With the 2024 U.S. elections coming up, the attention on electoral security threats has never been higher. Hackers are constantly coming up with novel ways to penetrate critical systems, including voting infrastructure, in a manner that threatens to undermine democracy itself. New agencies, such as the civilian U.S. Cybersecurity and Infrastructure Security Agency (CISA), have been formed in an effort to mitigate these risks in the wake of Russian cyber attacks during the 2016 elections. Ahead of the next election cycle in the U.S., special attention and appropriate technological defenses must be in place to protect democratic processes.
Why are the U.S. Elections a target for cybercriminals?
U.S. elections in particular are tantalizing targets for computer criminals. For one thing, they have an international profile, meaning that any disruption, however minor, will be a global headline. As a result, it is an election ripe for chaos. For another, old technology systems, with myriad vulnerabilities, are still often used. All of the data is juicy: voter rolls, party political strategies, and financial details.
Furthermore, foreign entities might want to affect U.S. policy choices, or even interfere in the electoral process as a way of achieving their objectives. Disinformation campaigns, or what the military calls ‘psychological operations’, and hacking the campaigns themselves are some, but by no means all, of the ways an election could be influenced to achieve an alternative outcome. All of these threats make the U.S. elections a particularly attractive target for any cybercriminal.
Key cyber threats
The cycle for the 2024 U.S. elections has already begun and there are already a plethora of cyber threats that range from the more mundane phishing attacks to the more nefarious misinformation campaigns. Here is a detailed analysis of the issues at hand:
Phishing
Phishing is still one of the most popular tactics used by hackers. Spear-phishing attacks target campaign staff or other political entities with the aim of siphoning off sensitive information or planting malware. Scammers will send emails that look like they come from an organization the recipient trusts or knows well, hoping to trick them into sharing sensitive information. Hackers can craft phishing emails that appear to come from known political figures or news outlets, for example, which can be more likely to persuade recipients to open their messages.
These spear-phishing attacks can result in disaster: access to a campaign’s strategy, donor list, and personal information of key people. But the success of such attacks relies on preying on our human weaknesses – deceiving their targets by crafting persuasive messages.
WOT’s Email Protection comes with anti-phishing features that can help in detecting malicious links in emails and preventing unauthorized access to campaign systems and their critical data. Campaign communications can thus be proactively secured against this form of online attack.
Data breaches
For one, cyberattacks could expose campaign strategies, donor information, and/or the personal data of candidates. In 2023, RansomVC, a hacking group, allegedly broke into the D.C. Board of Elections database and obtained 600,000 lines of U.S. voter data, including DC voter records according to the agency’s official statement. The consequences of data breaches don’t only involve losing data; they also diminish public confidence and may have permanent effects on the election process.
Data breaches might be possible by hacking, malware, or through insider threats. This could lead to blackmail, corrupting information to influence public opinion or disinformation. Campaigns should invest in cybersecurity to avoid such breaches.
The Data Breach Monitoring feature of WOT helps to detect the breaches early and take remediation actions so that the poisoning will be halted before the damage is done. WOT can alert the user about the breaches and recommend the best course to remediate them.
Disinformation and misinformation campaigns
Social media manipulation, whether it takes the form of fake accounts, bots, deepfakes or other forms of deception, is still being used to spread misinformation to influence who voters vote for, or to discourage voters from voting altogether. False information spreads quickly and leverages several different mediums to reach large audiences. For instance, AI-generated robocalls to New Hampshire voters impersonating the voice of President Joe Biden had been used to discourage people from voting.
There’s also foreign influence, where actors seek to alter election outcomes via campaign-specific disinformation. The actors often seem to have strategic interests – destabilizing political orders, supporting particular candidates, and so on. A key question is how to combat disinformation without trampling free speech.
Social engineering
Social engineering is employed by cybercriminals to disseminate misinformation regarding the date, location or requirements of voting, which in turn can be used to suppress or misdirect voters. Voice phishing (vishing) can be used to target individuals and elicit their cooperation in divulging sensitive information or engaging in activities that may lead to electoral harm.
Such social engineering hinges on human psychology and, as such, is extremely difficult to detect and counter. Training and awareness programs are vital to equip individuals to detect and defend against these threats.
Securing the 2024 elections
To address the cybersecurity threats against the 2024 U.S. elections, a unique strategy must be adopted. A democratic election should be based on accurate results. The security of election-related information should be maintained through modern practices and teamwork among stakeholders. Strong security methods and regular training should be prescribed to prevent threats to the election.
You can start right now, using tools such as WOT, to safeguard the security of your digital identity and the integrity of your vote. The more informed we become, the more we can combat these cyber threats that stand between us and our democracy.
FAQs
How do data breaches impact the electoral process?
Data breaches expose campaign strategies, personal information about the candidates, and donor information. This erosion of public trust, combined with leaked sensitive information, could potentially change the outcome of an election.
What measures can prevent social engineering attacks in elections?
Such precautions would include strong security policies, regular phishing mail briefings for employees, and email-monitoring tools to constantly issue alerts to system users. Education and raising awareness of the problem can dampen the risk of attacks due to social engineering.
How significant is the threat of misinformation campaigns?
By spreading misinformation and disinformation about the candidates, and playing on people’s uncertainties and mistrust, misinformation campaigns can influence voters and lower turnout. Social media, fake accounts, and deepfakes can all be used in these campaigns. Our best defense against these threats is strong vigilance and fact-checking.
Can average citizens protect themselves from these cyber threats?
While state agencies tend to police the integrity of the electoral process, citizens can safeguard themselves by remaining vigilant, cross-checking information, and using cybersecurity tools to identify and prevent online hoaxes and scams. This all comes down to individual awareness.
What should be done if there’s suspicion of a cyber threat during elections?
If there is any reason to suspect a cyber threat during a local election, that information should be immediately passed on to election officials or other appropriate cybersecurity authorities. Quick reporting gives election officials or other officials the time they need to investigate an anomaly, and hopefully mitigate it before any wider impact on the electoral process occurs.