Campaigns and political parties are in the crosshairs of election meddlers
Foreign nations, criminal hacking groups and other malicious actors looking to influence elections have dedicated fewer resources to directly targeting or hacking election infrastructure and have shifted toward attacking major players in the electoral ecosystem, such as campaigns, political parties, news outlets and social media, according to a report released Thursday by Mandiant and Google Cloud.
Attacks on voting machines and election systems, the hacking of political campaigns and election officials, and online information operations continue to pose threats to the integrity — or perceived integrity — of the democratic process. And Thursday’s report details how the threat landscape facing elections has become more complex and multifaceted over the past decade.
But its authors also caution that it is important not to overstate the influence of groups seeking to undermine elections.
“Many of their operations follow a familiar formula: attacks with limited practical effects are exaggerated for maximum psychological impact,” John Hultquist, chief analyst at Google Cloud, said in a statement. “We will have to strike a balance between preparing for these threats while also being careful not to exaggerate their impacts.”
The rapid proliferation of machine learning systems has stoked fears that such technology will be used to manipulate elections, but the report cautions that it remains to be seen how newer threats, such as deepfakes and other forms of AI-generated disinformation, may impact elections and voter behavior.
The report concludes that the unauthorized access or theft of data, hack-and-leak operations and distributed denial of service attacks represent the most likely attack vectors for the 2024 elections.The likelihood of cyber-enabled vote tampering remains low but also has the greatest potential impact, according to the report.
Based on observations from past election cycles, the report suggests that foreign intelligence services, domestic actors and hacktivist groups are likely to combine multiple types of attacks for a more “layered” approach.
Mandiant believes Russia poses the greatest threat to upcoming elections in the U.S., U.K. and Europe, with Moscow showing a willingness and intent to directly target and influence outcomes. China, Iran and North Korea were all deemed more moderate threats that are primarily interested in cyber espionage and influence operations that spread favorable narratives about their own countries.
But experts caution that reaching audiences through influence operations is now more difficult, as democratic governments and technology companies have become more adept at spotting and exposing them.
“This isn’t 2016. Though there are more actors in play, many are struggling to build and maintain influence in an environment where their operations are regularly identified and removed,” said Hultquist, referring to Russia’s hack-and-leak operations and efforts to influence U.S. voters on social media.
The shift by malicious groups away from targeting election infrastructure comes on the back of efforts to address the vulnerability of voting machines, voter registration systems and other parts of election infrastructure. Efforts by states, the Cybersecurity and Infrastructure Security Agency and Congress to replace paperless voting machines and harden physical and digital protection of election systems across the country in 2018 and 2020 may have helped to reduce the attack surface facing many of these technologies.
“I actually think we’re in much better shape today than we were in 2016, for example, on the electoral infrastructure side,” Michael Daniel, a White House cybersecurity adviser during the Obama administration, said this week during a discussion on election security hosted by Defending Digital Campaigns.
Nevertheless, traditional election security concerns are far from irrelevant. With former President Donald Trump claiming widespread voter fraud in the 2020 election, the integrity of the voting process, the security of voting machines and how votes are tallied remains under intense scrutiny. Trump’s claims of fraud have been repeatedly debunked, but his insistence that the 2020 vote was rigged has placed election administrators under a microscope and bred deep skepticism among many voters about the integrity of American elections.
To push back on theories of a deep state cabal that controls the voting process, election officials across the country increasingly are holding events with the public and media to inspect voting machines, to sit in on audits and the certification of voting tallies and to meet election officials.
Some voting integrity activists have expressed concern that in the wake of Trump’s falsehoods about 2020, Democrats and election security advocates have become too reluctant to push for more transparency or safeguards around voting and election infrastructure, for fear of giving oxygen to the more outlandish and unfounded theories around voter fraud.
Marilyn Marks, executive director for the Coalition for Good Governance, which is suing Georgia election officials in an effort to replace voting machines statewide that they say are unsafe and vulnerable to hacking, told CyberScoop last month that such efforts are more important than ever in order to credibly beat back past and future claims of rigged elections.
If bad actors “don’t hack the system, [Republicans are still] going to claim it’s hacked, and you cannot know,” Marks said. “They can make these wild claims that may or may not be true, and we’ll never know.”
Meanwhile, political campaigns are viewed as particularly vulnerable to groups looking to meddle in elections, foreign spying operations and run-of-the-mill cyber criminals. Campaigns often rely on high-profile political operatives who may go on to hold important government positions, have access to valuable or sensitive data that would interest foreign intelligence services and can function as vectors for damaging hack-and-leak operations.
Cybersecurity operations for political campaigns are also volatile and ad hoc, relying on shifting personnel, shoestring budgets and uncertain funding.
Mick Baccio, who served as chief information security officer for Pete Buttigieg’s presidential campaign, said the financial and operational realities of a political campaign make cyber services difficult to secure. Services like endpoint detection must be bought on a month-to-month basis, and cybersecurity is rarely a priority.
“It was me and maybe one other person that was a security team for a presidential campaign, and that’s at the top of the table,” Baccio said. “So when the money comes down, [the resources] are really not there.”