No matter what your stance on the U.S. election, from Clinton’s use of a private email server to the hack on the Democratic National Committee (DNC), it’s clear that cyber security is playing more of a role in politics than ever before.
As the dust settles and post-election concerns over fake news continue to surface, it’s important to realise just how easy is for nation state attackers to influence the political process.
At the voting booth, vulnerabilities run rampant
It’s commonly accepted that there are flaws in the infrastructure used for voting, given the number of vulnerabilities and the poor cryptology present in voting machines.
In fact, 95% of security pros question the security of election booths. Even after the America Vote Act 2002 pledged $4 billion to upgrading voting machines, at least 278 vulnerabilities have been disclosed in the systems.
At first, it’s hard to believe that the systems that determines the future of our democracy could be so unsecure.
However, the reality is that without a standardisation policy across the different states, the sheer variety of infrastructure has become so convoluted, it’s just as difficult for hackers to crack as it is for security pros to fix.
Additionally, the hackers would need to have plenty of people on the ground to manipulate a great number of machines; they would have to know exactly which states to attack, and the number of votes they needed to manipulate for it make a difference.
It might be easy to compromise an individual voting machine, but to compromise a large number of them is practically impossible.
Humans are the real target: the battle for hearts and minds
Considering the technical challenges involved in directly manipulating the vote, hackers have developed other means to try and influence the outcome of a political event: influencing the public before they cast their vote.
As is the case in many cyber attacks, hackers have decided to target the weakest link directly: humans.
Just like with a common phishing attack, manipulating social media users by sharing false news relies on the fact that humans make mistakes.
Whether it’s a link to a malicious site or an eye-catching fake headline, we are inherently curious and will act without thinking or fact-checking at times when we are busy.
Once someone has skimmed past a headline stating that ‘Pope Francis Endorses Trump’ or ‘Hillary Sold Weapons to ISIS’ (these were reportedly the two most commonly shared fake headlines), a malicious seed has been planted that has the potential to influence a voting decision.
Human nature dictates that we are likely to take the bait without properly evaluating the source.
This problem is exacerbated by the ease in which social media can be manipulated to reach a vast number of people online.
Evidence suggests that in the run-up to the election, 39% of Trump’s and 37% of Clinton’s Twitter followers were bots.
These automated bots share misinformation seeking to influence a voter’s decision.
For example, the #TrumpWon hashtag became highly popular, and trended after first debate – but it began as a bogus online tag, and many of the polls supporting it were heavily influenced by bots who were sharing the slogan. In fact, the hashtag was first seen in Saint Petersburg, Russia.
In an increasingly connected world, cyber attackers have more power than ever to influence the actions – in this case votes – of people in different countries.
Politically motivated hacking groups are using this, coupled with the immense power of social media, to bring the integrity of the government, the press and the public into question.
Information warfare is a threat to democracy
While this kind of cyber warfare was pioneered in Russia, it is already happening all over the world.
The Turkish government have hired a number of users to build a social media information army.
Twitter bots for the Venezuelan President Nicolás Maduro boosted him to become the third-most-retweeted figure in the world.
In the fortnight leading up to Brexit in the UK, 15% of 314,000 accounts that tweeted were automated.
Social media manipulation will continue on a huge scale, and anything that taints the electronic public sphere in this way should be considered a threat to democracy.
In the security industry, there are technologies available to combat human error and keep people safe from malicious activity online, but no solution to date has been able to successfully prevent internet trolls and bots from misleading members of the public.
In a post just after the election, Mark Zuckerberg recently recognised this issue, calling it “complex, both technically and philosophically”, and pledged to improve the way Facebook verifies news sources.
While social media platforms struggle with the challenge of verifying sources without limiting freedom of speech, people must rely on trust to reduce the impact of targeted misinformation.
Restoring trust to democracy
You can only get by in any given day by trusting others. Democracy is built on this principle. Alas, it’s now being challenged.
Anything that causes us to distrust what we’ve traditionally relied on for truth has the potential to cause significant harm to the institutions that protect and serve our country.
The information age has given the population access to more facts than ever before, but also more fabrications, for now at least, it’s up to every individual to distinguish between the two.
Sourced by Simon Crosby, CTO at Bromium