This post was originally published on October 29, 2020.
As we draw near to the 2020 U.S. presidential election on November 3, cybersecurity looks like it will be crucial to upholding the integrity of the democratic process—and many Americans aren’t sure the country is ready to take on the cyber threats it will face. Back in January, an NPR poll revealed that 41 percent of Americans felt their nation was either “not very prepared” or “not prepared at all” when it came to keeping this election safe and secure.
Since then, the state of Washington experienced a major cyberattack that exposed vulnerabilities within its networks, Louisiana saw a breach of local government offices by hackers, and the FBI and DHS’s Cybersecurity and Infrastructure Security Agency released an alert warning that a Russian-sponsored hacking team had been “conducting a campaign against a wide variety of U.S. targets.” Although the agency made it clear that no government operations and election processes had been disrupted, the alert also said there may be “some risk” to election information on government networks.
[Stay on top of how technology affects you. Sign up for the ExpressVPN Blog Newsletter.]
We often associate online threats to American elections with disinformation campaigns on social media aimed to influence votes and in some cases suppress voter turnout. These campaigns could undermine democracy as a whole, but there are also concerns about attacks that more directly affect the voting and vote counting process.
Here are a few cyber threats to each American voter’s ballot:
Ransomware is a form of malware that locks users out of their devices and data unless they pay a ransom. In the context of an election, this could be used on election officials or polling stations, making it impossible to relay vote counts through the proper channels. A ransomware attack could worsen delays or confusion in an election that’s likely to have both thanks to uncertain timelines and rules for mail-in ballots.
These cyberattacks often take the form of emails with attachments that can infect devices when opened. In 2017, the Pennsylvania Senate Democratic Caucus had their computer network rendered inaccessible thanks to a ransomware attack, which ultimately cost them more than 700,000 USD.
2. DDoS attacks
Distributed denial of service attacks are a type of cyber threat that can be applied to virtually any situation. By flooding a website with an extremely high volume of requests, it can be rendered unusable for those who would seek to access it legitimately.
These DDoS attacks can be disruptive in the run-up to the election by knocking out voter registration portals or taking down websites that provide crucial information about where and when to vote. An attack could disrupt Election Day itself. In July, Macedonia’s State Electoral Commission saw their website knocked out by a DDoS attack for three hours during their parliamentary election, causing obstruction to announcing the results of a tightly contested race.
Not only could some kind of significant DDoS campaign create chaos and confusion, it could also produce a diversion for another attack with a more material effect on the ballots cast.
Spearphishing is a technique used to gain access to a user’s device, data, or credentials through a specially tailored email with a dangerous attachment. This cyber threat is similar to ransomware, although it’s arguably more dangerous as hackers are using the information they find to gain control of devices and access sensitive networks, as opposed to simply shutting them down.
During the last American presidential election in 2016, Russian hackers were believed to use spearphishing in an attempt to break into the email system of a vendor who provided voter registration software. That reportedly resulted in emails to election officials with dangerous attachments—although it’s unclear if it went any further than that. If similar efforts were more successful this time around, the results could be disastrous.
4. Man-in-the-middle attacks
Also called a redirect attack, a man-in-the-middle attack is the most straightforward way to “steal” an election. Executing this form of attack would require an adversary to reroute communication between individual polling stations and election headquarters, altering the voting data in an effort to change the result.
This cyber threat is particularly scary because it’s both easy to conceptualize and extremely impactful if executed successfully. However, the American election is exceedingly decentralized with tens of thousands of polling stations spread across 50 states and it’s hard to envision this coming to pass on a large or even small scale. There isn’t any evidence that this type of attack has been executed—or even attempted—in the United States so far, but it represents the worst-case scenario.