Search This Blog

Showing posts with label US Elections. Show all posts

Ahead of U.S. Presidential Elections, Experts Express Cybersecurity Concerns

 

From the start of this year, according to government agencies, the 2020 U.S. presidential election was said to be one of the "safest" elections to be conducted to date. Compared to the 2016 U.S. elections, voting machines are almost risk-free; the systems leave no trace of the paper record's history. Also, this time, the government has gone all-in to ensure election security from criminal actors. Chris Krebs, director of DHS (Department of Homeland Security) cybersecurity, in an election awareness video said he's never been more sure of a safe election than this. 

Security officials released the video last month, informing about election cybersecurity. However, the harsh reality is, the Russian cyberattacks during the 2016 elections have not entirely disappeared. To avoid the recurrence of that episode, experts suggested that the government spend billions of dollars building a robust cybersecurity system; however, Congress spent only a fraction of that. Meanwhile, social media companies dominate control over influence operations and propaganda on social media; the government seems to take no action. Cybersecurity experts insist the social media is still spreading fake news, and American users in some way have helped the spread of this fake news. 

Potential Vulnerabilities 

According to NPR, "experts agree that actual votes themselves would probably be the most difficult part of an election to hack successfully. The problem has only gotten tougher. In 2016, nearly 28 million voters cast ballots that did not have a corresponding paper trail: a major cybersecurity red flag." Meanwhile, almost every American suspects that some foreign foe may impact the vote count; no evidence suggests that such a thing happened in the 2016 presidential elections. It includes the incident where Russian hackers breached into the registration databases. 

"Stark says that the way officials can demonstrate through public auditing is a process that not every state uses. Even among the countries that do some audit, only a few do what is considered the "gold standard" of post-election audits, called risk-limiting audits. Sen. Ron Wyden, D-Ore., has proposed legislation to mandate such audits nationwide, but election reforms have gained little to no traction with the Republican-controlled Senate," says NPR.

U.S Elections: Spammers Use Fake Voter Registration Forms To Steal User Data and Banking Credentials

 

As the U.S. presidential elections are approaching, the hacking and spamming attacks related to it are rising. In a similar incident, hackers use fake voter registration forms to steal data of the users who access the fake government sites. The voter registration links work as bait, and if the user clicks it, he is redirected to a fake government website. The hacker then steals personal user data, along with banking credentials sometimes. 

"Whatever the intent behind this particular phishing attack, it should serve as a reminder that human beings -- users, employees, citizens, and voters -- are "soft targets" for malicious actors. This is especially true in turbulent times such as the present -- when fear, confusion, and doubt are surging in the run-up to a historic election that happens to fall in the middle of a catastrophic pandemic," says KnowBe4. These phishing campaigns started in September and are still active. 

Cybersecurity firms KnowBe4 and Proofpoint identified the attacks; they say that these attacks are trying to undermine the U.S. government agency's credibility (U.S. Election Assistance Commission (EAC), which is responsible for generating the voter list. The phishing emails have a simple subject line, and it works because citizens feel that they might be left out from the voting list. The phishing campaign uses hacked WordPress websites to host fake websites operated for luring the users. The sites contain incorrect URLs, and if the user fails to notice it, his data can be susceptible to hackers. According to experts, the hackers use a simple template for phishing attacks, and the fake website looks exactly as same as the original government website. 

According to Proofpoint, these spammers have become more aggressive in their recent attacks. They have changed their strategies and now ask for user's data and along with his banking credentials. "Now, as the U.S. election draws closer, many individuals are confirming their voter registration status. Using messages that suggest voter registration is invalid drives user urgency and uncertainty in an election season. We observed the last news from this actor using voter registration themes sent on October 7, 2020. This suggests that the actor may have already shifted to another type of lure," says Proofpoint.

Google Bans Hacked Political Content Ahead of the US Elections, Implements New Google Ads Policy


The presidential elections in the US are near. Keeping this in mind, Google has announced a new policy that will ban ads that advertise hacked political content or propaganda. This new policy will come into effect from 1 September 2020, as per the news available on Google's support page. After the new rule is implemented, the third party players won't be able to purchase ad-space on Google ads, directly or indirectly linked to the hacked content of any political party.

However, ads related to news articles or other pages that contain hacked political material may be allowed. But the news article and the page shouldn't be linked to the political content in any way, says the policy. The violators of this new Google Ads policy (Ad Buyers) will first receive a warning to remove the ad from their account or face account suspension after seven days.


The policy is made observing the 2016 US Elections. 

The new Google Ads policy is made to avoid the 2016 US presidential elections scenario. As we all know, during the 2016 election campaigns in the US, the Russian hackers were able to break into the servers of various political factions associated with the Democratic Party. The breach resulted in data leaks of the Democratic party on WikiLeaks and DC leaks. The attack resulted in biased media coverage and online ads on various social media and platforms that discussed the hacked political content. Google will become the first company to make such a move when the policy is enacted on 1 September.

Twitter, in a similar incident, banned the distribution of hacked content on its platform in 2018 before the US midterm elections. It included not only political content but every other hacked material. It resulted in an unofficial ban of the ads on Twitter, as they need tweets to advertise. According to Google's policy, the following is not allowed: "Ads that directly facilitate or advertise access to hacked material related to political entities within the scope of Google's elections ads policies. This applies to all protected material obtained through the unauthorized intrusion or access of a computer, computer network, or personal electronic device, even if distributed by a third party."