US Elections 2020: How It Will Affect Privacy and Security
By Nick Anderson 6 minutes
Voting is a fundamental right of every citizen. It is a right that holds power to shape the future of a country. As privacy advocates, we have stressed the importance of educating oneself about the various dangers online. The age of information has conversely spawned an age of misinformation as well. Misinformation can influence narratives; it can stir up political distress. It’s challenging, especially during US Elections 2020 when facts must play a key role in the voting process.
The presidential elections of 2016 witnessed privacy issues, foreign interference, and security risks. External forces sought to shape the outcome of the elections through misinformation campaigns. Online advertisement campaigns used data on social media users.
Cambridge Analytica scandal made headlines in the years following the presidential elections. It revealed how one third-party app shadow operated by Cambridge Analytica data-mined Facebook users for political advertising. Congress even questioned Facebook’s CEO over the social media platform’s ability to handle user data, including the massive data leak that contained 50 million users’ data.
As we enter the presidential election window, threats are looming on the horizon. There’s no question over the potential for another mass misinformation campaign or security risks that could alter the election outcome.
Having acknowledged the mishandling of the situation and responsibility as a social media platform, Facebook announced its plan to ramp up policies for the 2020 presidential elections. Facebook will show visitors information on page owners, such as the country and business address. Any page opting for political advertising will go through a verification process. Sponsored posts that show up in a user’s feed will also reveal information on the advertiser behind it.
Facebook is cracking down on groups that exist to spread misinformation, or “Coordinated Inauthentic Behavior” as Facebook describes it. Facebook has removed hundreds of such pages and groups; many of them originated from Russia and Iran and targeted the US.
The social media platform is also helping page admins protect their accounts by allowing them to enroll in Facebook Protect. The program will monitor the accounts for unusual activity such as login attempts from an alien location or device. It will require the added organization’s members to follow two-factor authentication.
Facebook will stop accepting new political ads one week before the election. Some other measures include removing posts that discourage voting over COVID-19 infection and removing posts that declare victory before official results.
Twitter is Undergoing Security Training
Twitter is perhaps the leading platform for sharing political news and opinions. It hosts accounts of several political figures who keep their voters and people engaged throughout the election period and beyond. The July 2020 attack on Twitter was a wakeup call for the platform.
Accounts of Bill Gates, Elon Musk, Jeff Bezos, Warren Buffet, Barrack Obama, Joe Biden, even Uber’s Twitter account was hacked. The tweets were a scam that asked for $1000 in return for $2000. The bitcoin wallet was common across all the hacked accounts.
The attack was carried out through a Spear Phishing campaign. Phishing is a fraudulent technique; it tricks the target into following certain actions for malicious purposes. The July 2020 attack targeted a group of Twitter employees that had access to the platform’s support tools. Twitter said that the initially targeted employees did not have access to account management tools, but hackers were able to gain access to internal systems, which allowed them to target more employees.
It’s a striking reminder that security systems can only go so far as human vulnerabilities. Phishing relies on urgency, and Spear Phishing adds accurate information to the mix to appear legitimate.
Security Concerns on the Horizon
A new election means security concerns from threats in the form of foreign intelligence and malware.
Just this week, Universal Health Services suffered a ransomware attack that brought down the entire IT infrastructure. The hospital resorted to pen and paper after every computer was shut down after the attack. Ransomware is a computer program that encrypts data on the device. The only choice left then is to pay the ransom to obtain a key that can decrypt the data.
Although the actual voting is physical, some processes are computerized, including databases containing voters. Imagine ransomware striking a government organization with such information. There is also the option for mail-in voting. It allows voters to request ballots at their home. Due to the pandemic that continues to force alternatives, mail-in voting is likely to increase as people avoid physical presence.
The Cybersecurity and Infrastructure Security Agency (CISA) is tasked with the security of the systems involved in the election process. CISA has also raised concerns over the potential vulnerabilities that exist in the current mail-in balloting system.
Foreign interference isn’t a product of hysteria seeded by the mainstream media and global politics. As a software and services company, Microsoft is vigilant against cyberattacks that seek to disrupt its services or any of its clients using Microsoft’s cloud platform.
Microsoft published a blog post outlining its finding in some recent cyberattacks specific to the upcoming presidential elections of 2020. Hacker groups originating from Russia (Strontium), Iran (Phosphorus), and China (Zirconium) targeted people and organizations associated with the upcoming elections in at least some capacity. Strontium targeted consultants for Republicans and Democrat, Think Tanks, National and state party organizations in a campaign that affected 200 organizations. The same group targeted the 2016 elections and has now evolved to avoid detection, which makes them even more dangerous than just five years ago.
Zirconium targeted people associated with the presidential campaigns of Donald J. Trump and Joe Biden. And the Phosphorus group tried to access the accounts of Donald J. Trump and his administration.
The threats posing to the upcoming elections are very real. Cyberattackers will spend months in reconnaissance to find a weak spot. We’ve discussed Pretexting in our blog before and how it is the first stage in the process that will end with the execution of a malicious campaign.
There is something that we can all takeaway. Misinformation campaigns become successful because people are generally inexperienced at identifying such content. Certain practices can go a long way into ensuring that we always get reliable information. Make it a point to always read credible sources instead of posts that pop up randomly on social media with seemingly catchy headlines and images.
We have produced several articles for our users to educate on the various threats that exist online. Whether it’s Spear Phishing, Whaling attack, Ransomware, Evil Twin attack, or any other, you must bring yourself up to speed for a safe online experience. The Twitter hack serves as a great example. If people were aware that scams ask for money in cryptocurrency because it’s harder to trace, a fraud of such scale could have been prevented.