As the 2020 presidential election approaches across America, voters have dj vu and are concerned over the risk of hacking. On Sept. 10, Microsoft warned that the Russian military intelligence unit that had attacked the Democratic National Committee in 2016 was back. This time, the company warned, the threats would be more sophisticated and target consultants, staff members, and other entities associated with both Democratic and Republican campaigns.
Representatives for Microsoft were not available for comment, but on its blog, the company said that the Russian hacking group Strontium had attacked over 200 organizations, while the Chinese organization Zirconium had attacked people associated with both the election and the Biden campaign. The Iranian hacking group, Phosphorus, has attacked people affiliated with the Trump campaign.
The Biden and Trump campaigns both confirmed these cyberattacks in a recent CNN article,noting they remain vigilant against these threats, and will ensure that the campaign's assets are secured.
According to Specops Software, the United States has experienced more cyberattacks from hostile actors than any other nation, with 156 incidents classified as "significant" between May 2006 and June 2020. The company also found that these attacks are increasing, and as a result, cybercrime is projected to cost the global economy $6 trillion per year as soon as 2021.
The state-sponsored hackers named in Microsoft's blog entry are all using tactics designed to compromise elections directly. Some of the methods are the same as those used in 2016, such as brute force compromises and spear phishing, as well as the harvesting of people's log-in credentials and "password spraying," an attempt to gain access to large numbers of usernames by using common passwords.
Neal Dennis, threat intelligence specialist at the cybersecurity company Cyware, said that in addition to these tactics,hackers are exploiting weaknesses in public-facing databases.
Voters in Virginia's 7th district wait in line to vote at the Henrico County Registrars office September 18, 2020 in Henrico, Virginia.
Win McNamee | Getty Images
"Many databases are compromised due to poor management practices," he said. "Some because they fail to update or patch known vulnerabilities, others because people either use poor security practices or just leave them publicly accessible."
He said thatmuch of the goal of these hackers is to spread disinformation, which is intended to compromise the integrity of the electoral process.
"The information these nations attempt to compromise would enable them to stage major disinformation campaigns," he said.
In addition to compromising a particular candidate's campaign, Dennis said that disinformation efforts sow distrust in entire political parties and cause voters to doubt that their votes are being recorded accurately. Alexander Urbelis, a partner with the Blackstone Law Group and former chief information security officer for the National Football League, said that the current political climate makes the United States' electorate ripe for disinformation campaigns.
"I believe that we are more susceptible to misinformation and ideological attacks because of the global Covid-19 health crisis, conflicting information about voting by mail, and chiefly because of how polarized, tribal, and generally intolerant we have become of each other as a society," he said.
Dr. Chenxi Wang, founder and general partner at the Rain Capital cybersecurity firm, said that this year's attacks have intensified compared to 2016, and cited a massive increase in the targeting of voter databases, the hacking of campaign email lists, and what she referred to as "massively increased bot army activities on social media platforms." She said that many of her colleagues in the cybersecurity space have noticed it as well, particularly with respect to the brazenness with which these hacking groups are operating.
I believe that we are more susceptible to misinformation and ideological attacks because of the global Covid-19 health crisis, conflicting information about voting by mail, and chiefly because of how polarized, tribal, and generally intolerant we have become of each other as a society.
partner, Blackstone Law Group
"There is a general sense in the cybersecurity community that the scale of the attacks and the scale of disinformation campaigns have all increased visibly since 2016," she said. "There is more reconnaissance, larger-scale targeting, as well as newer hacking techniques."
Sometimes, the political campaigns themselves can inadvertently contribute to the problem. Dennis specifically cited former Vice President Joe Biden's official "Vote Joe" app, which had a glitch that left millions of voters' personal information exposed.
So what can be done now to safeguard the security and integrity of the 2020 U.S. presidential election?
The private sector has jumped in to offer some support in this worrying situation. In February, the small town of Fulton, Wisconsin, was the first to implement new software from Microsoft called ElectionGuard, which confirms to voters that their choices are being accurately recorded.
Facebook, for its part, pledged to combat disinformation by blocking all new political advertisements on its platform in the week leading up to Election Day. After the election, the company intends to redirect users to accurate election results, so that neither candidate can prematurely claim victory.
While these measures are welcome, Dr. Wang said that they may already be too late. Influencing the outcome of an election is a long-term effort that begins well before a single vote is cast, and hackers who participate in them are becoming more brash in their efforts.
"There is a boldness to the information operations this time around, less clandestine, more prevalent," Dr. Wang said. "Many of us describe the threats this time around as moving from covert operations to unconcealed manipulation."
Urbelis agreed that malicious actors view laying the groundwork for successful hacking campaigns as a long-term effort. As such, political campaigns and the people who work on them should see what they do as an ongoing effort.
"All too often, we are concerned with cyberattacks happening in the run-up to an election or event," he said. "More concerning to me are the successful attacks on our election infrastructure that happen way before an election when nobody is on high alert or even paying attention."
What can the private sector do to help campaigns protect themselves? Dennis said that Cyware shares and disseminates threat information with clients, allowing them to ensure the timely acquisition of actionable security data.
"Our software can help organizations take data and intelligence about a threat and correlate that back to nation-state threat actors," he said.
As for the campaigns themselves, Dr. Wang said that both the Trump and Biden teams have dedicated cybersecurity personnel and provide all staff with security training. She also noted that the Department of Homeland Security (DHS) provides data and services to both.
"The DHS is providing data, such as malware samples, criminal group activity profiles, hacking campaign signatures, to the campaigns to help them fight against cyberhacks," she said. "The DHS has had a data exchange effort with private companies and other government agencies for this purpose for years this is called the NCCIC project."
Urbelis said that there's still more the campaigns and political parties can do to safeguard elections, such as implementing multi-factor authentication for anyone with access to campaign materials. He also advised that all staff use separate personal and business devices, and keep them separate.
The current state of election security may lead some to believe that neither their data nor their votes are safe from malicious actors. However,Matt Masterson, senior cybersecurity advisor at the Cybersecurity and Infrastructure Security Agency (CISA), said that his organization and others have made great strides in safeguarding against hackers since the last presidential election.
"Security is top of mind for the entire election community from CISA and our federal partners, to state and local election officials, the private sector, and campaigns and political parties," he said. "CISA is engaged with all 50 states and thousands of local jurisdictions as they adjust plans and procedures to keep voters and poll workers safe."
He added that voters can also take part in measures to protect the integrity of the election in November.
"CISA encourages people to be a '3-P voter,' meaning prepared, participating, and patient," he said. "Make a plan today for how you're going to vote, sign up to be a poll worker if you're healthy and able, and remember that everything may take a little longer this year, including reporting the results. Working together we can ensure the 2020 elections are the most secure and resilient in modern history."
Dennis said that while there is indeed cause for concern, there have been significant improvements in the last four years.
"There is a lot of work with DHS, National Institute of Standards and Technology, Center for Internet Security, and Election Assistance Commission to provide standardized best-practices for election security," he said. He cited the Department of Homeland Security'selectionsecurity efforts to provideservices to state officials, local officials, and private sector partners with "immediate and sustained assistance, coordination, and outreach to prepare for and protect from cyber and physical threats."
The services offered include cybersecurity assessments, cyber threat hunting,information sharing, incident response, and career development.
"The DHS and partners have worked to build robust security standards which are currently being adopted across many states," Dennis said. "Still lacking overall, but many are taking cybersecurity more seriously this year than any year prior."
- Cyber security and the Internet of Things - Lexology - November 16th, 2020
- Save over $6,400 off this Complete InfoSec & Business Continuity Bundle - Neowin - November 16th, 2020
- Official Government Cybersecurity Guidance Offers Six Focus Areas for Banks of All Sizes - Lexology - November 16th, 2020
- Internet Security Audit Market is Expected to Exhibit an Upward Growth Trend Across Widespread Verticals | Affluence - The Think Curiouser - November 16th, 2020
- Internet Of Things Security Market 2020: Global Opportunities, Regional Overview, Top Leaders, Size, Revenue and Forecast up to 2020 2026 - The Daily... - November 16th, 2020
- Internet of Things (IoT) Security Technology Market Size 2020 | Opportunities, Regional Overview, Top Leaders, Revenue and Forecast to 2027 -... - November 16th, 2020
- 6 security shortcomings that COVID-19 exposed - CSO Online - November 16th, 2020
- iboss Named Finalist for Best Network Security Solution in the 2020 ASTORS Homeland Security Awards - PR Web - November 16th, 2020
- Microsoft: Move Away From Phone-based Multi-factor Authentication - TechDecisions - November 16th, 2020
- Global Cable Operator Markets, 2020-2025 by Technology, Residential Services (Wireless, Internet, Entertainment, Security, Home Automation, and IoT... - November 16th, 2020
- Why fintech security must never be an afterthought Wall Street Call - Reported Times - November 16th, 2020
- Global Internet Security Market Share, Quantitative Analysis, Drivers & Restraints, Future Trends and Forecast Research Report 2026 by Global... - November 10th, 2020
- Internet Security Software Market Size, Share, Types, Products, Trends, Growth, Applications and Forecast 2020 to 2027 - TechnoWeekly - November 10th, 2020
- How the Internet of Things Security Infrastructure in India can be improved? - Analytics Insight - November 10th, 2020
- Global Internet of Things Security Market 2025 Potential Scope for Growth in This Pandamic: Check Point Security Software Technologies, Cisco Systems,... - November 10th, 2020
- What is a RAT? How remote access Trojans became a major threat - CSO Online - November 10th, 2020
- China's largest hackathon sees Windows 10, iOS 14, Chrome, and more hacked - TechSpot - November 10th, 2020
- How governments, companies can address evolving needs of increasing tech-savvy Filipinos - Philstar.com - November 10th, 2020
- Global IT Security Market 2020 Growth Potential, Production, Revenue And COVID-19 Impact Analysis 2025 - The Think Curiouser - November 10th, 2020
- Internet of Things (IoT) Security Market Will Generate Massive Revenue In Future A Comprehensive Study On Key Players - TechnoWeekly - November 10th, 2020
- Global Internet Security Market 2020 | Know the Companies List Could Potentially Benefit or Loose out From the Impact of COVID-19 | Top Companies:... - November 8th, 2020
- Misinformation, not vote tampering, is our most critical election threat - SecurityInfoWatch - November 8th, 2020
- Top 7 Ways to Hide Your IP Address in 2021 - Techstory - November 8th, 2020
- Internet Security Software Market Current and Future Trends, Leading Players, Industry Segments and Regional Forecast By 2029 - Eurowire - November 6th, 2020
- Know Your Role: You Are Part of the Security Team - ClearanceJobs - ClearanceJobs - November 6th, 2020
- 'This is how it was all supposed to work': The EI-ISAC readies for Election Day - StateScoop - November 6th, 2020
- Two reasons your Wi-Fi is slow, and how to fix them - CNET - November 6th, 2020
- Keeping Yourself Safe on the Internet at University - TechBullion - November 6th, 2020
- IT Security Spending in Government Market Expected to Flourish By 2025 with Top Key Players- IT Security Spending in Government are: Check Point... - November 6th, 2020
- Arson, water damage: Paper ballots are fragile. But there's a reason we don't vote online - CNET - November 6th, 2020
- Live News Streaming Figures for #Election2020 Highlight Misinformation Threat - Infosecurity Magazine - November 6th, 2020
- Florida Invests in Security Controls Ahead of #Election2020 - Infosecurity Magazine - November 6th, 2020
- How to Organize Employees to Cooperate in Threat Mitigation - Infosecurity Magazine - November 6th, 2020
- The best antivirus protection for Windows 10 in 2020 - CNET - November 2nd, 2020
- Internet Security Firewall Market to Reap Excessive Revenues by 2020-2029 - Eurowire - November 2nd, 2020
- Global Internet Security Market Expected to reach highest CAGR in forecast period :HPE, IBM, Intel, Symantec, AlienVault - TechnoWeekly - November 2nd, 2020
- Poll shows that many feel more vulnerable to online threats during the pandemic - Wiltshire 999s - November 2nd, 2020
- Internet of Things (IoT) Security Market To Witness Significant Growth By 2020-2028 - TechnoWeekly - November 2nd, 2020
- Post-2020 election, Covid vaccine is biggest disinformation threat on the internet: Former Facebook security chief - CNBC - November 2nd, 2020
- Internet of Things (IoT) Security Market Demand (2020-2026) | Covering Products, Financial Information, Developments, Swot Analysis And Strategies |... - November 2nd, 2020
- Career in cybersecurity or ethical hacking: Where to study, starting salary and job interview questions - India Today - November 2nd, 2020
- Internet Of Everything (IoE) Market Status and Trend: Top Key Players, Industry Dynamics, And Regional Scope 2020 - Aerospace Journal - November 2nd, 2020
- Security Pros Have Role in Combatting Disinformation - Infosecurity Magazine - November 2nd, 2020
- How Safe Is the US Election from Hacking? - The New York Review of Books - November 2nd, 2020
- Internet watchdog warns of rise in scammers' activity - New Zealand Herald - November 2nd, 2020
- Homeland Security notified after hackers leak names of local residents who reportedly submitted invalid ballots - iFIBER One News - November 2nd, 2020
- Global Internet of Things Security Market Expected to reach highest CAGR in forecast period :Check Point Security Software Technologies, Cisco... - November 2nd, 2020
- Network Security: Don't Trust And Verify - IT Jungle - October 23rd, 2020
- Akamai Reveals State of Internet: Threats to Retailers - Solutions Review - October 23rd, 2020
- Verisign Reports Third Quarter 2020 Results | Business | The Daily News - Galveston County Daily News - October 23rd, 2020
- Global Internet Security Software Market Analysis, Drivers, Restraints, Opportunities, Threats, Trends, Applications, And Growth Forecast To (2026). -... - October 23rd, 2020
- Nokia Threat Intelligence Report warns of rising cyberattacks on internet-connected devices - GlobeNewswire - October 23rd, 2020
- Cybersecurity and a potential Biden White House: Past tech priorities resurrected - SC Magazine - October 23rd, 2020
- Virgin Media has an important new feature, but switching it on will cost you - Express - October 23rd, 2020
- WISeKey and OpSec Security Partnership Establishes Trust Between Brands and their Customers through Improved Customer Engagement - GlobeNewswire - October 23rd, 2020
- Internet Of Things Iot Security Market Economic Perspective And Forecast To 2027 - PRnews Leader - October 23rd, 2020
- Why cybercriminals have 'Gone Vishing' during the COVID-19 Pandemic - Bdaily - October 23rd, 2020
- Insights on the Digital Security Control Global Market to 2027 - Strategic Recommendations for New Entrants - GlobeNewswire - October 17th, 2020
- More than 25% of Cypriots concerned about internet security - Cyprus Mail - October 17th, 2020
- 5 things you can do to secure your home office without hiring an expert - We Live Security - October 17th, 2020
- Beyond Speed and Reliability: Security Is a New Differentiator - Security Boulevard - October 17th, 2020
- Nationwide and Generali Global Assistance Partner to Enhance Identity Theft Protection - Insurance News Net - October 17th, 2020
- Global Internet of Things (IoT) Security Product Market 2020 Impact of COVID-19, Future Growth Analysis and Challenges | Cisco Systems, Inc, IBM... - October 17th, 2020
- Is BlackBerry (TSX:BB) Stock a Buy on the Latest News? - The Motley Fool Canada - October 17th, 2020
- Global Internet of Things or IoT Security Market to Reach $22 Billion+ Valuation by 2027, Largely Due to Blockchain Adoption - Crowdfund Insider - October 17th, 2020
- Internet Security Market with COVID-19 Recovery Analysis 2020 | Rapid Adoption of BYOD Policy to Boost Market Growth | Technavio - Business Wire - October 8th, 2020
- Tenable and the CIS Enter Partnership to Bolster Cyber Hygiene - AiThority - October 8th, 2020
- How to Build Smart Banks that Connect Customers with Modern DX - AiThority - October 8th, 2020
- #NCSAM: Is Connected Ever Going to be Protected? - Infosecurity Magazine - October 8th, 2020
- Cyber Security Awareness Month is here! - We Live Security - October 2nd, 2020
- Internet security Market Potential Growth, Size, Share, Demand and Analysis of Key Players Research Forecasts to 2027 - The Daily Chronicle - October 2nd, 2020
- Latest Report on Global Internet of Things (IoT) Security Market Analysis, Growth, Opportunity and Regional Insights 2026 - The Daily Chronicle - October 2nd, 2020
- Remarks by Henrietta Fore, UNICEF Executive Director, at Security Council meeting on universal connectivity & access to digital technology in... - October 2nd, 2020
- Lessons learned from firsthand experience on how to avoid internet fraud and other forms of cyberattacks (opinion) - Inside Higher Ed - October 2nd, 2020
- COVID-19 Update: Global Internet Security Audit Market is Expected to Grow at a Healthy CAGR with Top players: Symantec, Intel Security, IBM, Cisco,... - October 2nd, 2020
- Internet Security Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top Players: HPE,... - September 30th, 2020
- The Top Internet of Things (IoT) Authentication Methods and Options - Security Boulevard - September 30th, 2020
- How Trusted Internet Connections Is Focusing Telework with TIC 3.0 - FedTech Magazine - September 30th, 2020
- Is your business looking for an extra layer of security - here's why a VPN may be the answer - TechRadar - September 30th, 2020
- A business connected to the cloud needs cloud-ready security, connectivity - Techgoondu - September 30th, 2020