COULD A CYBER-ATTACK ON E-VOTING SYSTEMS AFFECT THE UPCOMING US ELECTIONS?

Yes it can. With the US elections just around the corner, we thought this would be a good opportunity to talk about cybersecurity risks of election processes, as more and more elections around the world, are turning into electronic voting (or e-voting) systems.

The first electronic voting systems for electorates were introduced in the 1960s, with the debut of the punched card systems. E-voting systems have evolved over time as technology advanced, and nowadays include Direct Recording Electronic voting machines, optical scanners, ballot marking devices, electronic poll books and online voting over the Internet.

As with all things digital, e-voting systems are too, exposed to hacking and cyber-attacks. Unfortunately, a successful interference with electronic voting, can jeopardize the democratic process and impact a nation’s fate. In this post we review the different cyber risks to be addressed when running, or considering, electronic voting processes.

FROM EXPLOITING VULNERABILITIES TO TAKING ADVANTAGE OF UNSECURED SYSTEMS

If the e-voting systems have vulnerabilities that can be exploited or if they are unsecured and exposed, malicious actors have what to gain. Hackers can launch cyber-attacks that could compromise the systems’ networks, perform supply chain attacks, place remote access software and modems on the specific e-voting system, which could provide attackers with a port of entry to the system, and more.

While exploring different systems from different vendors, we were able to establish some commonalities in the issues affecting these systems. Many of the vulnerabilities found involved exposed and unsecure ports that could be leveraged by physical attackers; the use of old, outdated and vulnerable software; some vulnerabilities pertained to the use of storage cards and disks that could allow attackers to infect the e-voting systems with malware; and finally, several vulnerabilities exploited cryptographic weaknesses.

Evaluating the risk of e-voting systems providers should be a high priority before elections.

VOTERS DATABASE – THE FRAUD AND IDENTITY THEFT JACKPOT

Another significant risk of e-voting systems is through their access to voters’ databases. A vulnerable or unsecure system can become a gateway to a voters’ database. In addition, if the voters’ database resides in an unsecure location, attackers can gain access to that database using various attack methods. The motivation for this type of fraud and identity theft, can either be in context of the election, to influence results, or in general for other cybercriminal activities.

Our analysts have identified multiple examples of discussions and demand for different voters’ databases on the Dark Web. Access to this type of cyber threat intelligence that indicates such risk to your voters’ database in advance, can help prepare and prevent potential attacks.

Post sharing North Carolina database. Source: Verint LUMINAR

VENDORS’ EMPLOYEES DATABASE – AN ENTRANCE TO TAMPERING?

In addition to vulnerabilities in the e-voting systems, election results can be affected if malicious actors gain access to an exposed or unsecure database of employees’ accounts. In such a case, hackers can use the employees’ accounts to gain access to the vendor’s internal network. With that kind of access, if the vendor is also responsible for creating ballot-definition programming files, malicious actors could interfere with how the e-voting machines apportion votes based on the voter’s selection on the touchscreen or mark on the ballot for some of its customers.

INSIDER THREAT – WHEN AN ELECTION EMPLOYEE GOES ROGUE

The concept of insider threat is not new. We have seen cyber incidents caused by a frustrated employee or an ex-employee seeking revenge. When it comes to employees with access to e-voting systems, there are additional, political motivations involved. During our investigations on the Dark Web, we see discussions about e-voting systems and we have recently come across a specific case, where a poll worker was discussing the technical details of the voting device used at his polling station, mentioning a flaw affecting the device.

Insiders with access to the e-voting systems and the technical knowledge of how these systems work or where they are vulnerable, can become a risk that should be addressed. Monitoring the Dark Web and other threat intelligence activities, can reveal insider threat.

Technical flaw in Dominion ImageCast machine discussed on Telegram by election inspector. Source: Verint LUMINAR

WHAT CAN WE LEARN FROM PAST CYBER-ATTACKS AGAINST E-VOTING SYSTEMS?

Two recent e-voting cyber incidents were the attack supposedly conducted against Russian Blockchain-based online voting systems in June 2020, and the attack against the American vendor VR Systems, ahead of the 2016 US presidential election.

According to reports, Russia’s Blockchain-based voting system was attacked amidst the voting process on the proposed constitutional amendments that took place between June 25, 2020, and June 30, 2020. On June 27, 2020, an attempt to attack the online voting system through an election observer’s node was detected. The reports did not reveal how the attack was carried out. However, although government officials confirmed the reports, they have stressed out that the attack did not result in system malfunction, and that all votes recorded on the Blockchain were valid. In addition, voters reported about other issues during the voting period.

In the case of the 2016 US presidential elections, Russian threat actors were accused of hacking the systems of VR Systems, the US voting systems and software vendor, whose e-voting products are used in eight US states. These are the same Russian threat actors that were accused of hacking the computers of the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and the email accounts of employees involved in Hilary Clinton’s campaign. In mid-2017, a classified report prepared by the US National Security Agency (NSA), about a lasting cyber-attack campaign that targeted elements involved in the US 2016 elections, including the voting infrastructure provided by VR systems, was disclosed to the media.

To conclude, there are multiple types of threats and threat actors devoted to gaining from cyber-attacks involving e-voting systems and e-voting systems vendors. From insiders with access to such systems, through cybercriminals who trade in voter databases, to nation-state hacker groups that employ creative means to influence the democratic process of elections.

Given the fact that many of the e-voting systems are often not regularly updated and risk having vulnerabilities, these systems present a clear cybersecurity risk worldwide. Accurate, targeted cyber threat intelligence has a significant impact, when it comes to preventing e-voting systems cyber threats.

For more information, click here to learn more about LUMINAR.

April 7, 2014 – Hacker Groups Plan a Cyber Operation against Israel

Written by Hila Marudi

In recent weeks, our Cyber Intelligence team has identified Muslim hacktivist group intentions to launch a cyber operation against Israel on April 7, 2014 – one year after the last April 7 campaign that attempted to shut-down Israeli cyber space.

AnonGhost Team was the first to announce on December 23, 2013 that it would launch cyberattacks against Israel on April 5-7, 2014. The group, that initiated the previous April 7 campaign, also published a video entitled “#OpIsrael Birthday” (likely intended as a warning that this campaign will launch annually on April 7).

AnonGhost

Shortly after the AnonGhost announcement, other groups, such as AnonGhost Tunisie (sic.) and the Norwegian Ghost Cyber Attackers opened event-pages on anti-Israel Facebook. In addition, several other groups, such as the pro-Palestinian Fallaga and Virus Noir Ps, were listed as participants for future cyber operations. The main targets are mostly government websites, but we assume that more targets, largely financial, will be advised soon.

OpIsrael

Facebook Event against the World Cup in Brazil

A new trend has emerged – Hacktivist campaigns against high-profile sporting events.

Anonymous Caucasus, also known as “The Electronic Army of the Caucasus Emirate”, an Islamist hacker group, has already threatened to carry out cyber attacks before and during the Sochi 2014 Winter Olympic Games.

The next major sporting event is the World Cup, schedule to take place in June 2014 in Brazil. In recent days Anonymous hackers have launched cyber attacks against Brazilian government websites in protest against the 2014 World Cup.

The hacktivists have also created an event page on Facebook threatening that every Saturday until the beginning of the games on June 12, 2014, they will wage cyber attacks against different websites that are affiliated with the Brazilian government and FIFA, the international governing body of association football.

Thus far, hundreds of people have joined the event and the number of participants will most likely increase during the next months.

Facebook event against the 2014 World Cup
Facebook event against the 2014 World Cup