If history has taught us anything, the most significant cyber threat to this year's elections will not be data breaches, distributed denial of service (DDoS) attacks, or fake news videos. Instead, it will be a combination of these or more.
In the era of cyberspace salad, hackers used simple and direct methods like hiding viruses in advertisements and hacking websites using easily guessed passwords to cause all kinds of mayhem. Ta. Situations like this still occur, but thanks to increased cybersecurity awareness and protection, attackers have to be more creative in chaining together multiple tactics to achieve their goals. is common.
The same goes for elections. In 2006, aides to Joe Lieberman's presidential campaign had to rely on personal email in the following cases: IT system froze due to DoS attack. Ten years later, famously, Podesta email leak. According to Mandiant, part of Google Cloud, the most powerful threat to democratic processes is chain attacks.
“In the most significant election-targeted cyber incidents tracked by Mandiant, attackers deliberately layered multiple tactics in hybrid operations, with each element amplifying the effectiveness of the others. ” the company wrote. new report.
Combination election attack
One example Mandiant pointed to was in 2014, when Ukraine's presidential election was disrupted by a Russian cyberattack following the ouster of pro-Russian President Viktor Yanukovych and Russia's invasion of Crimea.
A week before the election, Russian actors hiding behind the hacktivist nickname “Cyber Berkut” attacked NATO and Ukrainian media websites. DDoS attack. That's when, with four days left, the same fake hacktivist group infiltrated the country's central election computers and prepared to delete files and files. Vote tabulation system becomes inoperable.
The next day, they destroyed even more election infrastructure and leaked the emails and documents stored on it across the internet, further deepening the chaos. Finally, just 40 minutes before election results were to be broadcast to the public, the country's Central Election Commission released some kind of virus designed to present fake results in favor of far-right ultranationalist candidates. It has reportedly been removed.
This extreme combination of cyberwarfare could only have occurred in a country experiencing such turmoil, but other cascading cyberattacks have since struck more stable democracies.
In 2020, two Iranians in their 20s ran a campaign against voting-related websites in multiple U.S. states. They managed to obtain sensitive voter information from at least one of them. Send intimidating and misleading emails, including spreading videos containing disinformation about vulnerabilities in election infrastructure. They also infiltrated a media company, which the Justice Department noted may have provided another channel for them to spread their false claims.
“Breaches are particularly powerful, and can become even more powerful when reinforced by legitimate media breaches,” said John Hultquist, principal analyst at Google Cloud's Mandiant Intelligence.
The data breach/fake news ploy is a powerful concoction. “These disinformation efforts are often organized by state-sponsored groups such as China, Russia, and Iran,” said Madison Horn, who is also running for Congress in Oklahoma’s 5th District in 2024. warns. “The impact is undeniable, as seen in examples such as Russia's involvement in the 2016 US elections and China's ongoing global influence operations, which sway public opinion and disrupt the integrity of elections. It clearly shows his ability to
Cybercrime threat
Mandiant pointed out that it is not only state-backed actors that pose a threat to democratic processes. Insiders, hacktivists, and cybercriminals are all muddying the waters in their own ways.
In most cases, Horn warns, “the vehicle for these campaigns is popular social media platforms such as X, Telegram, Facebook, and YouTube, making the digital battlefield both dangerous and accessible.”
Cybersecurity firm Brandshield tracked suspicious new social media accounts and web domains associated with Joe Biden and Donald Trump's presidential campaigns from January 2023 to March 2024. As a result, hundreds of fake accounts were discovered across social media sites, as well as 2,335 suspicious websites claiming to have some connection to the president and 9,639 websites of former presidents. 197% increase).
Fake Trump site.Source: Brandshield
Fake sites and accounts can help spread fraud and malware or steal funds that voters intended to send to candidates. It can also be used in conjunction with other tactics to achieve larger objectives.
“These can be used to obtain information about people, and they can try to influence people's opinions by distributing fake news,” says BrandShield's CEO Yoav Keren, former advisor to the Israeli parliament. “I even wonder if they could use these platforms to interact with real people who are participating in their campaigns or even to break into their systems. These impersonations can be used in a variety of ways. .”
“I don't want to give the bad guys too many good ideas, but they usually come up with them before I do,” he says.
