Hacking Elections
There are many different motives for hacking an organization. Most attacks are categorized as cybercrime, and this involves credential theft, ransomware or any form of financially motivated attacks. Another form of cyber attacks are classified as cyber espionage and include state espionage and spouse tracking, for example. Cyber war is another motive for attacks, mostly employed by state actors, against other states or internal opposition. However, there is a type of attack that is politically motivated, and it is currently becoming more relevant and efficient than ever: hacktivism.
Hacktivism – a dominant motive for cyber attacks
Hacktivism refers to any attack with a political motive behind it. Hacktivism was responsible for 28% of all attacks in February 2016. This is not unusual, as it accounts for a similar portion of attacks in the recent years. The most infamous group of hacktivists is Anonymous, but it is not the only group out there.
Hacktivists have chosen various targets, often with contradicting political intentions. Usually, hacktivists attack according to their ideological beliefs, focusing on what they view as injustice. It is typical for political campaigns to be highly emotionally charged and bring ideological debates to the surface, so they become often targeted by cyberattacks.
Candidates are a likely target, for any form of attack
Elections tend to emphasize issues that people feel strongly about, providing an incentive to try winning the debate by simply hacking it. Attacks can disrupt the course of an election. Party sites can be shut down by denial of service (DDoS) attacks, preventing them from communicating and receiving funds. Attackers can use botnets, generating fraudulent traffic and artificial support or objection for a certain candidate. Hackers can also steal data from candidates, revealing strategy, voter data, and possibly even hidden skeletons. On top of that, a campaign can be severed by stealing its funds, just like a financial attack.
These kinds of attacks are already happening in election campaigns across the globe. Elections have been targeted by hacks in Russia, Philippines, Bulgaria, Nigeria and even in Fort Myers, FL. Recently, a hacker claimed he was hired to rig elections throughout Latin America for years by employing different tactics, including hacking into opponents’ computers and falsifying support for candidates.
Hacking and the 2016 U.S. elections
Anonymous has already declared war twice against Mr. Donald Trump’s campaign. Hackers acquired Trump’s voicemail messages and leaked them to the media, intending to embarrass him. In addition, hackers have taken down Trump’s website multiple times using DDoS attacks. According to allegations, the same hackers are also behind one of the two thefts of credit card credentials from Trump hotels.
Trump is not alone. Sanders’ campaign fired one of its employees after he took advantage of a software glitch allowing him to access Democrat voter data. To top that, a database containing 191 million voters’ records was leaked online. Voter records are a valuable asset for campaign managers, but they are inadequately protected.
How candidates can protect themselves
Clearly, political campaigns attract various attacks. The notion that an election, or your voting records, can be hacked is a very disturbing one. There are, however, several protections candidates ought to use to stay protected and defend the democratic process. Their prevention strategy should include using advanced sandboxing capabilities, which can detect and prevent incoming malware; solutions capable of sanitizing content before it reaches users; and real-time blocking of Command & Control communications. Since political campaigns face a wide array of attacks, a comprehensive, multi-layered security strategy, should be implemented to safeguard them against the full array of known and unknown threats.