Election Day was a relatively quiet one for cybersecurity news, but officials remain on high alert for nefarious activity as the vote count continues. Disinformation is top of mind among federal officials and security experts keeping a vigilant watch for both foreign and domestic activity.
In a media call held on Nov. 3, senior officials at the Cybersecurity and Infrastructure Security Agency (CISA) expressed confidence that the voter count was not affected but emphasized "we're not out of the woods yet" when it comes to election-related security threats. While foreign activity has so far been lower than in 2016, the attack surface and potential for disinformation and foreign interference extends into the next month.
Partners with the Election Integrity Partnership (EIP), a coalition of research entities with the goal of detecting and mitigating election-related threats, explained specific instances of disinformation spotted in the 2020 election during a briefing held on Nov. 4. Throughout the night of Nov. 3, they noticed disinformation amplify following tweets from President Trump and his supporters.
Some of these posts related to claims of ballot fraud, irregularities around in-person voting, and reports from polling stations, said Camille Francois, CIO of Graphika NY. After the president's late-night speech, they noticed an uptick in related conversations, as well as an increase in "stop the steal" messages and hashtags across social media platforms. Around 3 a.m. to 4 a.m., they saw upticks in conversations around the potential for offline violence.
"This has been very high on our monitoring priorities and we're going to continue looking for those," Francois noted. There were a handful of accounts affiliated with Russia's Internet Research Agency (IRA) pushing stories throughout the night, but these gained little traction.
"We haven't seen any significant incident of foreign disinformation throughout the night," she added. The team was also watching messages from Russian and Iranian state-sponsored media, which mostly pushed messages stating the US election was "unimportant for their countries."
Reusing False Narratives: A Concerning Pattern
There was an interesting, and concerning, pattern of disinformation chasing the news, noted Alex Stamos, director of the Stanford Internet Observatory and former Facebook CISO. As an example, he pointed to a narrative from a variety of different actors, who claimed voters were being provided with Sharpies in a conspiracy to steal the election. The story started in Chicago, he said, and, of course, using a Sharpie to mark a ballot doesn't affect one's vote.
However, once this story was out there, it later spread to Connecticut. After one news outlet called Arizona for Joe Biden and there was a discussion of whether that call was premature, the experts saw this narrative repurposed with Arizona as the location, without any evidence.
"I think we will continue to see this over the next couple of days," Stamos said of the false narrative spread. "As the electoral map shifts … different scenarios change. You're going to see the disinformation actors reach into their bag of different kinds of ideas that have been thrown out there, but they're going to recycle them in very specific scenarios tied to those places."
This should be especially interesting if there's a legal challenge to the election in specific states, he continued. If one state is determinative and pushed into the spotlight, we may see that state get false narratives recycled with them at the center. Stamos noted the team reported these cases to the social media platforms where they were found; most are believed to have been removed or at least labeled.
Kate Starbird, associate professor of Human Centered Design and Engineering at the University of Washington, calls all of these disinformation narratives, such as claims of voter fraud, "raw material." She warns we'll continue to see this kind content reused. The attacks may become more specific, she adds, as attackers will know which states to target as the election count continues.
"In coming days … that raw material is going to be placed into new narratives and focused on particular areas in order to continue to bolster these claims about voter fraud," Starbird says. While the EIP perceives there is a vulnerability to foreign influence and disinformation here, they have not seen much of this be influential.
Disinformation rapidly spreads across platforms, noted Isabella Garcia-Camargo, researcher at the Stanford Internet Observatory. In keeping a close eye on different language groups, the EIP saw disinformation specifically targeting Spanish-speaking communities. Information security researcher The Grugq pointed out on Twitter that Facebook, Instagram, and WhatsApp were "heavily used" to spread disinformation written in Spanish.
"The vast majority of anti disinformation work this past year has been focused on English," he wrote. "There simply hasn't been the same attention and resources available to non English speaking communities."
Because the efforts to counter disinformation are overwhelmingly English, Spanish speakers are left vulnerable. As Garcia-Camargo noted, the disinformation in Spanish was seen into the morning of Nov. 4.
Federal officials emphasized they will continue to monitor for election threats in the coming days and weeks.
"We will remain vigilant for any attempts by foreign actors to target or disrupt the ongoing vote counting and final certification of results," said CISA director Chris Krebs in a Nov. 4 statement, also confirming there is no evidence a foreign adversary was able to interfere with vote tallies.
General Paul Nakasone, director of the National Security Agency and US Cyber Command, said on Twitter both organizations are continuing to watch for foreign adversaries who seek to interfere in the electoral processes.