Be On Alert During Election Season

So far, 2020 has been anything but uneventful when it comes to election processes around the world. From disruptive DDoS attacks to influential campaigns, several countries have already experienced election interfering cyberattacks this year. So, as we head into October, I figured now might be a good time to cover some of the recent alerts and threats related to the upcoming presidential election in the United States.

FBI PIN: 202000204-001

Potential Distributed Denial of Service Attack against State-level Voter Information Website.

This was one of the first election-related alerts for the 2020 election. Back in February, the FBI reported a potential risk for DDoS attacks against state-level voter information websites. This Private Industry Notification came after an undisclosed attack was observed. The threat specifically covers state-level voter registration and voter information websites. These websites experienced a denial-of-service attack known as a DNS Recursive Flood or Pseudo-Random Subdomain Attack (PRSD). The attacks are reported to have been persistent, lasting up to a month, with attacks in two-hour intervals peaking at 200,000 DNS requests during a period that normally would see 15,000 requests.

In September, Radware published an assessment of recent DDoS attacks related to election processes around the world. Throughout the year, several countries have experienced service degradation caused by Denial-of-Service attacks during their election processes. Typically, voting machines were not directly targeted during these attacks. Instead, malicious actors targeted the election infrastructure, reporting websites, and the ISPs themselves. These attacks were specifically designed to delay information such as polling results or to project political instability at a critical moment.

[You may also like: DDoS Attacks Impact the Election Process]

One of the biggest issues about the election process is the digitalization of the process.  With the introduction of technology came a threat landscape that grew larger than some anticipated…or could control. For example, for a Denial-of-Service attack to be successful, there must be a large number of users who are dependent on a service, like digital polling results.

Come November 3rd, 300 Million Americans will be refreshing their browsers all night long trying to load the most recent election results. This bottleneck and peak of traffic on its own could cause a naturally DDoS attack for polling sites on election night. If the malicious actor’s goal is to spread disinformation regarding the 2020 election results, an attack designed to delay or disrupt election results could easily be launched given the increased volume of natural traffic and would cause chaos, driving Americans to look for other unofficial results that might be part of information operations.

Alert Number: I-092220-PSA

Foreign actors and cybercriminals likely to spread disinformation regarding 2020 election results.

On September 22nd the FBI and CISA announced in a bid to raise awareness for a potential threat targeting the United States election in November. The FBI and CISA are concerned foreign actors and cybercriminals will attempt to spread disinformation regarding the 2020 election results. The agencies suspect the increased use of mail-in ballots due to COVID-19 protocols could leave election officials without a complete result on election night. Malicious actors will likely leverage this opportunity to spread disinformation regarding the 2020 election results, voter suppression fraud, or cyberattacks targeting election infrastructure.

[You may also like: Top Cybersecurity Challenges Facing Government Agencies]

Regardless of what happens on November 3rd, not only will foreign actors and cybercriminals attempt to spread disinformation regarding the 2020 election results, but American political radicals might also attempt to spread disinformation about results, suppression, and cyberattacks in an attempt to cast doubts on the legitimacy of their defeat.

One of the major concerns about these alerts and announcements is how they can be chained together. For example, if malicious actors launched a DDoS attack and disrupted polling results, it would give others, or themselves, an opportunity to begin spreading disinformation regarding the 2020 election results or casting doubt about the legitimacy of the election itself.

Even if threat actors do not disrupt polling results, others could spread disinformation about the election results via Cross-site scripting (XSS) attack. For example, through social media, a malicious actor could distribute what seems to be a legitimate and working link to polling results but in reality, the link executes arbitrary JavaScript within the victim’s browsers to display inaccurate election results on what appears to be a legitimate website.

Alert Number: I-092820-PSA

False claims of hacked voter information likely intended to cast doubt on the legitimacy of US Election.

A week later the FBI and CISA issued another announcement on September 28th related to the upcoming election. This time the FBI and CISA are trying to raise awareness about the potential threat posed by attempts to spread disinformation regarding cyber-attacks on the US voter registration databases or voting systems. The agencies report that during the 2020 election season, foreign actors and cybercriminals have been spreading false and inconsistent information through various online platforms in an attempt to manipulate public opinion, discredit the electoral process, and undermine confidence in U.S. democratic institutions. Specifically, narratives suggesting that voter registration data has been “hacked” or “leaked.”

[You may also like: Vulnerable Voting Infrastructure and the Future of Election Security]

In the report, the agencies noted that voter information can be purchased or acquired through publicly available sources. While most of this is known, the biggest concern regarding leaked data is that of political leaders. This kind of data is often dumped weeks before an election and used in disinformation campaigns designed to influence swing or non-voters.

In general, I think it’s safe to say the United States will likely not converge on an instant and uncontested result this year and many doubts will be cast about the legitimacy of the election. Overall, the threat landscape for the United States election has been fairly quiet when compared to 2016. The main concern at this point, as we approach election days, is whether or not we will experience election interfering cyberattacks designed to disrupt the election process and projection political instability as we get closer to November 3rd.

How to Prevent These Threats?

While many are concerned about nation-state disinformation campaigns, I’m growing more concerned about Information Operations becoming more localized. By this, I mean I’m concerned that foreign actors will soon have to compete with mentally and technically savvy voters inside the country they are attempting to target. And while most think election interfering cyberattacks are complicated, I welcome them to read about how Andrés Sepúlveda rigged elections in multiple Latin American for decades. As we evolve, these Tactics, Techniques, and Procedures used to interfere, and rig election will eventually become leveraged by the average voters themselves.

There is no way around it. Humans are the low hanging fruit for election hacking and information campaigns can only be successful if people fall for them.  At the core, the problem is we currently live in a period where people overshare their personal, political, and religious viewpoints. This wealth of information can and will be used against them at some point.

[You may also like: Fake News and Bad Bots: The Next Infodemic Weapon]

Bottom line: If you expect privacy and expect that no one will attempt to manipulate you based on your digital footprint, you likely shouldn’t engage in open political discussion on social media.  

I’ll leave off on a final lesson in OPSEC and how to prevent influential campaigns from impacting you during this election. Limit what you share online. Sometimes we feel empowered to change and influence other’s political point of view, while we are the first to scream and complain about election interference. In general, those that wish to influence do not want to prevent you from oversharing, they will encourage you to speak up and express opinions to expose you and make you vulnerable… so eventually they can flip the coin an influence you.

If they do not know your position, and you do not overshare, attempts at influencing you will become powerless.

Download Radware’s “Hackers Almanac” to learn more.

Download Now

Daniel Smith

Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center