WASHINGTON — The FBI and the Department of Homeland Security’s cybersecurity agency have issued a series of advisories in recent weeks aimed at warning voters about problems that could surface in the election — as well as steps Americans can take to counter the foreign interference threat.
The issues identified in the public service announcements run the gamut from the spread of online disinformation about the electoral process to cyberattacks targeting election infrastructure. Taken together, the advisories make clear that American agencies are tracking a broad range of potential threats that they believe voters should know about — not just for transparency’s sake but also so voters can be prepared.
The warnings come even though U.S. officials as recently as Tuesday expressed confidence in the integrity of the vote despite repeated efforts by President Donald Trump to denigrate it.
Some of the announcements from the FBI and Cybersecurity and Infrastructure Security Agency:
Disinformation through bogus internet domains and email accounts
It’s not hard to set up a fake, or spoofed, email account or website to closely resemble a legitimate one. That’s precisely what the FBI and CISA are warning may take place to trick Americans during the election.
Cybercriminals routinely forge websites with slight misspellings or other barely perceptible alterations to dupe internet users.
In the context of an election, for instance, a bogus website ending in “.com” instead of “.gov” that purports to have legitimate voting information or results could trick people who visit the page into thinking that what they’re reading is an authentic, trustworthy government source.
Besides spreading false information, officials say, such spoofed websites and email accounts can gather personally identifiable information and spread malicious software.
One precaution voters can take, officials say, is to verify the spelling of websites and email addresses that may at first glance look legitimate but are actually not.
Disinformation through online journals
Foreign intelligence services could use websites like pseudo-academic online journals to cause confusion around the election and undermine confidence in the legitimacy of its results.
That could include promoting claims of voter suppression and ballot fraud, denigrating individual political candidates, disseminating information about cyberattacks — both real and alleged — and spreading otherwise misleading or unsubstantiated assertions to manipulate public opinion, cause divisions and discredit the election process.
U.S. officials are encouraging voters to rely on trustworthy sources of information, including state and local election officials, and to verify through credible channels reports about problems with voting before recirculating them online.
False claims of hacked voter information
How someone voted is private. But information about who is eligible to vote, how often a person votes and for which party is publicly available through a variety of sources.
That’s why authorities said there was nothing to be concerned about several weeks ago when Russian media reported that some U.S. voter registration information was available on a hacker’s forum.
The FBI and CISA issued a reminder not long after that unnamed “foreign actors” and cyber criminals are spreading false information intended to discredit the American electoral process, including by falsely claiming to have hacked and leaked voter information.
Even if those foreign actors or cyber criminals had such information, there’s no indication it would do anything to stop an American from casting a ballot or provide a way to manipulate the vote. The U.S. agencies say they have no information that any attack targeting election infrastructure has compromised the integrity of election results or the accuracy of voter registration information, prevented a registered voter from casting a ballot, or prevented an election from occurring.
Cyber threats to voting systems
The advisories describe possible threats to election infrastructure that they say may slow voting, or impede access to voting information, but that should not compromise the integrity of the results.
One concern relates to so-called distributed denial-of-service, or DDoS, attacks in which a server gets knocked at least temporarily offline by a flood requests, which could leave election-related websites inaccessible or slow access to voting information or results.
Even in such attacks, though, the underlying voting data should not be affected, according to federal officials who say they’ve been working with their local election counterparts to make sure they can minimize the impact and recover quickly from such a disruption.
The FBI and CISA say in another of the recently issued warnings that cyber actors are continuing to try to break into voter registration and vote reporting systems. But the agencies say they haven’t identified any incidents that could prevent Americans from voting or that could change vote tallies.
In 2016, Russia searched for vulnerabilities in state elections systems across the U.S. and also breached the Illinois voter registration system. But there is no evidence that any votes were changed, or that the Russian activity affected the outcome.
This year, the agencies say they believe it would be difficult to manipulate votes in a way that could affect the election, and that election officials have developed safeguards like provisional ballots, paper backups and backup pollbooks.