Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Cyber Attack Aims to Manipulate Mexican Election

On Wednesday June 13, in the run-up to Mexico’s July 1 presidential election, a website operated by the rightist National Action Party (PAN) was taken off-line for several hours by a DDoS attack. The outage occurred at the time of a televised presidential debate, and just following a point at which the PAN candidate held up a placard with the website address claiming it held proof of potential corruption.

On Wednesday June 13, in the run-up to Mexico’s July 1 presidential election, a website operated by the rightist National Action Party (PAN) was taken off-line for several hours by a DDoS attack. The outage occurred at the time of a televised presidential debate, and just following a point at which the PAN candidate held up a placard with the website address claiming it held proof of potential corruption.

PAN secretary Damian Zepeda later suggested that front-running leftist candidate Andres Manuel Lopez Obrador (AMLO) was behind the attack. “The AMLO bots have been activated to try to crash the page debate2018.mx where there are proofs of contracts worth millions given to AMLO’s friend,” Zepeda wrote on Twitter.

PAN later claimed that the site had been hit by 185,000 visits in 15 minutes, “with the attacks coming mainly from Russia and China.” Lopez Obrador denied any involvement in the attack, and laughed off any suggestion of ties with Russia by calling himself ‘Andres Manuelovich’.

The source of the DDoS attack is unknown and possibly unknowable — but it is a reminder of the extent to which the internet can be used to influence or even control public opinion.

The accusations of Russian involvement in both the Trump election in the U.S. and the UK Brexit referendum are still fresh. Perhaps more directly relevant is the controversy over the DDoS attack on the FCC website just as it was gathering public comment on the (then) proposed elimination of the net neutrality rules.

The FCC claimed it had been taken off-line by a DDoS attack. Critics of the FCC plans have suggested it was purposely taken off-line to avoid registering mass public dissent over the FCC rules. If the Mexico event was a direct parallel to these claims, it could suggest that PAN couldn’t prove the criticisms it was making, and took down the website itself.

This last possibility is not a serious proposal — but it illustrates the plausible deniability and difficulty of attribution that comes with cyber activity. The DDoS attack could have been delivered by Russia (because it has a history of interference); by AMLO (to prevent access to his competitor’s website); by the U.S. (because it would almost certainly prefer a right-leaning to a left-leaning neighbor); or by PAN itself (as a false flag). Or, of course, none of the above — a straightforward DDoS attack by cybercriminals.

Advertisement. Scroll to continue reading.

At this stage, the only thing is certain is that a DDoS attack did take place in Mexico. Netscout Arbor’s analysis of the period shows more than 300 attacks per day in Mexico during the period 12th-13th June — which is 50% higher than the normal frequency in the country. The largest volumetric DDoS attack targeting Mexico during the week was more than 200 Gbps.

“Political websites are frequent targets of DDoS attacks not only due to the ease of launching attacks, but also due to the desire and capabilities of attackers to impact the election process while staying undiscovered,” comments Kirill Kasavchenko, principal security technologist at Netscout Arbor. “Due to the nature of modern DDoS attacks, it is quite easy to launch attacks from third countries utilizing computers and IoT devices infected by malware or using techniques like reflection of DDoS traffic. Tracing down the original source of the attack and the people behind it is problematic not only from a technical, but also from an administrative point of view.” 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Cyberwarfare

Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...