One troubling wildcard is the potential for the kind of ransomware attacks now affecting
“The big story so far is how little we have seen from
But
State and local government networks remain highly vulnerable, and dozens have already been battered by ransomware attacks sown largely by a few Russian-speaking criminal gangs.
“If the elections are a mess and we won’t find out for weeks who won, that creates all sorts of opportunities for Russians and others to try to cause more divisions and more havoc and chaos,” Alperovitch said. Those go beyond disinformation operations — such as Kremlin attempts to smear former Vice President
There are indications that Russian malware planted long ago is lurking hidden, awaiting activation should Russian President
Agents from Russia’s elite Energetic Bear hacking group have since September infiltrated dozens of state and local government networks, federal officials announced last week. They said there was no evidence that election infrastructure was targeted or violated.
Election officials fear a “blend” of overlapping attacks intended to undermine voter confidence and incite political violence: taking over state or local government websites to spread misinformation, crippling election results-reporting websites with denial-of-service attacks, hijacking officials’ social media accounts and making false claims about rigged voting.
So far, the highest-profile foreign meddling incident has been by
On Friday, the FBI and DHS issued an advisory saying the Iranians had scanned state election websites at the end of September — researching their firewalls — and successfully obtained voter registration data in at least one state, using it in a amateurish propaganda video that almost nobody saw before YouTube took it offline. The advisory did not name the affected states or say if any voter registration data was altered.
There have been other incidents. Tuesday’s brief hacking of Trump’s campaign website — an apparent scam by someone seeking to collect cryptocurrency — is a taste of what could be in store. Another was a ransomware attack on
Election officials across the country have faced phishing attempts and scans of their networks but that’s considered routine and none have been publicly linked this election cycle to specific malware infections by foreign adversaries.
Election security officials say they worry more about misinformation mongers eroding confidence in the election than about the potential for vote-tampering.
“The goal is not necessarily to influence a race, but to break down democracy,” said
Such a hook would be malware bombs long hidden in government networks that
In 2016, Kremlin agents didn’t act after infiltrating Illinois’ voter registration database and election operations in at least two
“I do think they returned those arrows to their quiver and made them better for this year,”
Following Russian military agents’ posting online of emails they hacked from
Often, computer systems “that are thought to be completely isolated turn out to have some sort of connection to the network that the folks weren’t aware of,” said
That exacerbates concerns about ransomware, the FBI's biggest worry for election interference. Typically seeded weeks before activation, it encrypts entire networks into gibberish until the victims pay up. An attack — with plausible deniability for the Kremlin — could freeze up voter registration databases or election-reporting systems
While care has been made to segment election systems from other operations at the state level, counties generally don’t separate them. That spells danger.
The cybersecurity firm Awake Security reviewed publicly available databases of internet-facing government servers in 48 states this month and found apparently vulnerable machines in every one. More than 2,500 servers showed critical or high-risk vulnerabilities. A skilled adversary could wipe entire networks clean.
Complicating the equation is the Trickbot network of infected zombie computers controlled by a Russian-speaking criminal consortium that Microsoft has been attempting to disable. It has been the main conduit for Ryuk, the ransomware the FBI says is being wielded against
It’s unclear who’s behind Trickbot and Ryuk or if there’s a relationship with the Kremlin. But cybersecurity threat analysts say that cybercrime syndicates based in its realm generally can't operate without the tacit consent of Russian security services.
“In many cases, when Russian cybercriminals are arrested they’re given a choice to put on a uniform and work for the state or go to prison. And obviously, many choose the former,” said Alperovitch, the
Copyright 2020 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission., source