The Atlantic Warns About 2020 Election Security Holes and Possible Russian Interference

A staff writer at TheAtlantic  published a 7,800-word warning about election security considering the possibility of everything from ransomware to meddling with voter-registration databases — and of course, online disinformation. But it starts with Jack Cable, a Stanford student who discovered security holes in Chicago’s Board of Elections website — then spent months trying to find an official who’d fix them. The Atlantic describes the holes as “the most basic lapses in cybersecurity — preventable with code learned in an introductory computer-science class — and they remained even though similar gaps had been identified by the FBI and the Department of Homeland Security, not to mention widely reported in the media.” And then this “teenager in a dorm room” discovered “many other” states had similar security holes…

Fortunately, the former head of security at Facebook (who now teaches at Stanford) had gotten approval from the Department of Homeland Security to assemble a team of undergraduates to search for election-security holes. “Less than six months before Election Day, the government will attempt to identify democracy’s most glaring weakness by deploying college kids on their summer break.” But there’s other equally disturbing anecdotes in the article. On election night in 2016, Russians had queued up a Twitter campaign alleging voting irregularities, and “Russian diplomats were ready to publicly denounce the results as illegitimate…”

And yet there’s also this anecdote about the Internet Research Agency, “a troll farm serving the interests of the Kremlin.”

Starting in 2017, it launched a sustained effort to exaggerate the specter of its interference, a tactic that social-media companies call “perception hacking.” Its trolls were instructed to post about the Mueller report and fan the flames of public anger over the blatant interference it revealed… If enough Americans come to believe that Russia can do whatever it wants to our democratic processes without consequence, that, too, increases cynicism about American democracy, and thereby serves Russian ends.
The article notes that some techniques are apparently borrowed from mainstream cybercriminals, and “In the cybercrime world, you’re starting to see audio phishes,” warns Microsoft’s Corporate VP of Security and Trust. “[S]omebody gets a voicemail message from their boss, for example, saying, ‘Hey, I need you to transfer this money to the following account right away.’ It sounds just like your boss and so you do it.”

What’s really remarkable is the reach of the activities. The Alliance for Securing Democracy, which tracks illicit campaign financing, “has identified at least 60 instances of Russia financing political campaigns beyond its borders,” according to the article. And sometimes the efforts actually go offline… What the Russians can’t obtain from afar, they will attempt to pilfer with agents on the ground. The same GRU unit that hacked John Podesta has allegedly sent operatives to Rio de Janeiro, Kuala Lumpur, and The Hague to practice what is known as “close-access hacking.” Once on the ground, they use off-the-shelf electronic equipment to pry open the Wi-Fi network of whomever they’re spying on. The Russians, in other words, take risks few other nations would dare. They are willing to go to such lengths because they’ve reaped such rich rewards from hacking.