With the U.S. 2018 midterm election just one week away, elections officials and political candidates have reason to be concerned about cybersecurity. Potential targets could include either a state or local election system, or the websites of political candidates, or voter registration systems.
In particular, they should worry about distributed denial of service (DDoS) attacks because those are some of the easiest, cheapest, most destructive and most anonymous cyberattacks to launch. Political activism is sometimes a motivation for DDoS attacks; such attacks on election systems or campaign websites are not unprecedented. In August of this year Sweden’s Social Democrats' website suffered a DDoS attack. Also, as reported recently in Rolling Stone and The Hill, three Democratic campaigns in California were hacked during the state’s primary elections, one of which was a DDoS attack that is being investigated by the FBI. Another example occurred during a local primary election this past May, in Tennessee. Vox reported that hackers not only crashed the Knox County election website with a volumetric DDoS attack, but used that attack to distract IT security staff from the more dangerous hack: “Like burglars who pull the fire alarm and, in the ensuing chaos, ransack the cash register, the hackers entered through a hole of their own creation, and briefly probed the county’s internal database.”
Finding the culprits behind DDoS attacks is hard to do, because it’s easy for hackers to hide their true identities and locations. IP addresses are no longer a reliable indicator of where an attack has been launched from, as reflection and amplification techniques allow bad actors to reflect attacks off a third party to conceal their origins. The truth is that DDoS attacks can be launched from almost anywhere, and attackers will go to extreme lengths to maintain their anonymity.
In close elections, a few votes can determine the outcome. If a campaign website gets crippled by DDoS at a critical campaign time, the candidate could be at a disadvantage. Furthermore, it’s not just volumetric DDoS attacks that can interfere with a campaign; low, sub-saturating DDoS attacks can be just as, if not more, dangerous because they can serve as a smokescreen to mask insidious malware intrusions in a network.
If it can happen in Knox County Tennessee, it can happen in any municipality, or even at the national level.
It follows then, that DDoS protection should be part of a campaign’s cybersecurity suite. Candidates (and municipal election systems) can’t prevent a DDoS attack attempt, but they can protect their website and networks. Apparently, many campaigns don’t have sufficient IT staff or budgets to provide sufficient cybersecurity; according to The Hill, “A recent McClatchy analysis of Federal Election Commission filings found that only six candidates running for seats in the House and Senate this election cycle have spent more than $1,000 on cybersecurity measures.” However, DDoS protection doesn’t necessarily break the campaign bank. Campaigns could get affordable DDoS protection as a service. through their Internet Service Provider or Hosting Provider.
As the Vox article points out, “It’s these local officials, in Knox County and elsewhere — and not the NSA, FBI, or DHS —who are standing foursquare against cyberattackers this November. It’s as if America’s most ancient civilian office, the local election clerk, has become saddled with new and alien responsibilities tantamount to a military contractor.” Election officials throughout the US (and beyond) would be wise to ask their hosting and Internet service providers about DDoS protection; the DDoS defense technology they need could be right at their fingertips.
For more information about how to protect your network with automated, in-line, real-time DDoS protection, contact us.