I’ve noticed that in the past few months of the U.S. Presidential election, there’s been lots of discussion about foreign policy, but not much about cyber security as it relates to government. That trend changed slightly last week, after revelations surfaced that Russia allegedly hacked into the computer systems of both the Democratic National Committee and the Republican National Committee. That news heightened concerns about the potential for hackers to interfere with the upcoming November presidential and general elections. Since then, many pundits, cyber experts, government officials and journalists are speculating about the potential threat of Russia hacking into voter registration systems.
Any disruption to the voting process would be sobering, if not tragic. Fortunately, the American voting system is quite decentralized and many municipalities rely on paper ballots rather than electronic voting machines or Internet voting. The current sentiment is that hackers are less likely to interfere with the actual votes cast, and more likely to interfere with the voter registration rolls. It’s undeniable that hackers could do that. Even a couple of weeks before the news broke about Russia’s hacking into the RNC and DNC databases, Yahoo News reported that the voter databases in states of Illinois and Arizona were breached by hackers.
Here’s How It Could Unfold
What does this have to do with distributed denial of service (DDoS), you may ask? It’s very possible that hackers could launch a low-threshold DDoS attack on a state or municipal computer network, as the first step in breaching voter registration files. People often assume that DDoS attacks are used for the sole purpose of crashing a website or network, to create mayhem. But the fact is that most DDoS attacks are too small to crash a system. That’s not because the attacks can’t be large, but because the primary goal of a hacker is usually not to crash a network, but rather to infiltrate a network and steal sensitive data. To infiltrate a network, hackers must breach basic IT security infrastructure, such as a firewall or intrusion prevention system (IPS). A low-volume, sub-saturating DDoS attack is the perfect “smokescreen” to bring down a network just for a few seconds or minutes, so the hackers can breach the firewall and map the network for its vulnerabilities or install malware.
That malware could then be used to steal data from the network, either immediately or at a later time. Hence, hackers could remove names from voter registration rolls, which would result in 1) longer lines at the polls, 2) voter frustration, and 3) most likely, fewer votes cast. One can imagine a hacker targeting specific states or towns, to influence the voter turnout in that particular district. Even if no hacks occur, it could cast doubt on the validity of the democratic voting results; people may wonder whether a hack occurred, and may claim that an election was “rigged.”
A Step Towards Protection
Smokescreen or “Dark DDoS” attacks usually go unnoticed by traditional DDoS mitigation systems, but can be detected and blocked by automated, in-line, real-time DDoS protection solutions. I’m not suggesting that all cyber threats facing the elections would be eliminated simply by having a DDoS hardware solution in place. Rather, my point is to highlight the fact that DDoS attacks are one of the key weapons in the arsenal of cyber criminals. In the constantly evolving landscape of cyber threats, IT security officials must adopt a multi-layered approach to security. They have plenty of other cyber threats to worry about, but if a DDoS attack isn’t already at the top of their list of concerns, it should be. DDoS protection is a key shield against the onslaught of cyber threats.
It’s well-documented that there have been large and small DDoS attacks on governments and utilities, so it is very possible that a lone wolf actor or a nation like Russia could launch one on a municipal computer network to interfere with voter registration rolls. Let’s hope that doesn’t happen, but let’s not rely only on hope alone.