To say that the 2016 U.S. Presidential election cycle has been unusual would be an understatement for a number of reasons. As a security professional, what stands out is the steady stream of cyber security-related incidents, particularly when compared to the U.S. elections of 2012 and 2008. We’ve all read multiple reports of high-profile compromises of party systems, numerous public data leaks, suspected nation-state interference, low-level hacktivism, and fears over the potential compromise of voting systems on Election Day.
Amidst all the noise and sensationalism it can be difficult to understand the true impact and implications of this activity. Mapping cyber events to polling statistics in an attempt to reveal direct correlations between activities intended to weaken a particular candidate’s position and reality is speculative at best. Opinion polls are notoriously volatile and vary greatly depending on the data consulted. It is difficult to know how widely or quickly leaked information reaches the voting public. And, of course, there can be a variety of reasons for polling fluctuations.
However, despite little evidence to demonstrate a direct impact on a particular candidate’s position due to cyber events, there are larger trends that may be far more significant as cyber emerges as the latest front on the election battlefield.
First and foremost, the series of network breaches that have been attributed to the actions of a nation-state, though unconfirmed, suggest a noticeable shift in tactics. The targeting of elections and party candidates by a foreign state actor is nothing new, but until now it has been chiefly motivated by intelligence gathering objectives and the continuation of undetected access to their target’s systems in order to maintain their strategic viewpoint. For example, in 2013, media reports revealed that Chinese government hackers gained access to the computer networks of Sens. Barack Obama and John McCain during the 2008 presidential election. Campaign staffers at the time said that they grew suspicious that they were being monitored after Chinese officials approached them to complain about foreign policy positions written in secret, internal documents that had not yet been publicized. According to media reports, it appeared that the Chinese had penetrated the campaign networks to observe how the candidates’ policies on China were being developed.
However, this election cycle has shown that state actors may also believe that some data has more value if it is made public. The United States Intelligence Community and a number of security vendors and commentators suspect that leaks originating from WikiLeaks, Guccifer 2.0, and DC Leaks may be tied to Russian state-sponsored actors.
Second, although public confidence in electoral systems has been on the decline for over 12 years according to research by the Pew Research Center, these concerns have now been exacerbated by debates on the threat to voting systems by cyber actors. In fact, increased levels of concern surrounding the accuracy of the voting system are so high that the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security felt the need to issue a joint statement that pointed out that voting systems are not at risk from cyberattacks as they are not connected to the Internet. It remains to be seen whether public confidence continues to decline in the future, though with ongoing cyber activity and subsequent media attention the erosion will likely continue.
These two trends may be a sign of things to come, and it is possible that similar operations may be repeated in the future, not only targeting the U.S. but other countries as well. In fact, such evidence surfaced in April of this year when a South American hacker revealed his involvement in a covert campaign to swing the 2012 presidential election in Mexico. According to an interview, the hacker, Andrés Sepúlveda, was involved in rigging presidential elections in Nicaragua, Panama, Honduras, El Salvador, Colombia, Mexico, Costa Rica, Guatemala, and Venezuela.
It’s safe to say that more public leaks will continue before the end of the election. And future campaigns must be prepared for battle on this new front. In the arsenal of security weapons that organizations have at their disposal, cyber situational awareness provides an organization with an attacker’s eye view into information about themselves that is available online as well as instances of potential leaks, compromises and interference. While hackers will continue to hone their craft with a focus on candidates and campaigns, we must do our own reconnaissance, using cyber situational awareness to examine millions of social sites, cloud-based file sharing sites and other points of compromise across a multi-lingual, global environment spanning the visible, dark and deep web. With this information we can be better armed to deal with malicious activity in the short term, and take a strategic approach to more effective defenses on this new front in the long term.