Election Interference: Think Globally, Act Locally

Election interference analyses remain retrospective and insular, focusing largely on the U.S. 2016 presidential election, and the cyber-enabled data theft, disinformation, and bots involved. That was by no means the first time an entity digitally compromised part of the election infrastructure, and it won’t be the last attempt. A decade ago, reports suggest China stole data from both the McCain and Obama campaigns, and intelligence and national security experts warn that multiple actors may attempt to influence the 2018 U.S. midterm elections.

Election interference has been attempted as long as there have been elections. However, digital innovations have introduced a new range of attack vectors aimed at compromising everything from voting machines to hearts and minds. According to Freedom House, at least 18 countries experienced some form of election interference in 2016. Given the growing relevance of digital election interference, and with midterm elections a month away, it is useful to explore the range of election interference tactics attempted globally to best comprehend the current state and motivations of adversarial behavior, and in turn structure defenses accordingly.


Think Globally

There have always been creative, and often deadly, ways to influence election outcomes, running the gamut from coup attempts to illicit funding to voter suppression. While those are certainly still a concern, it is necessary to better comprehend 'election hacking', a nebulous concept broadly applied as an umbrella term for a wide range of election interference activities. Through global analysis of recent election interference, a few categories emerge and offer insights into how to best protect a core component of American democracy.


Website Interference

Website defacement and interruptions are perhaps the most common digital election interference tactic, likely due to the low cost, skills, and resources required. These attacks often target official websites and social media sites for campaigns, candidates, and political parties, as well as media outlets and government institutions.

There have already been at least two U.S. municipal campaigns hit with distributed denial of service (DDOS) attacks, but this has been a global trend for several years. In 2014, the Ukraine election commission website experienced a DDOS attack and was forced to briefly shut down just before parliamentary elections. A news website was also vandalized, displaying graphic images instead of political ads.

More recently, German Chancellor Angela Merkel’s website was attacked prior to an election debate last year, and local party branches were increasingly targeted for vulnerabilities. A DDOS attack hit the Mexican National Action Party (PAN) website earlier this year during a debate, while the website of Taiwan’s Democratic Progressive Party (DPP) was vandalized and the content was replaced with Chinese propaganda. Social media sites of candidates are also prime targets, as Nicolas Maduro discovered following his election when his Twitter account was hacked. Voter registration and voting information sites are also at risk. During the Brexit referendum, the voter registration crash may have resulted from a DDOS.

Data Access & Manipulation

Data access, theft, and manipulation is arguably the most prominent and impactful form of election interference. The targets include politicians, members of their campaigns, as well as voting machines and voter registration databases. Spear phishing is perhaps the most common attack vector in this category, although servers are also targeted and often found unprotected. As the breach of John Podesta’s personal email demonstrates, both corporate and business email is targeted.

These attacks have disrupted elections globally, often resulting in leaked and/or manipulated emails aimed at weakening or embarrassing a candidate. During the 2017 French presidential election, then presidential candidate Emmanuel Macron’s emails were leaked days prior to the election. Almost nine gigabytes of data were leaked, and quickly followed by various bot-driven campaigns to disseminate the data. In the run-up to Cambodia’s July election, numerous organizations connected to the opposition party and voting process, including the National Election Commission as well as members of Parliament, were victims of a phishing campaign. In this case, the motive appears to be espionage.

There also is the example of Andres Sepulveda, who allegedly has made a career out of interfering in Latin American elections by leading a “team of hackers that stole campaign strategies, manipulated social media to create false waves of enthusiasm and derision, and installed spyware in opposition offices.” Over the last decade, these campaigns allegedly focused on elections in Nicaragua, Panama, Honduras, El Salvador, Colombia, Mexico, Costa Rica, Guatemala, and Venezuela. The motivation in this case seems purely financial.

Voter registration sites are also prime targets. These tend to be more sophisticated attacks, often with the intent to steal credentials to access the larger database. At least 21 states’ voter registration databases were targeted (and one compromised) during the U.S. 2016 presidential election. In the Philippines, the election commision website was first vandalized, and then compromised, resulting in the subsequent leaking of 55 million voters’ data as well as defacement of their website. For comparison, this breach was over twice as large as the U.S. Office of Personnel Management compromise.

Finally, stuffing ballot boxes and ballot fraud is by no means new, so hacking voting machines has understandably received a lot of attention as a target for data manipulation. With more than a dozen U.S. states lacking an audit trail, some voting machines containing backdoors, and election machine compromise proven a legitimate concern at recent security conferences, states are increasingly prioritizing voting machine security. Interestingly, U.S. concerns about voting machine compromise has permeated into diplomatic discussions. Nikki Haley, U.S. Ambassador to the United Nations, warned Congo against using electronic voting machines in favor of paper elections for their December elections. Congo’s current machines not only are susceptible to manipulation, but experts are also concerned about their inability to guarantee secrecy.


Controlling the narrative: Disinformation and disruptions

While Russian trolls are understandably the most notorious disinformation group, many state and state-affiliated groups often seek to control the narrative. This form of election interference largely occurs through disinformation campaigns - defined by Facebook as inaccurate or manipulated information/content that is intentionally spread - or through information disruptions.

Focusing first on disinformation, seemingly every recent European election has been targeted, ranging from elections in Italy, Sweden, and Turkey to referendums in Ireland, the United Kingdom, and Macedonia. Elections across the globe face similar disinformation threats. Former national security advisor H.R. McMaster acknowledged similar disinformation tactics targeting the Mexican presidential election. In Kenya, disinformation in content and imagery surrounding 2017 elections aimed at instigating conflict and exacerbating societal divisions, including videos that portrayed election violence from previous years as live.  In fact, in the recent survey The Reality of Fake News in Kenya, 87% of respondents suspected they were recipients of intentionally misleading or fake information.

While most think of social media as the key medium for transferring disinformation, Moldova provides an illustrative example of additional tactics. Prior to local elections in Moldova, doctored videos were included within a news segment via a self-proclaimed news outlet, demonstrating the impact of basic video manipulation. These basic manipulations pale in comparison to what is on the horizon with voice mimicry or emerging deep fake technologies that are currently discussed in Congress.

While disinformation is one form of manipulating opinions prior to an election, internet service disruptions also aim to influence voter behavior. Back in 2010, Myanmar experienced a disruption that cut internet connectivity just days before the first election in 20 years. According to Freedom House, Zambia and Gambia each experienced internet service disruptions leading up to an election. Surrounding Mali’s recent election, an internet advocacy group accuses the government of intentionally disrupting access as a means to limit communication and impede the activities of opponents. While these kinds of blackouts are less likely in countries with full internet penetration, it was only two years ago that the Mirai bot took down internet connectivity in parts of the East Coast, as well as some social media sites. Also, in 2016, an internet outage for close to a million Germans sparked concerns over vulnerability to election interferences. More recently, Brazil’s upcoming presidential election has already triggered concerns that this tactic may be employed, as the government has previously blocked messaging apps.


Looking Ahead

For defenders of democratic integrity across the globe, one of the biggest failures in understanding election interference is a failure of imagination. For instance, prior to the 2016 Montenegrin parliamentary election, a coup plot was foiled that would have included a hack into messaging apps, the dispersal of disinformation claiming the ruling party rigged the election, and then hired mercenaries to take advantage of the chaos to storm the Parliamentary building and assassinate the prime minister. While this is an extreme example, it is essential to consider the range of potential interference techniques and structure defenses accordingly.

As website interference, data theft and manipulation and controlling the narrative become entrenched components of election interference, defenders must comprehend how these tactics can be mixed and matched for unprecedented impact. By looking globally at the various modes of interference, local and state campaigns can more proactively defend against potential digital attacks. The notion of ‘hacking elections’ must be replaced with more nuanced comprehension of the various attack vectors and potential attackers who are motivated to influence an election.

At the same time, there are examples of successfully countering election interference. Twitter’s new policy change for more robust removal of bots and fake personas and prohibition of hacked materials dissemination may have incorporated insights from French election preparations. Only by looking globally can lessons learned help inform election defenses and proactively protect against digital attacks on democratic institutions.