Poll Hacks: How Cybercriminals Aim To Disrupt Elections

3306 0

The UK general election is almost upon us, and it is already turning into one of the most divisive and analysed political events in the country’s history. 

Discourse and debate are reaching fever pitch, from parliamentary benches and constituency doorsteps, to every conceivable media platform in play. 

It is no surprise then that an air of online volatility persists more than usual. At this moment in time, every new election is likely the most tech-enabled and at risk addled yet.

Labour was most recently under the cybersecurity cosh, enduring what it termed as “sophisticated and large-scale” attempt to knock out its digital systems earlier in the month (it turned out to be a set of distributed denial-of-service (DDoS) attacks). Just the other day, Labour candidate Ben Bradshaw also claimed to be a victim of a suspected cyber-attack when he received an email with sophisticated malware attachments.

These are politically unprecedented times and the UK’s National Cyber Security Centre knows it. Last year, the government-backed organisation issued a direct warning ahead of local elections, citing potential “insider activity” attempting to “manipulate or compromise electoral information.” Similar warnings are in place for 2019.

There are many ways to knock an election off course. Below are some of the main existing and emerging cyber threats to bear in mind as we head to the polls this week. 

It is, however, worth noting that variations of these methods are possible throughout the year as hackers opportunistically hijack political developments in real-time.

Tried and trusted attacks 

Although significant aspects of the UK’s electoral process are still conducted offline, it is not invulnerable to well-worn cybercriminal tactics such as DDoS attacks (electoral, government or media websites during key campaign instances, in particular). Today, even a teenager can create botnets in 45 minutes by watching a YouTube tutorial, and there is a glut of DDoS-for-hire sites available on a shoestring.

Phishing is another perennial threat. In fact, F5 Labs’ latest Phishing and Fraud report currently sees it as the most prominent attack method used to breach data. 

Elections are natural hunting grounds for seasoned phishers, with emotions running high and enormous volumes of proselytising communications flying around. 

Hearts and minds are there to be won, and canny cybercriminals are ready to pounce. Attackers can eschew hacking through a firewall, finding a zero-day exploit or deciphering encryption. They just need a convincing email pitch and a fake site for victims to land on.

Recent examples of phishing-related political skulduggery include the focused targeting of government officials during the 2019 Ukrainian presidential election, and North Korea’s attack against the Indian space agency’s moon mission.

Safeguarding against all of this calls for rich and constant behavioural training, combined with technical security controls such as multi-factor authentication and encrypted malware inspection. DDoS prevention solutions that align to business and IT architecture needs are also essential. 

Tipping the scales 

Worryingly, cybercriminals backed by nation states are now increasingly adept at directly misleading voters. 

Most will recall how the US was conspicuously under fire in 2016, with Russian-instigated automated bot activity disseminating a slew of “fake news” articles that may have swayed voter opinion.

The US House of Representatives Permanent Select Committee on Intelligence recently provided an eye-catching snapshot of the scale and reach of this type of activity, reporting that the Internet Research Agency (one of the Russian false front companies) purchased 3,393 Facebook advertisements that were shown to over 11.4 million Americans. They also created 470 Facebook pages with 80,000 pieces of organic content. These were shown to more than 126 million Americans. Only 120 million votes were cast in the entire 2016 Presidential election.

In addition to Russia, the FBI also lists China and Iran as the top threat actors when it comes to election security. 

One of the most effective, continually evolving tactics, is to muddy the public discourse and orchestrate a demoralising miasma of discontent. The threat actor doesn’t even need to promote a specific cause, candidate, or agenda. They just need to prompt chaos, uncertainty and division. 

While there are tools available to help citizens spot news bias and disinformation (e.g. Snopes and AllSides), they often require additional skills that many older and less connected voters lack. 

Naturally, the onus is on social media businesses to adapt. All should have the ability to identify, scrape and deny bots on their platforms. It can be tricky grey area, however, with discussions about the nature of free speech frequently adding complex nuances to the mix.

Sign of the times

Although it really won’t apply to the UK this year, there are growing concerns about how votes themselves can be falsified or tampered with. 

Once again, the US is in attackers’ crosshairs more than most. Last year, F5 Labs’ Application Protection report flagged how public sector organisations were the most concerned of all industry sectors when it came to application tampering. One of the reasons is the fact that 37% of US states allow online registration.

Then there are the US’ electronic voting machines themselves. In August, more than 35,000 attendees of the Def Con hacker conference were invited to test for vulnerabilities. Every single one of 100+ machines were vulnerable to at least some kind of attack.

The UK, like most countries around the world, needs to sit up and take note. Elections will only become more digitalised and connected – whether we like it or not.

Taking back control 

Awareness is key. For example, it has never been more important to spot media bias, which often mixes drama and opinion with real facts. Even though most major social media platforms are working hard on fixes, we simply cannot afford to be unquestioning, passive content consumers anymore. 

Digital election interference – whether it influences a single vote or creates a confused political climate favourable to a specific nation-state – is a clear, present and insidious danger. Voters, politicians, or indeed anyone even tangentially involved in the democratic process, need be ready and able to navigate and interrogate this new reality. 

David Warburton
David Warburton, Senior Threat Research Evangelist EMEA David is an information security threat researcher and evangelist for F5 Networks. His focus areas of research are on cryptographic protocols and certificates, digital identity, web application security, information risk management and compliance & regulation. A recent alumni of Royal Holloway University where he wrote his MSc dissertation on IoT Security, he now works on identifying emerging cyber threats, producing actionable intelligence reports and consulting on cyber security strategy within public sector, retail and financial organisations.

David Warburton Web Site

In this article