Artificial Intelligence & Machine Learning , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
As Elections Loom, So Do Adversaries' Influence Operations
US, UK, South Korea and India Most Targeted for Election Interference, Experts WarnElections across the globe this year mean the possibility for voters to express their will - and for hackers to subvert those decisions as attackers gather the means to influence elections or otherwise interfere via physical, cyber or operational means.
See Also: The SIEM Selection Roadmap: Five Features That Define Next-Gen Cybersecurity
More than 1 billion people across more than 50 countries - including the United States, the United Kingdom and India - are due to hold elections this year. And government officials and security experts are warning that adversaries have already been refining tactics, including using artificial intelligence tools, not least to create audio and video deepfakes.
Experts say the four nation-states that pose the biggest cyber risk to American national security - Russia, China, Iran and North Korea - also pose the most risk to the integrity, or perceived integrity, of elections.
"For years, America's adversaries have targeted U.S. elections as part of their efforts to undermine U.S. global standing, sow discord inside the United States, and influence U.S. voters and decision-making," says CISA's #Protect2024 web page. The U.S. Cybersecurity and Infrastructure Security Agency is the lead federal agency tasked with securing the nation's elections infrastructure. "We expect 2024 to be no different," the page says. "U.S. elections remain an attractive target for both nation-states and cybercriminals."
The U.S. intelligence community, in a recently declassified report on the 2020 elections, defined election influence as including "overt and covert efforts by foreign governments or actors" - or those operating on their behalf - "intended to affect directly or indirectly a U.S. election."
The report says that beyond America's major cyber adversaries, "a range of additional foreign actors - including Lebanese Hizballah, Cuba and Venezuela - took some steps to attempt to influence the election." Cybercriminals also disrupted "some election preparation," though this was likely a byproduct of their "financial motivations."
A new report from Tidal Cyber, a Washington startup that builds a threat defense platform, says 10 countries are facing the greatest number of groups and capabilities designed to perpetrate cyber interference. They are the U.S., the U.K., South Korea, India, Belgium, Pakistan, Belarus, Mexico, Georgia and Indonesia.
Cyber interference can lead to "data access/exfiltration, amplification of influence operations, or potential electoral disruption or manipulation," the company's director of cyber threat intelligence, Scott Small, said in the report.
Of all countries holding national elections this year, Pakistan, Indonesia, Venezuela, Uzbekistan, India, Belarus and Ethiopia face heightened risks because of the poor quality of the digital infrastructure supporting their electoral processes, Small said.
2024 Interference Already Underway
Election influence operations have already begun this year, including against the U.S. "The 2024 election is now officially underway - and we have concerning evidence of continued foreign influence in our elections," Sen. Mark Warner, D-Va., recently said in social media post.
Other targets include Taiwan, which charted a massive surge in cyberattacks, attributed to China, before its Jan. 13 national elections. Ahead of Indonesians going to the polls on Feb. 14, the country last November suffered a massive voter roll data breach that raised questions about the country's preparedness.
New technology gives attackers previously unavailable capabilities and reach. In January, multiple New Hampshire residents received a robocall featuring the deepfaked voice of President Joe Biden, urging them to stay home on primary day. State officials said they had traced the call to a Texas-based organization and a telecommunications provider also based in the state.
On Thursday, the U.S. Federal Communications Commission voted unanimously to ban unsolicited robocalls that contain voices generated using artificial intelligence.
Bans can only go so far. Tech support scams, via which fraudsters - often located overseas - phone victims and socially engineer them into sharing their bank account or credit card details, continue to thrive despite being illegal.
Anyone who wants to influence an election can also use generative AI tools for written communications, as well as deepfake audio and video tools, at a scale never before possible. How to respond remains an open question for government officials. Researchers from George Washington University last month warned that by this summer, they expect to see adversaries using AI to craft large quantities of misinformation and deliver it nonstop (see: AI Disinformation Likely a Daily Threat This Election Year).
"We're in unchartered territory right now," a U.S. official told CNN on the heels of the White House recently running an election security drill. "It's the speed and the volume at which our adversaries can flood the information environment."
As CNN first reported, one scenario gamed by participants in the drill involved "a fake AI-generated video showing a Senate candidate destroying ballots," which another official said left participants "tied up in knots" over how the federal government should or shouldn't respond.
Elections are massive undertakings. The U.S. alone counts over 8,000 election jurisdictions, many of which use widely disparate types of technology and business processes, all of which pose "physical, cyber, and operational security risks," according to CISA. The agency faces numerous election security challenges, not least being the attempt to coordinate information sharing between private firms and the federal government.
CISA launched the #Protect2024 web page this week. It contains recommendations and voluntary or no-cost resources for election officials on topics including multifactor authentication, physical security assessments, vulnerability scanning, and crafting and practicing incident response plans. Of course, as adversaries continue to refine their tactics, so too will defenders have to respond.