In Georgia, a database that verifies voter signatures was locked up by Russian hackers in a ransomware attack that also emptied voter registration data online.
In California and Indiana, Russia’s most formidable hackers, a unit linked to the Federal Security Service, or FSB, have delved into local networks and hit some electoral systems, although it is not yet known not why.
In Louisiana, the National Guard was called in to stop cyber attacks targeting small government offices that were using tools previously only visible during the attacks from North Korea.
And on Tuesday night, someone hacked into the Trump campaign, degrading its website with a threatening broken English message warning that there would be more to come.
None of these attacks amounted to much. But from Cyber Command’s sprawling war room in the United States to election watchers on Facebook, Twitter, Google and Microsoft, pundits are closely watching more “perception hacks.” These are smaller attacks that can be easily exaggerated into something bigger and potentially seized as evidence that the whole voting process is “rigged,” as President Trump has claimed.
This phrase comes up every time Christopher Krebs, the head of the Department of Homeland Security responsible for making sure voting systems are secure, talks about the biggest vulnerabilities in this election. His concern is not a large attack but a series of smaller ones, perhaps concentrated in swing states, the effect of which is more psychological than real.
Perception hacks are just one of many issues worrying election officials and cybersecurity experts in the final days of voting – and their concerns will not end on election day.
One theory that is gaining traction among US intelligence agencies is that the Russians, having argued that they remain inside mainstream US systems despite reinforced defenses and new offensive operations from Cyber Command, could s ‘be absent next week – until it is clear whether the vote is Close.
The Russian game, according to this theory, would be to fan the flames of state-by-state electoral battles, generating or amplifying allegations of fraud that would further undermine American confidence in the integrity of the electoral process.
The Iranians would continue their playbook, which US intelligence officials see as more vandalism than serious hacking, filled with threats in mutilated English.
Keep up with Election 2020
But US experts have warned local officials who will come on November 3 that the Iranians may seek to cripple or damage the websites of secretaries of state, affecting reporting of results, and creating the impression of being inside. of voting infrastructure even though they never were and the election results were not compromised.
Here’s a look at some of the potential threats and what has been learned so far in a year of behind-the-scenes cyber battles.
Government officials are trying to assure voters that voting machines are difficult to hack on a large scale: they are almost entirely offline. States and counties use their own systems, and the breadth and diversity of those systems, the argument goes, make it nearly impossible for a single attack to target them all.
But that does not eliminate the risk. At the University of Michigan, J. Alex Halderman turned his lab into an arcade of voting machine vulnerabilities and found ways to create “attacks that can spread from machine to machine like a computer virus and silently modify them. election results ”.
Others point out that no one needs to hack every state to wreak havoc. In a close election, an attacker could target Atlanta, Philadelphia, Detroit or Milwaukee and delay reporting the results of an electoral battlefield.
The other weak spot in the claim of diversity as security, according to electoral security experts, is the constellation of contractors who support elections in several states and counties. “The claim that diversity protects the election is a logical error,” said Harri Hursti, election security consultant.
Mr. Hursti is concerned about a scenario in which the ballot scanners could be reprogrammed to read a vote for Joseph R. Biden Jr. as a vote for Mr. Trump or vice versa.
“A single point of failure could compromise the electoral infrastructure in many counties and states,” Hursti warned.
His concern is strictly prudent, but not unheard of. Shortly after the 2016 election, a National Security Agency whistleblower revealed that VR Systems, a Florida company that provided recording software to several states, including critical states like Florida and Carolina North, had been compromised by Russian pirates before the vote. . There is no evidence that they used this access to affect the final vote.
The constant pace of cyber attacks and foreign interference has forced states to put in place safeguards. States have made efforts to print hard copies of voter registration data, and have gradually phased out machines that leave no paper backups.
Mr Krebs said next week about 92% of all votes cast would be “tied” to some kind of paper record, up significantly from four years ago.
But with the increase in the number of postal ballots this year, automatic voting will also decrease as a percentage of the total vote. Thus, the vulnerabilities that the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency focuses on are potential attacks on voter registration, verification and reporting systems, as well as the computer networks of secretaries. Condition or power outages at polling stations.
These types of attacks would not change the number of votes. But, executed with enough skill, especially in battlefield states or key districts within those states, they could be used to cast doubt on the legitimacy of the election.
Some officials still wonder if this was the motivation behind some of Russia’s meddling in 2016, when hackers “scanned” the registration databases of all 50 states, violated systems in Arizona and United States. Florida and made an unusually loud demonstration of voter registration data theft in Illinois. but ultimately did not.
Many of these vulnerabilities have been addressed, thanks to an aggressive campaign by the Department of Homeland Security and the states. But voting is a local affair and vulnerabilities remain, as Florida Governor Ron DeSantis discovered when he went to vote early in Tallahassee, the state capital. Someone – police arrested a 20-year-old from Naples, Florida – had changed the governor’s address to West Palm Beach.
This is why there is so much concern about a Russian group called Energetic Bear. Over the years, the group, seen as a unit of the FSB, has breached US power grids, water treatment plants, a nuclear power plant in Kansas, and more recently web systems at the International Airport of San Francisco.
And from September it began to enter the systems of state and local governments. So far, intelligence officials say they’ve only managed to break through two servers in California and Indiana.
The most imminent threat, officials said, is ransomware attacks that could freeze part of the voting system and delay results.
This shows how concerned intelligence agencies and the private sector are about ransomware that over the last month Cyber Command and a group of companies led by Microsoft decommissioned servers around the world linked to TrickBot, a set of tools used in some of the most sophisticated ransomware operations.
“This is about disrupting TrickBot’s operations during the peak election period,” said Tom Burt, Microsoft’s executive in charge of the operation.
But there is already evidence that the hackers behind TrickBot have turned to new tools, according to Mandiant, a cybersecurity company. Over the past month and a half, researchers found that the same people had led a series of new vicious ransomware attacks that had taken U.S. hospitals offline, just as coronavirus cases were climbing.
“They could use these same tools against whoever they want, whether it’s elections or hospitals,” said Kimberly Goody, cybercrime analyst at Mandiant.
A ransomware attack in Gainesville, Ga., Locked down voter signature verification systems last week, forcing polling officers to do things the old-fashioned way, pulling out registration cards manually and looking at them. signatures.
The attack, which does not appear to have been directed against the elections but destroyed electoral systems as collateral damage, exposed lingering weak spots in Georgia, a key state in the battlefield.
Internal emails have shown Georgia’s secretary of state’s office disabled two-factor authentication in recent weeks, after its election software warped under the deluge of early voters. Two-factor authentication, which prevents hackers from entering systems with a stolen password, has been key to the Homeland Security Department’s election security strategy, and in this case, emails show that the Secretary of State simply disabled it.
Prepare for the consequences
Mr Trump has previously promoted the idea that mail-in ballots would be riddled with fraud and sought to use small glitches in the distribution and return of mail-in ballots as evidence the system cannot be trusted if the result goes against him.
The Agency for Cybersecurity and Infrastructure Security recently released a “public service announcement” about taking care to verify information before believing or reposting it. But as some government officials concede, there is no cure for a president who repeats rumors and unproven conspiracy theories – other than directly contradicting him.
“They followed the line with caution,” said Maine Independent Senator Angus King. “But the real test is coming.”