Many Americans and citizens in nations beyond have a long list of worries that only seems to grow as the midterm elections approach in November of this year. However, while issues like gun violence, immigration crackdowns and women’s rights understandably weigh heavily on many minds, there is a host of cyberattacks and incidents set to threaten the democratic process that can’t be overlooked in this time of turmoil.
Here’s a rundown of three of the leading election-related cyber issues and what you as a voter or activist can do to help neutralize the threat.
In an election cycle, information is power. Conversely, the inability to access or share information is a loss of power. This is where DDoS attacks on candidate and campaign websites come in.
If you’ve seen the headlines about, say, a massive Russian or other state-sponsored botnet and wondered what the groups behind them are doing with networks of hundreds of thousands compromised computers and devices, well, DDoS attacks are one of the main answers. Distributed denial of service attacks take all the traffic that can be generated using those computers and devices and aims it at a target website or online service to take it offline and leave it inaccessible. These attacks were famously used in the 2016 US presidential campaign with both Hillary Clinton and Donald Trump’s websites targeted. One of the most effective uses of this underhanded tactic was during the run-up to the Brexit election when the voter registration was taken down, keeping potential voters from being able to register to vote. Given that the yes vote won with just 51.9% of the vote, every vote mattered. DDoS attacks were also recently used to rattle nerves in the Mexican presidential election. Russia has been linked to attacks during the US presidential election, Brexit and the Mexica presidential election, among others.
Anyone in a position of power when it comes to the security of these sites needs to be aware that professional cloud-based DDoS mitigation is a must. However, most voters and activists are obviously not in that position of power. In order to counter the effects of these attacks, the essential information on these websites – anything from candidate and platform information to instructions on how to get registered to vote – needs to be widely disseminated across a variety of websites and platforms, including social media, so that other voters and citizens can easily become informed regardless of attack attempts.
Don’t bother scrolling back up, this is not a mistake. Russian bots are their own separate issue from Russian botnets. “Russian bots” as we’ve come to know them are those automated programs that take the form of Twitter and other social media users that seek to influence opinion and, ultimately, the election by retweeting select hashtags and topics or downvoting or upvoting opinions that either conflict with or agree with the bot controller’s opinion.
To those who aren’t typically engaged in political conversations online, this may sound silly. However, as mentioned above, in an election cycle information is power, and these bots are putting information in front of the eyes of tens of millions of Americans with great ease. Further, the sheer number of bots on a platform like Twitter is shocking. Twitter suspended 70 million suspicious accounts in May and June of 2018 and are still averaging one million account suspensions per day.
The fight against bots feels like an insurmountable one, but if you’re serious about trying to keep the political discussions amongst real live people, you can do your part in the bot battle by 1) not wasting your time engaging with bots and 2) reporting accounts you suspect of being a bot. If an account has nothing but retweets or reposts, posts in response to trigger topics (gun control, terrorism, political scandals) more quickly or more prolifically than you would think a human could, and is largely only active around election times and during other major events, it’s probably a bot.
Data breaches and leaks
Online voting isn’t available in major elections in the United States currently. For good and obvious reasons. Even so, if you’re a voter, it’s very likely that your information is stored in multiple databases online. This means it is susceptible to both data breaches perpetrated by malicious actors, and accidental data leaks by the organizations storing the information. Just ask the 198 million US voters who had their data exposed when the Republican National Committee stored what should have been internal files on a publicly-accessible Amazon server.
Chances are you’re not Ron Swanson and you haven’t managed to hide your information from the government and all its related agencies and organizations your entire life. Be aware of the risk, watch the news for leaks and breaches, and if you’re affected, take the necessary steps: find out exactly what was leaked, change your passwords (even ones that weren’t leaked in case you have password overlap), and sign up for an identity-monitoring service if you’re worried. This is a worthwhile investment if your social security number has been leaked. Depending on who is responsible for the breach and how much responsibility they’re taking, you may be given free access to identity monitoring.
Vote for change
There’s plenty that needs to be done by the powers that be when it comes to protecting voters in the United States. However, it could be a long time before those powers figure out exactly what needs to be done and how they’re going to do it in order to stop the significant cyberthreats infiltrating elections. Until that time, voters and activists need to be aware of these issues and be proactive in their response to them. The American people should be the ones deciding America’s future, nyet?