Defend Voting Systems Against Cybercrime

Defend Voting Systems-blog

Last November, about one month before a national election in the United Kingdom, cybercriminals attempted to cripple the two main political parties with back-to-back distributed denial of service (DDoS) attacks. According to the UK’s National Cyber Security Centre, attackers flooded the sites with malicious traffic. Fortunately, those sites were able to withstand the attacks, because they had DDoS mitigation systems in place. Unfortunately, this is no guarantee that cybercriminals would be stopped if they launched similar attacks in the United States.

In fact, cyber criminals may have already launched attacks in the US, albeit only at state, not federal targets. Over the past four months in Florida, Wisconsin, and New Jersey, citizens have been frustrated by website crashes that interfered with various aspects of voting, including; their ability to obtain an absentee ballot for a presidential primary, find out their local polling places, or even registering to vote in the first place. Even if election officials may not have been able to determine the cause of their website crashes, it’s very likely that cybercriminals were the culprits. Were those crashes due to DDoS attacks? We don’t know; there was no public explanation for the cause of the site crashes, and maybe the governing officials were unable to determine exactly how those website problems occurred. But one thing is for sure; it is much too easy for DDoS threat actors to launch an attack, whether on a candidate’s website, a voter registration site, or online voting system.

Motives of DDoS criminals

Cyber criminals are typically motivated by politics, monetary gain, or both. Conceivably, a nation-state (such as Russia, Iran or China) could carry out a variety of attacks, including DDoS, either by using internal government staff or, by secretly hiring cybercriminals. Or, a political candidate could use a DDoS-for-hire service to sabotage the website of their opponent. The technology to launch DDoS attacks has become more sophisticated, more powerful and, at the same time, cheaper and simpler to use, to the extent that little to no hacking knowledge is required to launch extremely damaging attacks, for just a few tens of dollars.

Methodology of DDoS attacks

Cybercriminals have a variety of weapons in their arsenals, for extorting ransoms, exfiltrating valuable data, or disrupting operations. Sometimes they use several weapons against one victim. For example, a threat actor may launch a sub-saturating, state-exhaustion DDoS attack that impacts infrastructure devices or servers running applications and services. They may then rely on that attack to mask more nefarious activity which could result in a security breach. Surprisingly to many, the vast majority of DDoS attacks are not high-volume attacks intended to overwhelm Internet connectivity, even though it is becoming easier for bad actors to leverage IoT-fueled botnets to launch massive attacks that are multiple terabits per second in scale.

Ways to defend against DDoS attacks

To avoid impact to the democratic process, election officials should prioritize the implementation of automated, real-time DDoS protection; they can choose from a variety of  DDoS mitigation options, from on-premises to cloud protection, with an increasingly popular approach being to subscribe to DDoS protection-as-a-service (DDPaaS) from an Internet Service Provider.

The US election season is gearing up into full swing, starting with the Democratic and Republican conventions this month, followed by more local primaries, then the November general elections. At the time of writing (August 20), there are 74 days until the presidential election; that’s a relatively short time to ensure that all voting systems are safe from cyberattacks.  If local election officials haven’t already taken time to make their registration and ballot systems safe from cybercriminals, they certainly should do so as soon as possible.

For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here.  If you’d like to learn more, please contact us.

Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.