Volatility and uncertainty parallel an era of innovation and opportunity. The US election brought this strange reality that the world finds itself in, to light.
The outcome of an election consumed by division, scandal, social media and nationalistic promise saw Donald Trump assume the presidency on January 20th.
Another topic that pervaded the election – and continues to do so afterwards – was the idea of state sponsored hacking.
Whether considering the exposure of Hillary Clinton’s emails, or the supposed documents Russia had obtained of President Trump, or the notion that a hack could somehow swing the election in favour of a more suitable candidate, it is evident that hacking dominated the election above all else.
Indeed, the US government recently released a report detailing indicators of Russian involvement in hacks during the election.
>See also: Inside the mind of a state-sponsored hacker
Threat intelligence firm ThreatConnect has undertaken further research into the findings of the report and identified multiple additional links to FANCYBEAR, the hacker group behind the DNC hack, helping to confirm the theory.
ThreatConnect used its intelligence on the locations, previous activity and adversaries associated with FANCY BEAR, and its findings strengthen the assertion that Russian hackers were behind the attacks.
But is this notion of Nation State hacking a new phenomenon? Travis Farral, director of security strategy at Anomali has recently been investigating the recent election and discussed with Information Age a number of topics around the subject including, the historical examples of nations interfering with the political affairs of other nations as an attempt at influencing power to their advantage.
He also discussed the the threat to critical infrastructure and potential defensive strategies.
Is cyber interference common or relatively unheard of in relation to elections?
There are certainly several instances of interference with elections via information security angles.
While it still may not be too common, there are enough examples to suggest that it’s far from unheard of.
Take Columbian hacker Andrés Sepúlveda for example, who claims to have used a variety of hacking methods in attempt to influence elections in several Central and South American countries over a ten year span.
In 2008, China was accused of hacking into the campaigns of John McCain and Barack Obama during the US presidential election season.
However, none of the compromised information was released publicly and no detailed attempts to influence or affect the election.
While earlier this year, Cambodia published its national voter list online and soon thereafter unknown hackers prevented access to the list for a period of time.
It is unknown what the motivation or intention was of the suspected attackers but shows that reputational gain may be enough.
Should other nations gearing up for elections – like France – be worried?
There is certainly cause for concern given all the attention around hacking in the 2016 US presidential election. This concern should be greater where there are Russian national interests at stake.
Although, an important consideration that all countries should take is that they shouldn’t be the only adversary to be concerned with. Lone wolf actors, Islamic activists, and other politically motivated actors or groups should also be sources of concern.
Potential targets include political campaigns, election authorities, political parties, and political operatives who might have access to sensitive information.
It seems that hacks can cause minor disruptions to an election, but it couldn’t change the fate of one? Or could it?
This all depends on how elections are managed in a particular nation or state.
If elections are centralised through a single election authority such that compromising a specific piece or handful of pieces could yield changes to election results, then concern should be greater.
If elections are decentralised, as in the United States, then compromising an entire national election is much more difficult.
Which government is responsible for the most state sponsored hacks? (According to the media it is Russia – Ukraine, America, WADA).
I can’t reflect on what is mentioned in the media. As a general rule, I would suggest looking to whoever has the means, motive, and opportunity to try and attack an election.
Given the asymmetric nature of information security attacks, it could boil down to the potential consequences that may keep new players from engaging in these types of attacks.
What types of attacks will hackers typically launch against critical national infrastructure?
This depends largely on the infrastructure in question. Attacks on infrastructures that rely heavily on industrial control systems, such as electricity or water supplies, may focus on disrupting that apparatus and may even be crafted to confuse specific types of equipment.
Regardless of target, the primary method of initial compromise is still phishing emails. What happens after the point of initial compromise depends on the goals of the attackers.
The attacks on the electric grid in Ukraine in 2015 and 2016 serve as good examples of what malicious actors might do when attacking critical infrastructure.
How can it be defended against? If at all….
There are a number of ways to defend against cyber attacks on elections and other critical infrastructure.
Governments should use all the options at their disposal to dissuade, disrupt, and respond to attacks. This includes leveraging diplomacy, retaliatory measures, regulations, and even in extreme cases, conventional warfare.
Organisations and individuals can take steps to defend against phishing attacks, improve credential security, and ensure systems are patch and protected.
Leveraging technologies like two-factor authentication is another way to improve security.
While election authorities should ensure that voting machines are isolated from other networks including the internet and that they are tested for proper operation.
Also, isolating, patching, and protecting databases and other systems associated with vote tabulation is another important step to take.
Most election authorities should already be doing these things. Also engaging in third party testing will help find security holes potentially missed in the defensive measures taken.
Doing all of these things will help provide in-depth protection against attackers targeting elections.