When it comes to the 2018 midterm elections in the US, bad actors are still trying to mess with your vote.
Russian hackers and propagandists who interfered in the 2016 US presidential election didn’t stop when it was over. They’re, and now they’re being joined by other countries hoping to influence the midterms, according to the US Department of Homeland Security and other agencies.
Two years ago, hackers were caught trying to break into voter registration databases and other election infrastructure in at least 21 states during the race between Donald Trump and Hillary Clinton. They also infiltrated email accounts of two major organizations run by the Democratic party, as well as the private emails of members of Clinton’s campaign.
And they leaked thousands of emails to WikiLeaks and other websites, as well as members of the press, to sway public opinion and mislead voters into picking one candidate over another.
That was on top of the misinformation campaign by professional internet trolls who created American personas on the most widely used social media sites, including Facebook, Twitter and Instagram, posting false news stories and helping plan real-world protests. Earlier this year, US special prosecutor Robert Muellerand people involved in running or working at Russia’s of crimes relating to the alleged campaign.
While hackers haven’t been as busy in the lead-up to the 2018 midterm elections as they were,and DHS — which is tasked with keep their systems secure — warn that hackers are still active in their efforts to breach election infrastructure.
“The intelligence community continues to be concerned about the threats [toward] upcoming US elections,” Dan Coats, director of national intelligence, said at a press briefing in August, “both the midterms and the presidential elections of 2020.”
What has been hacked so far?
Most of the hacks that have come to light have either been unsuccessful or limited in their reach. During a Tennessee primary election for county mayor in May, a hacking approach called aflooded . The page went down just as polls closed on election night. A more serious DDoS attack could take down pages with important information, like where your polling place is.
There’s also been a campaign of spearphishing emails targeting US senators running for re-election. Three emails sent to staffers of US Senators. One of the targets was Missouri Democrat Claire McCaskill, but it’s not clear who the other two targets were.
Florida Senator Bill Nelson, also a Democrat, said he’d learned of ain the state — though officials who run the state’s elections disputed that claim.
Securing the voting infrastructure
Hacking experts are trying to make electronic voting machines more secure. That’s good, because the machines are notoriously. Experts say the main thing protecting voting machines from a large-scale attack is that they don’t connect to the internet, so most vulnerabilities can only be exploited by hackers who have physical access to the machines.
A group of “white hat”for vulnerabilities this summer at the annual Defcon event in Las Vegas. they hoped the Defcon hackers would identify even more issues than they did in the previous year’s effort. They got what they asked for when the hackers released a report in September. It said the vote-counting machines its experts tested were vulnerable, allowing hackers who breached them to “flip the electoral college.”
Social media gets serious about trolls
Major social media companies have tried to show that they’re. That’s meant rooting out organized campaigns run by users who lie about their identities and giving ordinary users more information about the political ads they’re seeing.
Facebook CEO Mark Zuckerberg hasto fight fake news. It’s also set up to monitor activity on its site around elections and announced it’s partnering with academics to help the company understand the The company also it will block interference in elections there, too.
Facebook calls organized troll activity “inauthentic influence campaigns,” which try to sway political protests in real life and spread misinformation online. So far this year, the company has announced twice that it’s taken down accounts and pages associated with these campaigns, which it saysand . Google also identified that were running an influence operation on the company’s platforms, including its popular YouTube video service.
Facebook hasfor users who manage pages, making them confirm their locations and add extra security to prevent account takeovers. And , and have all announced updates to their advertising policies, including labeling political advertising and identifying who paid for it.
Other tech firms offer solutions
Social media companies aren’t the only ones working on ways to crack down on hackers and online fakers. Microsoft has come up with a way to find and shut downthat try to trick users into entering their Microsoft Outlook login credentials.
Google is alsoto protect campaigns and elections agencies.
Cybersecurity firmits own service to help campaigns and election officials find pages that impersonate them, which can make it harder for hackers to phish victims or spread misinformation under an official banner.
And then there are the secure-messaging companies Wickr and Signal, which are partnering with the Democratic National Committee to provide ways for campaign staffers to communicate with each other that aren’t.
That’s probably a smart idea, because even if a large-scale hacking effort doesn’t materialize in the 2018, it’s clear from what happened in 2016 that campaigns and elections agencies had room for improvement in their cybersecurity measures.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.
Special Reports: Techhnews’s in-depth features in one place.