If historical past has something to inform us, probably the most important cyber menace to this 12 months’s elections will not be a leak, a distributed denial-of-service (DDoS) assault, or a pretend information video. As an alternative, will probably be some mixture of those or extra.
In our on-line world’s salad days, hackers brought on all types of fuss utilizing easy, direct strategies: hiding viruses in commercials, hacking web sites with simply guessed passwords, and so forth. Whereas that also occurs, attackers usually should get extra inventive by chaining a number of techniques collectively with the intention to obtain their targets, because of higher cybersecurity consciousness and protections.
So too with elections. In 2006, aides to Joe Lieberman’s presidential marketing campaign needed to resort to their private emails when a DoS assault froze their IT methods. A decade later, famously, got here the Podesta e-mail leak. Now, in accordance with Mandiant, a part of Google Cloud, probably the most potent threats to the democratic course of are chained assaults.
“In the most significant cyber incidents targeting elections that Mandiant has tracked, threat actors have deliberately layered multiple tactics in hybrid operations in such a way that the effect of each component magnifies the others,” the agency wrote in a brand new report.
Mixture Election Assaults
One case research Mandiant pointed to occurred in 2014 when Ukraine’s presidential elections have been interrupted by a Russian cyber onslaught, following the ouster of its pro-Russian president Viktor Yanukovich, and Russia’s invasion of Crimea.
Per week earlier than election day, Russian actors hiding behind the hacktivist moniker “Cyber Berkut” struck web sites regarding NATO and Ukrainian media retailers with DDoS assaults. That set the stage for when, with 4 days to go, the identical pretend hacktivist group broke into the nation’s central election computer systems and deleted information and rendered the vote tallying system inoperable.
A day later, they added to the chaos by breaking extra election infrastructure, then leaking the emails and paperwork saved there to the broader Web. Lastly, simply 40 minutes earlier than election outcomes have been to be broadcast to the general public, the nation’s Central Election Fee reportedly eliminated some form of virus that was designed to current pretend leads to favor of the far-right, ultra-nationalist candidate.
This excessive model of mixture cyber warfare might need solely occurred in a rustic experiencing such upheaval, however different chained cyberattacks have struck more-stable democracies since.
In 2020, two 20-something Iranian nationals carried out a marketing campaign towards a number of US states’ voting-related web sites. They managed to acquire confidential voter info from not less than one among them, which they used to ship intimidating and deceptive emails, together with by spreading a video with disinformation about election infrastructure vulnerabilities. In addition they breached one media firm, which, because the Division of Justice famous, might have supplied them one other channel by means of which to disseminate their false claims.
“Leaks are particularly powerful. Potentially more powerful when boosted through the compromise of legitimate media,” says John Hultquist, chief analyst with Mandiant Intelligence at Google Cloud.
The breach/pretend information ploy is a potent concoction. “These disinformation efforts are often orchestrated by state-backed entities from nations such as China, Russia, and Iran,” warns Madison Horn, herself a 2024 candidate working for a congressional seat in Oklahoma’s fifth district. “Their impact is undeniable, as seen in instances like Russia’s involvement in the 2016 US election and China’s ongoing global influence operations, which starkly demonstrate their capacity to sway public opinion and disrupt electoral integrity.”
The Menace From Cybercrime
It is not solely state-sponsored actors that pose a menace to the democratic course of, Mandiant famous. Insiders, hacktivists, and cybercriminals all muddy the waters in their very own methods.
Typically, “The avenues for these campaigns are popular social media platforms — X, Telegram, Facebook — and YouTube, making the digital battlefield as accessible as it is dangerous,” Horn warns.
From January 2023 to March 2024, the cybersecurity agency BrandShield tracked suspicious new social media accounts and net domains regarding Joe Biden’s and Donald Trump’s presidential campaigns. It discovered a whole lot of imposter accounts throughout social media websites, in addition to 2,335 suspect web sites claiming some form of affiliation with the president and 9,639 for the previous president (helped by a 197% increase following his arrest in August).
Pretend Trump website. Supply: BrandShield
Pretend websites and accounts are helpful for spreading scams or malware and for stealing funds that voters meant to go to candidates, or they can be utilized in live performance with different techniques to realize higher ends.
“They can be used to get people’s information, and maybe try to influence their views by distributing fake news,” says BrandShield CEO Yoav Keren, previously an adviser within the Israeli Knesset. “I would even think that they can use these platforms to interact with real people from the campaigns, to infiltrate their systems. These impersonations can be used in a lot of different ways.”
“I don’t want to give too many good ideas to the bad guys,” he says, “but they usually come up with them before I do.”