Breaking Down Election Security: Points of Vulnerability and Solutions

2020-02-24T16:30:12
ID CARBONBLACK:C5E894BA93DE220E7276CCCB180C988A
Type carbonblack
Reporter Sawyer Lemay
Modified 2020-02-24T16:30:12

Description

The importance of cybersecurity in the context of the democratic process has become undeniable—with nation-state hackers setting their sights on elections as effective vehicles for attack, disruption, and social unrest.

Christopher Wray, the Director of the FBI, testified to Congress that U.S. adversaries will target the 2020 elections to damage the country and reduce faith in the election process. He noted that “malign foreign influence” will take many forms with regard to election hacking, specifically calling out:

  1. Voter disenfranchisement:Voter registration systems and databases are managed on a state-to-state basis and are often built on unsecured technology. These systems are a prime target for would-be hackers, as was the case when Russian hackers probed and penetrated voting systems throughout the 2016 election process.
  2. State website defacement: Election systems typically have a state website that tallies and posts results as they come in, with servers that can be manipulated if not adequately protected. While such tallies do not represent official counts and are not directly tied to vote tallying systems, these live counters can show false values, creating confusion, frustration, and distrust amongst the voting populace. If voters believe their candidate is winning or losing in a runaway, for instance, they may choose to not vote.
  3. Media island-hopping: Major media outlets (typically the ones that lean more left or right politically) can be targeted, and their social channels may be manipulated. Hackers and disinformation artists in the 2016 election showed their proclivity for targeting media at the more extreme ends of the political spectrum as they discerned it was easier to manipulate using existingbiases. We can expect a similar pattern of activity to emerge in the 2020 elections, given how effective the tactics proved to be in 2016.
  4. * *Manipulation of voting machines: Recently, a group of white hat hackers participating in the DEFCON Voting Village event proved that machines used in more than half of the United States in 2018 were vulnerable to hacking, and this vulnerability remains for 2020. While there’s no evidence of this directly occurring in previous elections, the possibility is very real.
  5. Manipulation of servers with critical voting data and laptops/desktops that touch that data: Many such servers and/or critical computers have been found to have active, direct connections to the Internet, which makes them even more vulnerable to attack. Attackers can stealthily modify files, internal server or computer memory, boot files, and binaries to change or corrupt voting data. Notably, in 2017, a server critical to Georgia elections was wiped clean by a hacker after a lawsuit was filed. Electoral security must be seen as a patriotic imperative, not a partisan issue.

To learn more about how state and local governments can keep themselves safe from cybercrime, download the whitepaper.

Download


The post Breaking Down Election Security: Points of Vulnerability and Solutions appeared first on VMware Carbon Black.