By Faith Karimi, CNN – October 20, 2020
As the US grapples with an election season rampant with mistrust and conspiracy theories, federal officials are warning Americans about threats to undermine the integrity of the vote — and how to avoid them.
Mail-in ballots, massive turnout and the pandemic could combine to delay the outcome of this year’s presidential election, providing a wide window for scammers and others to spread false information.
Social media is again populated by false election claims. Adding to the confusion, Microsoft says Russian, Chinese and Iranian hackers have targeted people and organizations involved in the election.
“A significant number of Americans appear susceptible to believing unproven claims,” Daniel A. Cox, director of the Survey Center on American Life and co-author of a report on US conspiracy theories, said in a statement. “Politically motivated conspiracy theories find a receptive audience among both Democrats and Republicans.”
Both the FBI and the Cybersecurity and Infrastructure Security Agency, which protects the nation’s infrastructure, have reassured voters that they’re working to protect the election’s integrity.
But the two agencies are urging Americans to keep an eye on the following threats:
The stakes in this year’s election aren’t just high in the US. “Foreign actors” and cybercriminals may try to discredit the results by spreading disinformation, the FBI and CISA say. These false claims could include reports of ballot fraud, cyberattacks targeting election infrastructure, and other related issues that could make voters question whether the election is legitimate, federal officials say.
Hackers may also spread false reports that they obtained and leaked US voter registration data. But don’t worry, the feds say.
“In reality, much US voter information can be purchased or acquired through publicly available sources,” both federal agencies say. “While cyber actors have in recent years obtained voter registration information, the acquisition of this data did not impact the voting process or the integrity of election results.” Public leaks of voters’ information do occasionally happen. In 2017 the personal information of almost 200 million registered US voters was accidentally exposed online by a Republican analytics firm.
Foreign governments have used pseudo-academic online journals to spread false information in the past. And they may use them again to try to influence the outcome of the election, the FBI says. Such fake online journals could express support for specific candidates, allege voter suppression, amplify reports of real or alleged cyberattacks on election infrastructure and assert voter fraud, federal officials say. Foreign actors employ social media and other online platforms to increase the journals’ global reach and give them credibility. “Such sites could be employed … to manipulate public opinion, increase societal divisions, cause widespread confusion, discredit the electoral process and undermine confidence in US democratic institutions,” the FBI and CISA say.
Cybercriminals have mastered the art of spoofing email domains. During elections, they use that to fool people into thinking that websites or emails are legitimate, federal officials warn. “Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses,” the FBI says.
These crooks set up fake domains by making small changes to words (“electon” instead of “election”). Or they masquerade as official government sources but use an alternative domain, such as a dot.com instead of dot.gov site. Even so, “if cybercriminals were able to successfully change an election-related website, the underlying data and internal systems would remain uncompromised,” the FBI and CISA say in a joint report.
Criminals also have tried to target election systems, federal officials say. While that can slow a system or make it temporarily inaccessible to election officials, it does not prevent voting or the reporting of results. “The FBI and CISA have no reporting to suggest cyber activity has prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information,” the agencies say in a statement.
“Any attempts tracked by FBI and CISA have remained localized and were blocked, minimal, or easily mitigated,” the agencies say. Federal officials say such attempts would be difficult to conduct undetected. And even if hackers did succeed in affecting voting, election officials say they have multiple safeguards and plans in place. They include provisional ballots so registered voters can cast ballots and paper backups.
The federal agencies are providing tips on how to beat these scams:
While voters should be concerned about election threats, they should not be worried about the integrity of their vote, said Allyn Lynd, a senior adviser at CRITICALSTART, a cybersecurity company in Texas. “The US Election Assistance Commission — a federal agency that serves as a resource for election administrators and vendors — conducts testing and certification of voting machines,” he told CNN. But if anyone believes their vote has been tampered with, they should notify election officials at their polling place and report it to federal agencies such as the FBI. “The public should be aware that election officials have multiple safeguards and plans in place — such as provisional ballots to ensure registered voters can cast ballots, paper backups, and backup pollbooks — to limit the impact and recover from a cyber incident with minimal disruption to voting,” Lynd said. The best protection to ensure a vote is correctly recorded, counted and tabulated is a paper trail showing all those steps, he said. See the CNN article
CRITICALSTART® and MOBILESOC® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Cyber Operations Risk & Response™ platform, and Trusted Behavior Registry®. Any unauthorized use is expressly prohibited.