Following the aftermath of the controversial US election, with rumours still circling regarding Russia’s alleged involvement and experts debating the prickly issue of attribution. Other politically motivated groups, lone wolf actors, Islamic activists and even teenagers looking to make a name for themselves can interfere, impersonate and manipulate elections to correspond with their agenda.
In our digital age, nearly anything can be learned, compromised, and/or fabricated to conceal the true identity of a perpetrator. And doing so isn’t necessarily sophisticated work. This is particularly evident in cases of Nation State hacking, where the techniques used are pretty simple but very effective. Leveraging similar domain names to legitimate ones to deliver malware or steal credentials, and using URL shortening services such as bit.ly to bypass spam filters and other defences are commonplace techniques that have been used regularly by multiple threat actors.
Attacks can also occur where a clear agenda is not evident. For example, the Cambodian National Election Committee published the country’s national voter list online on the 3rd of January, 2017. An “overseas” attacker successfully hacked the site and prevented access to the list, but reportedly did not alter it. In this case access was restored, but no attribution has been made related to this incident and no obvious motivation or intention known.
Maintaining the sanctity of elections
Activities that attempt to influence power in other nations are not new to governments and history is replete with examples of this, particularly through strategic marriages, donations of resources, misinformation, espionage, interfering in elections, sabotage, assassinations, military power, and diplomacy.
The events surrounding the 2016 US presidential election serve as a profound example of how an unsophisticated information security attack could impact the political process of a nation. As detailed in Anomali’s ‘Election Security in an Information Age’, through a combination of phishing attacks, the hackers were able to compromise accounts, steal passwords, deliver malware, obtain emails and documents, and release potential damming evidence about politicians during the election cycle.
But the scale and degree of interference is changing, as threat actors become more sophisticated and subversive in their attacks. There is also a degree of collaboration and intelligence-sharing that happens between the bad guys, allowing them to craft strategies to overcome defences. As a strong counter to this, governments and industry circles must employ their own collaboration tactics to bolster resilience and reinforce protective measures.
It is time that the security industry takes similar steps to become more open about malicious interference within their trusted security circles, so experts can proactively respond, gain deeper details of attacks, develop collective profiles of common attackers, and ultimately better achieve more confident levels of attribution.
In the face of organised and well-funded malicious attacks, what can be done to maintain the sanctity of elections? Governments have a full arsenal of responses available including sanctions, diplomacy, regulations aimed at improving defences, legislation, retaliation, or even conventional warfare. Although, how can governments be confident that they’ve ‘captured’ the bad guy? There is a substantial difference between discovering significant intelligence about an attack and gathering enough evidence to deliver a criminal conviction. Given the care with which culprits can take to obfuscate digital evidence during attacks, evidence is often too weak, incomplete, or mostly circumstantial to solidly link certain attacks to the same actor. Whereas, the intelligence process involves the collection of relevant and actionable data, involves analysis, and estimates based on what is learned along with that is already known. There is strategic and tactical value in this type of information when done well. Intelligence may be wrong or miss the mark, but it is provided as a best assessment based on available details.
To bolster defences, intelligence-sharing not only amongst organisations involved in elections but also political players and industries who may have already experienced attacks from nation states can help develop proactive strategies. Attackers see major benefits from siloed intelligence gathering. When one organisation is targeted for a period of time by a particular nation state, certain details are learned but only by them. Therefore, when another industry is subsequently targeted, these same lessons are learned afresh. This leads to increased lag time between attack detection and reaction, creating an advantage for the attackers. Instead, sharing intelligence between these industries can help not only proactively respond to malicious activity, but also lead to deeper details learned and better attribution across subsequent occurrences. This can result in developing a broad, collective profile of common attackers including those suspected to be associated with nation states.
In addition to collaboration, the importance of education as a valuable tool in preventing targeted attack vectors such as phishing should not be unstated. Ensuring that those who might be privy to sensitive information are aware of how to protect social media accounts, emails, and smart phones against typical cyber threats that can help them resist attempts at compromising them.
Although, education should not stop at those who work within organisations. Helping the electorate understand the potential goals and methods of influence nation states might use in their elections is another way to help defend election integrity. Developing a general sensitivity to media bias, false reporting, and other factors of influence in elections will help them discern truth from fiction and focus on the facts.
Secure elections are a cornerstone of Western democracies. Protecting the integrity of them is paramount. The threat of hacking, not only of systems connected to elections themselves but also the political entities linked to elections must have adequate defences in place. It is unlikely that bad actors will suddenly stop trying to affect elections and politics in other Nations. And the shift from leveraging traditional techniques to electronic attacks over the Internet only makes these activities easier, less costly, and less risky.
Governments must use all the resources at their disposal to protect them and ensure defensive measures are deployed by political organisations. While well-educated employees and electorates can also help ensure that elections are as safe as possible from external influences. This is particularly important as European elections in France and Germany draw nearer.
Travis Farral, Director of Security Strategy, Anomali