These are the hackers targeting the midterm election

How cyberattackers target elections

Campaign 2018: Election Hacking is a weekly series from CBS News & CNET about the cyber-threats and vulnerabilities of the 2018 midterm election.


The intelligence community and cybersecurity experts are in lockstep agreement that elections in the U.S. remain vulnerable to hacking and influence campaigns, like efforts deployed by Russia in 2016. But they warn that the threat from a broader range of diverse actors is also growing, posing a unique challenge for governments and corporations around the world.

These cyber-attackers are driven by a variety of motivations, says Andrea Little Limbago, the chief social scientist at data security firm Endgame. "As long as attackers find it in their best interests or find the motivation to want to have some sort of effect … they're going to think about what they could do with that access," she says. "Especially China, Russia, and Iran."

Russia's use of influence campaigns to meddle with the 2016 presidential election began in 2014 or early 2015 and has been thoroughly documented. But the U.S. was hardly the Russians' first — or only — target.

"We've seen Russian interference really targeting European elections," said Little Limbago. "And in Turkey, Sweden, Italy, the Irish referendum — all of those [elections] have been under some sort of cyberattack or information warfare campaign."

READ: Inside the boot camp reforming teenage hackers

According to a January 2018 report by Democrats on the Senate Foreign Relations Committee, Russia also waged an influence campaign in favor of Britain's departure from the European Union, known as Brexit. Russia's Internet Research Agency (IRA) used nearly 150,000 social media bots to spread misinformation and "undermine democracy and the rule of law in Europe and the United States."

The "bot farms" used in these types of influence campaigns are relatively easy to create, say multiple hackers who spoke with CBS News.

"Twitter allows developer apps and I could insert a code into my own allowing me to view [Twitter] passwords in plaintext," said one hacker for the group New World Hackers, explaining how he builds bot farms to sell on the dark web. "Most people never really pay attention to what they authorize on Twitter and apps with bad security may have a hacker in the middle. This is also known as a man in the middle attack."

The bots, according to some reports, propagated deceptive content that could reach millions of people in about an hour.

"What's interesting is that as we see [bots] growing, we're also starting to seeing some greater microtargeting," said Little Limbago, the social scientist. "They're leveraging various kinds of algorithms that people are interested in, [and] target them very specifically. The bots can target them [on social media]."

kiev.jpg
Kiev, Ukraine is routinely targeted by Russian hackers. Dan Patterson

Intelligence officials and U.S. tech firms warn that Russian cyber operatives are still active and targeting Americans ahead of the 2018 midterm elections. In August, Microsoft revealed that the hacking team known as Fancy Bear, which the U.S. has said is directed by Russian intelligence, was setting up fake internet domains and using the company's Office 365 productivity suite to send phishing emails to political targets. "This activity is most fundamentally focused on disrupting democracy," said company president Brad Smith in a statement.

Facebook, Twitter and Google have also discovered evidence of hackers using technology platforms to stage cyberattacks targeting the 2018 midterm elections. Though the major tech companies were unwilling to attribute the hacks to any particular organization or country, former CIA acting director Michael Morell said there is "no doubt that the Russians are behind the effort."

The Putin regime honed its tactics in Ukraine with influence campaigns and cyberattacks on critical infrastructure that caused widespread disruption.

READ: Beijing-linked hackers are coming for us again, warns the U.S.

There are also "sub-state level actors getting involved" with election hacking around the world, said Little Limbago. "Multinational corporations like Cambridge Analytica, which we hear a lot about in relation to our 2016 election," were also involved in the 2013 and 2017 Kenya elections and employ "a broad range of interference that goes beyond traditional marketing."

Russia acts for political reasons, while "China hacks the United States to steal" intellectual property, said one security expert who chose not to be identified because his employer does business with Chinese companies. "Russia is engaged with mucking around with politics all over Europe and the U.S. China does hack elsewhere, but their goals in the U.S. today are mostly economic."

While there is no evidence that China is meddling in the 2018 midterms, there is mounting evidence that the country's technology sophistication could be used to influence U.S. elections in the future. China does have a long history of regional election meddling, having recently been involved in attacks on Taiwan and Cambodia that involved influence campaigns, cyber-vandalism and tampering with voter registration rolls.

In 2015, says Little Limbago, there was a diplomatic, multilateral attempt to slow down China's hacking and offensive cyber capabilities. "But since the 2016 election, we've seen [China] really didn't stop."

Iran's cyber targets are primarily regional adversaries, including Israel. In August, Reuters discovered a "sprawling network" of websites and social media accounts to support an influence campaign that the Atlantic Council's Ben Nimmo called "a large-scale amplifier for Iranian state messaging." The disinformation networks spanned Facebook, Instagram, Twitter and YouTube.

The spectrum of actors getting involved in election meddling is broadening, says Little Limbago. "Not just the nation-states that are going against in each other's elections, but within the nation-states as well, there are a number of hacktivist groups within a broad range of different countries."

READ: Russian hackers behind DNC breach now targeting Europe, South America

Global hacktivist groups meddle with elections to make a political, social or cultural statement. "When you think about hacktivist groups [around the world], you think about a case in the Philippines ... where a hacktivist group first attacked an election commission website. From there, they vandalized the website but then released 55 million voter registration records, including biometric data."

In the U.S., groups like Anonymous, New World Hackers and Ghost Squad Hackers are capable of attacking voting machines, databases and critical infrastructure, according to an anonymous hacker who goes by the pseudonym S1ege. "We really do not care about attacking the U.S. elections. They've already been hacked. We mostly hack ISIS," he said.

S1ege, a leader of the loose-knit hacking collective Ghost Squad Hackers, says that groups like his are misunderstood.

"We care a lot about America  We're defacing corporations, social engineering ISIS. The Panama Papers. You think we hack just for the lulz but that's not right," he said, referring to pranks played by unsophisticated hackers. "We hack actual enemies of freedom."

Learn more:

Featured in SciTech