules in 2020. Despite some recent criticism, Fortune reported that they really hadn't been a major source of fraud because U.S. election authorities have well-tested systems for verifying mailed ballots.
Mostly, mailed ballots may slow down vote counting. They also tend to get rejected more frequently for such issues as missed signatures, late arrival, and other errors.
While governments may first focus on protecting voting systems, serious threats to the overall election process may include malware, misinformation, hacked reporting sites, or even critical infrastructure. Though government agencies keep a sharp eye on official election systems, they don't and probably can't monitor every social media page, email, or campaign database.
Here at Red Team, we perform comprehensive penetration testing to ensure both digital and physical security to uncover vulnerabilities and provide effective solutions. To stay ahead of threats to election cybersecurity, call us at 612-234-7848 or schedule a free consultation online.