The world is witnessing a surge in cyberattacks targeting democratic elections, raising concerns about the integrity of voting processes and the potential for foreign interference. This trend is particularly alarming as 2024 looms large on the political calendar. Crucial elections in the U.S., Poland, and other countries are set to take place, making them prime targets for malicious threat actors seeking to manipulate the democratic process.

Experts warn that these attacks are becoming increasingly sophisticated, which underscores the urgent need for robust cybersecurity measures and international cooperation to safeguard the very foundation of democracies: free and fair elections.

The use of cyberattacks to disrupt or manipulate elections is becoming a bigger concern. A recent report highlights a staggering four times increase in DDoS attacks targeting Polish elections, demonstrating the growing frequency and complexity of these assaults. These attacks overwhelm election infrastructure with digital traffic, potentially hindering voter participation by making it difficult to access online voting platforms or election information websites. Furthermore, by creating system outages and delays, such attacks can erode trust in the democratic process and sow doubt about the legitimacy of election results.

The U.S. faces similar threats. Long-standing campaigns by countries like China and Russia raise concerns about the vulnerability of democratic processes. Advanced cyber espionage groups like APT28 target government organizations, political campaigns, and even individual voters to steal data, gain access to systems, and potentially influence electoral outcomes. APT28, for instance, is believed to be behind the hacking of the Democratic National Committee servers in 2016. Their techniques include phishing emails, credential harvesting, exploiting software vulnerabilities, and deploying malware.

Misinformation and procedural concerns

While cyberattacks are a major concern, other factors threaten election integrity. Misinformation campaigns can be highly effective in swaying public opinion and undermining trust in legitimate results. Malicious actors can exploit social media platforms to spread false information, often disguised as legitimate news sources. This can create confusion among voters, making it difficult to discern truth from fiction.

Procedural concerns surrounding early voting mechanisms also contribute to the complexity of ensuring election integrity. While these mechanisms offer convenience for voters, questions linger about potential vulnerabilities and legal challenges. Ballot security, voter identification requirements, and the potential for manipulation during the vote-counting process require careful consideration and ongoing improvements.

These issues are particularly significant in the United States during a volatile geopolitical climate. The interconnectedness of global affairs highlights the importance of electoral integrity domestically and also for broader international stability. A successful cyberattack or widespread misinformation campaign targeting a major election could have cascading effects, disrupting international alliances and jeopardizing global security.

It’s worth noting that the focus of election security has shifted over the years. While physically securing voting machines was once a primary concern, advancements in encryption and stronger security protocols have mitigated that risk. Today, the focus lies on how threat actors can exploit vulnerabilities through deepfakes and DDoS attacks to manipulate voter opinions and disrupt communication channels.

A multi-pronged approach

To address today’s latest challenges, a multi-pronged approach is necessary:

Anti-DDoS Strategy: If you’re likely to be targeted by a hacktivist group – for example, a government agency – you must proactively examine the infrastructure and cloud providers that you have in place to sustain your operations in the event of a DDoS attack. If you’re hosted on a single provider and don’t have any anti-DDoS strategies, then you’re accepting a significant risk, especially in an election year cycle. You need to have the right infrastructure in place to withstand a DDoS attack.

Voter Booth Security: All voter locations need to be shored up in advance to ensure there are no physical fraud issues around voter booths and some of the other nefarious activity you’d see onsite at a voter location. There needs to be strong assurances and management at every site so people feel safe throughout the voting process. Even something as simple as training volunteers to handle disruptions can make a huge difference.

Due Diligence: To fight fraud, you need to understand the tactics that lead to it and counter them with due diligence. For example, we’ve seen an increase in voters impersonating dead people, with the intent to vote multiple times or manipulating voting by proxy, which amounts to identity theft. If you can understand how someone may go about stealing another person’s identity, you can better spot and identify that fraud early on and implement counter-measures proactively.

Federal Awareness Campaigns: Proactive awareness campaigns can educate voters about potential threats like cyberattacks, deepfakes, and misinformation campaigns, empowering members of the public to identify and resist these tactics. This is especially important related to the probable timing of such events leading up to and right before crucial voting periods, when such attacks have proven to be the most successful in the past.

Proactive Voter Engagement: Fostering voter engagement and building trust in the electoral process can reduce the impact of misinformation campaigns. This can be achieved through initiatives that promote media literacy, encourage participation in the democratic process, and ensure transparency in election procedures.

While cyber threats are significant, traditional forms of voter fraud still exist, but can be reduced by implementing strong management practices at polling stations, like verifying voter identification and maintaining a secure chain of custody for ballots.

The time to act is now. By fostering a deeper understanding of the challenges we face and exploring potential solutions, we can work together towards securing the integrity of elections and upholding the fundamental principles of democracy in the digital age.

Ken Dunham is Director, Cyber Threats, at Qualys Threat Research Unit.

In Other News
Load More