The 2020 elections are upon us, and malicious cyber threat actors – both foreign and domestic – are intent on disrupting the campaign and election processes. As Wickr’s CEO, Joel Wallenstrom, recently stated, “There are conversations where it’s just not a good thing for Russia or China to get access to.” Wallenstrom also notes that the adoption of encrypted apps has been “pretty prevalent this cycle.”
How serious is the cyber threat to the upcoming election? Serious enough that all parties involved need to start beefing up their election cybersecurity strategies.
Hacking the Vote is an Election Cybersecurity Issue
The most obvious concern, at least on the part of the public, is protecting the voting process from cyber attacks. This is not a specious threat – in the past, hackers have attempted to influence election results by targeting voting databases and voting machines.
It’s frighteningly easy to tamper with voting machines. Even though most voting machines aren’t directly connected to the Internet, many of the computers used to program them have Internet access. It therefore would be relatively simple for a malicious actor to inject a Trojan horse or other malware into one of these computers and thus affect the voting machines controlled by that computer.
The situation is made more precarious because many of these controlling computers run outdated software. According to the Brennan Center for Justice, 41 states currently use computers that are at least a decade old and run outdated and vulnerable operating systems, such as Windows 2000. These older computers and operating systems are markedly less secure than newer machines and operating systems, making them threats to election cybersecurity.
Another way to affect election results is by altering voter registration rolls in some fashion. An attacker can delete individuals from lists of registered voters, mark legitimate voters as felons unable to vote, or change voters’ party affiliation to keep them from voting in their party’s primary election. According to the Senate Intelligence Committee, all 50 states experienced cyber attacks on their voting systems during the 2016 election, likely from Russian hackers attempting to change or delete voter data.
Equally vulnerable are public voter registration websites run by various state election organizations. These sites are potential targets for DDoS attacks, web application attacks, and network interception. Given these vulnerabilities, it’s likely that further attacks from malicious foreign actors will occur during the 2020 election cycle.
Hacking the Campaign
Most election campaign teams are good at politics, but unfortunately not good at election cybersecurity. They lack the technical talent and the resources to mount a serious cyber defense against dedicated cyber attackers. This is starting to change, though, as the major political parties learn important lessons from the 2016 election campaign. However, additional measures still need to be taken.
Here are a few ways cyber threat actors can influence 2020 election campaigns:
Website Attack
While threats to the voting process are real, it’s far easier for hackers to attack the public websites of candidates and political parties to influence their campaigns. These sites are targets of DDoS attacks, defacement, data tampering, and data theft.
Social Media and Email Attack
Malicious actors have also hacked into the social media and email accounts of political candidates. Perhaps the best-known instance of this occurred in 2016 when Russian operatives infiltrated the email servers of the Democratic National Committee (DNC), stealing private emails that were later leaked to the media to influence that year’s presidential election.
Risks Associated with Pandemic Precautions
The threats to election cybersecurity are expected to intensify due to the COVID-19 pandemic. To prevent the spread of the novel coronavirus, there has been an increased use of online communications, video conferencing, and file sharing. Instead of greeting voters in person, socially-distanced candidates are increasingly turning to phones, email, and other electronic messaging to conduct their campaigns. This creates more opportunities for hackers to digitally disrupt the process. Concerns also exist over the security of virtual town hall and campaign meetings, as well as online fundraisers.
The Campaign Staff
Election campaign cybersecurity is made more difficult to manage because of the large numbers of part-time and volunteer staff employed. These staffers frequently use their personal phones, tablets, and computers for communicating with other staff. Personal devices are notorious for lacking strong security, making them easy to hack. Campaign staff also need to be trained in proper cybersecurity techniques, especially to recognize and handle phishing messages. (The DNC hack, for instance, was initiated when a staffer clicked on a fake link in a phishing email.)
Hacking Campaign Communications
The DNC email hacks proved that campaign communications are especially vulnerable to interception and theft. Experts stress that campaigns need to secure their communications from attack – including communications with far-flung staff and volunteers, which are harder to control. They also need to find ways to securely send and receive sensitive campaign documents.
In response, many political organizations on both sides of the aisle have moved all their internal communications to encrypted messaging apps that protect their private communications from hackers. For example, the Democratic Congressional Campaign Committee (DCCC) adopted AWS Wickr, which offers end-to-end encryption for all text, voice, and video messages. Several candidates in the Democratic presidential race including Senators Kamala Harris and Amy Klobuchar, primaries have also had AWS Wickr accounts.
The nonprofit group Defending Digital Campaigns (DDC) is offering discounted Wickr accounts to all federal election campaigns, regardless of party affiliation. The DDC, co-founded by former campaign managers for Hillary Clinton and Mitt Romney, also offers free or low-cost security services and technology to qualifying campaigns.
AWS Wickr: The Secure Communications Platform
An increasing number of political campaigns are turning to AWS Wickr for all their campaign communications. AWS Wickr offers texting, voice and video calling, voice and video conferencing, and file and screen sharing – all protected by end-to-end encryption. It’s designed to fit the needs of political operatives in the heat of a campaign – and keep all their communications safe from hackers.