Hackers are using malware to find vulnerabilities in U.S. swing states. Expect cyberattacks.
The Pentagon has launched a preemptive strike against the Russian hackers who may have attacked the 2016 presidential election with social media influence campaigns. Numerous initiatives, including Harvard University’s Defending Digital Democracy Project, have educated officials on how to fortify elections against cyberattacks and encouraged social media companies to take down fake accounts. Despite these efforts, 67 percent of Americans consider that a foreign influence campaign, either by Russia or other governments, during the midterm elections is “very or somewhat” plausible.
Their worry might have some basis. There’s another threat that few have worked to defend against: malware, or malicious software, designed to steal, deny or alter information. And our research strongly suggests that these attacks are underway in U.S. swing states, as we explain below.
Malware has been used to attack other nations’ elections
Malware seeks to steal, block or alter data. It’s the kind of code used to steal your passwords or credit card numbers. And it can also steal your vote.
It’s recently been used in a number of other countries. With Comodo Cybersecurity malware detection data, for instance, we measured the spread of different malware types before and after the 2018 presidential elections in Turkey. The figure below shows the order in which various types of malware appear — which tells us how they are working to influence an election.
Malware detection in Turkey during its 2018 election
How does this work?
Let’s look at such campaigns step by step. Computer hacking and human hacking both begin with reconnaissance. Who are the targets? Where are they? What are they doing? Are they open to influence? Intimidation? Every country is different. To gather information about a very large group of people, hackers have figured out that the quickest way is to use an application that a high percentage of the targets already have installed, are willing to install, or are forced to install on their computers. Ironically, one tool for this operation could be voter registration software.
Computers are complex machines. Hackers take advantage of this with novel attacks that are hard to predict. In one case, Amnesty International began tweeting Nazi propaganda after someone hacked its “Twitter Counter” — a third-party program used to analyze Twitter followers. Such “malicious” applications can be used for anything, from collecting background information on likely voters to directing their browsers to political websites.
In Turkey, the blue line shows a massive spike in the detection of malicious applications, which came six days before the call for a snap election. Next came wave after wave of computer worms (shown in green), used to distribute more serious malware like computer trojans. The orange line shows Comodo’s trojan detections in Turkey, which occurred on June 21 — three days before the election.
“Trojan” computer programs can give remote attackers full control over a victim computer. Through them, hackers can steal data, such as email; deny data, as in deleting email; and alter data, such as changing what’s in an email. An attacker could send a user to a certain website or deny access to another website. In countries that allow online voting, the vote could be changed.
The malware detection timeline we found for Russia, below, is nearly identical to what we found in Turkey. First come computer and human reconnaissance via application; then, targeted malware dissemination via worm; and finally, information operations via trojan, doing anything from passively gathering intelligence to actively influencing votes.