| |
Ransomware Feared as Election Saboteur 08/02 10:24
Federal authorities say one of the gravest threats to the November election
is a well-timed ransomware attack that could paralyze voting operations. The
threat isn't just from foreign governments, but any fortune-seeking criminal.
WASHINGTON (AP) -- Federal authorities say one of the gravest threats to the
November election is a well-timed ransomware attack that could paralyze voting
operations. The threat isn't just from foreign governments, but any
fortune-seeking criminal.
Ransomware attacks targeting state and local governments have been on the
rise, with cyber criminals seeking quick money by seizing data and holding it
hostage until they get paid. The fear is that such attacks could affect voting
systems directly or even indirectly, by infecting broader government networks
that include electoral databases.
Even if a ransomware attack fails to disrupt elections, it could nonetheless
rattle confidence in the vote.
On the spectrum of threats from the fantastical to the more probable,
experts and officials say ransomware is a particularly realistic possibility
because the attacks are already so pervasive and lucrative. The FBI and
Department of Homeland Security have issued advisories to local governments,
including recommendations for preventing attacks.
"From the standpoint of confidence in the system, I think it is much easier
to disrupt a network and prevent it from operating than it is to change votes,"
Adam Hickey, a Justice Department deputy assistant attorney general, said in an
interview.
The scenario is relatively simple: Plant malware on multiple networks that
affect voter registration databases and activate it just before an election. Or
target vote-reporting and tabulation systems.
"With the 2020 election, election infrastructure has a target on its back,"
Colorado Secretary of State Jena Griswold said. "We know that election
infrastructure was attempted to be undermined in 2016, and we know the
techniques are shifting."
The number of attacks has escalated in recent years, with targets including
Texas' transportation agency and city computers in New Orleans. A December
report by cybersecurity firm Emsisoft tracked attacks against at least 966
entities that interrupted 911 services, rendered medical records inaccessible
and hindered police background checks.
"We're seeing state and local entities targeted with ransomware on a near
daily basis," said Geoff Hale, a top election security official with Homeland
Security's Cybersecurity and Election Infrastructure Agency.
Steps taken to improve security of voter registration systems after the 2016
election could help governments fend off election-related ransomware attacks.
They've also acted to ensure they can recover quickly in the event of an attack.
Colorado, for example, stores redundant versions of its voter registration
data at two separate secure locations so officials can easily shift operations.
Backups are regular so the system can be quickly rebuilt if needed.
Even so, ransomware is an added concern for local election officials already
confronting staffing and budget constraints while preparing for a shift from
in-person voting to absentee balloting because of the pandemic.
In West Virginia, state officials are more concerned about the cyberthreat
confronting its 55 county election offices than a direct attack on the
statewide voter registration system. One click from a county employee falling
victim to a spearphishing attack could grant a hacker access to the county
network and eventually to election systems.
"I'm more worried that those people who are working extra hours and working
more days, the temporary staff that may be brought in to help process the
paperwork, that all this may create a certain malaise or fatigue when they are
using tools like email," said David Tackett, chief information officer for the
secretary of state.
In states that rely heavily on in-person voting and use electronic systems
to check in voters, a well-timed attack particularly during early voting could
prevent officials from immediately verifying a voter's eligibility, making
paper backups critical.
For states conducting elections entirely by mail, including Colorado, an
attack near Election Day may have little effect on voting because ballots are
sent early to all voters, with few votes cast in-person. But it could disrupt
vote-tallying, forcing officials to process ballots by hand.
In many states, local officials will face an influx of new ballot requests.
That means they'll need constant access to voter data as they handle these
requests. An attack could cause major disruptions.
Hickey said he was unaware of ransomware attacks directly targeting election
infrastructure. But local election offices are often connected to larger county
networks and not properly insulated or protected.
A criminal targeting a county or state "may not even know what parts of the
network they got into," Hickey said. But as the malware creeps along and
spreads, "what gets bricked is the entire network --- and that includes but is
not limited to election infrastructure."
Even if election infrastructure isn't directly targeted, there would likely
be immediate assumptions it was, said Ron Bushar of the FireEye cybersecurity
company.
A February advisory issued by the FBI and obtained by The Associated Press
recommends local governments separate election-related systems from county and
state systems to ensure they aren't affected in an unrelated attack.
That's how Louisiana's election network survived multiple ransomware
attacks: one occurred six days before the November election through an IT
services company shared by the seven impacted counties. The second hit the
state network a day after voting.
At a January meeting of state officials, Louisiana's secretary of state
highlighted the attacks as a blueprint for how an adversary like Russia could
throw November into disarray.
Jason Ingalls, whose security firm responded to the Louisiana attacks, said
in an interview: "You put me in charge of a platoon of Russian hackers and give
me a couple of years to stage this and I could pull this off."
|
|
