U.S. cybersecurity experts are bracing for possible attempts to attack the midterm election by Russia or another adversary hoping to engineer a disruption that casts doubt on the integrity of the vote.
Interference may range from altering websites used by state and local election authorities, to spreading propaganda through social media, to hacking at polling places intended to complicate the casting of ballots.
“Anything that would drive uncertainty across the voting public -- that’s probably the area that we’re going to see some activity, if we were to see anything,” Christopher Krebs, a deputy undersecretary at the Department of Homeland Security, said in October, describing possible threats “a day before or two days before” the election.
He added that there’s no intelligence indicating “a significant campaign afoot,” and that there’s been less activity in the lead-up to the election than there was in 2016 -- an assessment that private sector and academic experts share.
Still, West Virginia Democratic Senator Joe Manchin’s office announced Thursday that its social media accounts had been compromised, the latest indication that U.S. politicians and the election systems that put them in office continue to be a target.
Federal authorities responsible for securing elections, popular social media platforms, and private companies that specialize in detecting and preventing hacks face the first real test since 2016 of whether the U.S. can defend against foreign interference in its vote.
Since Russian hackers meddled in the 2016 election with strategic hacking and leaking, as well as a covert social media campaign aimed at electing President Donald Trump, social media companies, cybersecurity firms and federal and state officials have sought to enhance U.S. defenses against election interference.
Threat detection and information-sharing has been improved, while social media companies have cracked down on disinformation campaigns. The Defense Department has obtained approval to support the Department of Homeland Security response to a “significant incident for elections,” said Ed Wilson, the deputy assistant defense secretary for cyber policy, at an event last week.
But the U.S. election system, spread across more than 50 states and territories that operate autonomously, remains vulnerable. And Krebs said in October that there’s been “a consistent and persistent level of activity,” ranging from scanning of networks to phishing campaigns.
“There’s still a variety of opportunities for threat actors, including Russia, to mess with us, and I think that we need to remain vigilant,” Dmitri Alperovitch, chief technology officer at the security firm CrowdStrike Inc., said at an event hosted by the New York Times on Oct. 30. “I’ll certainly sleep better at night the day after the election -- but not a moment sooner.”
The software security firm McAfee Inc. published a study in October that examined county websites in 20 states. It found that the majority were “sorely lacking in basic cybersecurity measures that could help protect voters from election misinformation campaigns.”
Hackers might use phishing attacks, where internet users are tricked into handing over their passwords, to gain login credentials for websites with information on voting or polling places.
“One of the most critical aspects of the election process is how citizens get information on where to vote, how to vote, and what the issues and candidates are,” said Steve Grobman, chief technology officer of McAfee when the study was published. “This is yet another major avenue that attackers could focus on.”
While Twitter and Facebook have heightened their defenses against the kind of fake information the Russians used them to spread in 2016, their systems are not foolproof. Hackers might try to break into the accounts of election officials to spread false information on Election Day, create fake accounts to impersonate candidates or officials, or spread falsehoods.
To detect activity by malicious bots, social media companies have built political ad archives, hired fact checkers, removed problematic pages, and created algorithms. Influence activity appearing to emanate from Russia and Iran have nevertheless been found this year on Facebook, Twitter and YouTube.
Senators Mark Warner of Virginia and Amy Klobuchar of Minnesota, both Democrats, wrote to Facebook Chief Executive Officer Mark Zuckerberg on Nov. 1, urging him to “promptly address” reports “that Facebook’s new security tools allow users to intentionally misidentify who purchase political ads on your platform.”
In that vein, experts believe that any election interference on Tuesday would be aimed at creating the appearance of a tainted election, rather than changing actual vote counts.
“My best guess is that there is not great benefit to Russia in interfering in a major way with the vote tabulation this time,” Ben Buchanan, a cybersecurity expert at Georgetown University, said in an email.
One of the most alarming and damaging attacks -- even if it’s small in scope or ineffective -- would be attempted hacking of other elements of polling stations, such as voter registration databases.
Adversaries could also interfere with the transfer of data from polling stations to tabulation systems, creating significant delays in calculating results, said Ron Bushar, a vice president of the security firm FireEye Inc.
Besides polling stations, a hack aimed at altering the data used by television networks for projections may create inconsistency between media predictions and official outcomes -- a tactic aimed at generating doubt among voters, said Herb Lin, a cybersecurity researcher at Stanford University.
A well-executed attack on a small target, such as a key district, could take weeks or months to detect, he added. “If you don’t detect anything, does that mean there’s nothing bad happening?”
It’s also possible that hacked material will be used against candidates, which can be targeted at a few key races and may not get attention before polls close, Brett Bruen, president of the consulting firm Global Situation Room, said in an email to reporters. The risk isn’t over when the balloting is done, Bruen said.
“The top priority for Russia remains to keep us distracted with domestic divisions, while Iran, which will have just been sanctioned by the Trump administration, is likely to look for opportunities to strike back,” Bruen said.