Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Post-Election Day: US on Guard for Hacking, Misinformation

Time is Ripe for Interference, But US Projects Confidence
Post-Election Day: US on Guard for Hacking, Misinformation
Photo: Gaby via Flickr/CC

After weeks of rising anxiety, Election Day proceeded in the U.S. with no public indications of interference. But experts say misinformation campaigns are still likely, and there’s plenty of time for malicious activity as the vote tallying proceeds.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

U.S. officials, who have been closely tracking the rising cyber activity by Iran and Russia, have been warning that some states will not have final tallies for days or weeks later due to voluminous mail-in ballots cast due to the COVID-19 pandemic. That opens a door for miscreants seeking to cause doubt whether the outcome is legitimate.

Christopher Krebs, the director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, tweeted on Tuesday that now is the "prime time" to expect to see four types of disruptive attacks.

U.S. voting infrastructure is distributed and decentralized, and experts say it’s unlikely that foreign actors could influence vote tallies in a significant way. But there are a variety of other types of attacks that could inject anger and doubt into what has been a volatile and messy campaign.

After 2 a.m. Eastern Time on Wednesday morning, President Donald Trump claimed at a news conference at the White House: “Frankly, we did win this election.” At that time, Trump was just a handful of votes behind Democratic candidate Joe Biden in the Electoral College.

“Millions of people voted for us tonight, and a very sad group of people is trying to disenfranchise that group of people, and we won’t stand for it,” Trump said.

Trump implied that continuing to count votes that might overturn his early lead in key states such as Georgia, Michigan and Pennsylvania would amount to fraud. He said his administration would petition the Supreme Court, saying it wanted all voting to stop.

“This is a major fraud on our nation,” Trump said.

Misinformation Kicks Off

As Krebs notes, misinformation includes that which is spread on social media, distributed denial-of-service attacks against state and county election websites or defacement of those sites. It’s also possible that legitimate demand for election websites could cause those sites to not function properly, which could incorrectly raise suggestions those sites were attacked.

There’s also always a chance of ransomware throwing a spanner in the works. In early October, Hall County in Georgia saw a voter database that’s used to confirm ballot signatures get infected. Election officials use those signature databases to verify mail-in ballots (see: Ransomware Knocks Out Voter Database in Georgia).

The lowest-hanging fruit is misinformation and doubt spread on social media, says Saryu Nayyar, the CEO of security vendor Gurucul. “Social engineering is much easier than performing a technical attack against infrastructure,” she says.

Facebook, Google and Twitter have developed new policies for dealing with misinformation. Facebook, which owns Instagram, is displaying a Voter Information Center within its apps that directs people to Reuters for authoritative information about election results.

Facebook has said that if violence breaks out in the U.S., it will use at-risk tools it has used in other places such as Sri Lanka and Myanmar. That includes a stricter content banning policy and slowing the viral spread of posts. Facebook has also banned all new political ads after Election Day, although ones that have already been approved can still run.

Google is blocking certain auto-complete suggestions for searches about the election. At the top of search results, it is also directing people to the Associated Press and Democracy Works, which is a nonpartisan nonprofit organization that provides information on how to vote.

Twitter has stepped up its efforts to ban or label misleading election posts, including some that suggest without proof that mail-in ballots pose risks of fraud. Twitter altogether banned political advertising last year.

It was clear Twitter was taking action on Tuesday. As an example, it added a labels to several posts by Mike Roman, who is Trump’s director of election day operations.

In one tweet, Roman posted a video of a woman who claimed that when she went to vote in Pontiac, Michigan, someone approached her with a completed sample ballot favoring Democrats and gave her $5.

Twitter added a label at the bottom of the post: “Learn about US 2020 election security efforts.”

Roman also tweeted an allegation of illegal campaigning inside a Philadelphia polling place, claiming the photos showed Democrats were stealing the election.

Philadelphia’s District Attorney’s Office took issue with another Roman tweet, which implied that an election poster favoring Democrats was too close to the polling area. The DA's Office said it had investigated and concluded Roman’s tweet was “deliberately deceptive.”

Behind the Scenes

From a cybersecurity perspective, the election may seem calm. But that doesn’t mean there isn’t offensive and defensive activity going on behind the scenes that could become public later.

“It's almost certain that attacks are underway now against the voting infrastructure and communications channels,” Nayyar says.

The chief suspects have been Iran and Russia. The U.S. government has tied Iran to an email campaign last month that sent thousands of intimidating emails to registered Democrats advising them to vote for Trump "or else."

The FBI and the Cybersecurity and Infrastructure Security Agency have released more details about the email campaign, adding that the Iranian group successfully obtained voter registration data from at least one state that it did not identify (see: Election Interference: Feds Detail Iran's Alleged Campaign).

Also, the FBI and CISA warned that Russia had exfiltrated data from two servers belonging to local government agencies, although it did not identify those affected. The Russian group is a long-known group called Berserk Bear or APT 28. It’s believed to be run by Russia's Federal Security Service, which is known as the FSB (see: US Officials Blame Data Exfiltration on Russian APT Group).

Tom Kellerman, head of cybersecurity strategy at VMware, and who served as a cybersecurity adviser to former President Barack Obama, says the warning about Berserk Bear was “unprecedented.” That shows “our watchers on the wall are in hand to hand combat with Russian cyber militias," he says.

“Unlike 2016, the [U.S.] Cyber Command, CISA and the FBI are successfully thwarting this malign influence operation,” Kellerman says.

Indeed, U.S agencies have been projecting confidence. Gen. Paul M. Nakasone, director of the National Security Agency and commander of U.S. Cyber Command, tweeted late Tuesday that the agencies “are working around the clock to defend our nation, making it harder for adversaries to conduct malicious cyber campaigns.”

Managing Editor Scott Ferguson and News Editor Doug Olenick contributed to this report.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.