Election hacking is among the most controversial and hotly-debated topics of today. For good reason too, free and fair elections are one of the major elements that make up a democratic society. It’s one of the tools for a peaceful transition of power in a state.

Hence, if there is any shadow or question about whether the elections were fair or not, it’s liable to plunge the entire state into anarchy. That is why election hacking is such a controversial topic.

State-sponsored attacks

Cyber attacks refer to the deliberate exploitation of computer systems, technology-dependent enterprises, and networks. When a particular nation or state uses cyber attacks to perpetrate another nation’s cyber systems or networks, it is considered a state-sponsored cyber attack. The impact of these kinds of attacks is only growing – according to former CIA director Leon Panetta, the next form of war the US could face was a “cyber-Pearl Harbor”.

State-sponsored cyber attacks can be of different types. According to the context in which it takes place, it can be labeled as cyber campaign, cyber warfare or cyber terrorism.

• Cyber campaign alone is generally used by a state to influence the perception of the citizens of another country regarding the policies or actions of the former.
• Cyber warfare utilizes techniques of defending and attacking information and computer networks that inhabit cyberspace, often through a prolonged cyber campaign or a series of related campaigns.
• Cyber-terrorism, on the other hand, is “the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population.

The entire objective behind all these different types though is the same: damaging critical infrastructures and computer systems

Pre-Voting Manipulation

Create chaos and hostility. That, in a nutshell, describes the strategy used to manipulate agendas before electors go in to vote. This is basically a communication strategy using digital channels. It is subtle and can often go unnoticed. Basically, external hackers look to sow discord and create confusion in the minds of the voters. The Cambridge Analytica scandal was an important example. Using data collected of thousands of Facebook users, specific ads were showcased to targeted users.

There was also the hacking of emails from the DNC, mentioned earlier, which is also part of the tactic of manipulating voters. Another common tactic which is a part of this strategy is spreading fake news, whether in the form of tweaking a new report or deliberately spreading lies.

Manipulation of Votes and Voting Machines

This is a more direct way of hacking elections. Hackers basically manipulate voting infrastructure, whether voter logs, voting software and machines to influence elections. There have been many allegations, in the US and other countries that voting machines have been used to rig elections. While these have been strenuously denied, the fact remains that it is a distinct possibility.

It was alleged that Russian hackers tried to delete or alter voter data in systems in a total of 39 US states. It has also repeatedly been proved that voting machines can be exploited – at a DEFCON hacking conference, a voting machine used in 18 states was hacked in two minutes.

Causing Disruption

The third strategy is causing disruption before, after or during Election Day. This could be in the form of deleting or corrupting voter logs, causing substantial delays. After the 2016 US Election, the country’s Department of Homeland Security revealed that it had notified 21 states of Russian efforts to hack voter registration files or public election sites. Personal information for thousands of voters was breached in Illinois while a breach of a smaller level (username and password of a single official) happened in Arizona

In a similar vein, Distributed Denial of Service (DDoS) attacks are also urged to target election-related websites to cause disruption. One such attack caused a result-reporting website to crash during a municipal primary in Tennessee along with two DDoS attacks on Democratic campaigns. A DDoS attack also occurred on a website opposing a Mexican presidential candidate during a debate in 2018 while Russian officials claimed they also suffered a similar attack.

Elections coming under scrutiny are dangerous for the entire world as it could incite violence and uncertainty. Important elections are coming up in many different countries, including India’s General Election in 2019 and it is up to the election officials to ensure there is a fair and free vote without interference from external forces. Considering India’s neighborhood, its place in the world as among the fastest-growing economies and the number of non-friendly actors around it (China, Pakistan, etc.), the chances of state-sponsored cyber attacks can be high.

Seqrite is the enterprise security brand of Quick Heal Technologies Ltd., which offers
world-class enterprise cybersecurity solutions.

This is the first article in the #SeqriteOnElectionSecurity series. Watch this space to get more updates on the protection of citizens and voting infrastructure from cyber threats during elections.