Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/4/2020
06:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Disinformation Now the Top Concern Following Hack-Free Election Day

After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.

Election Day was a relatively quiet one for cybersecurity news, but officials remain on high alert for nefarious activity as the vote count continues. Disinformation is top of mind among federal officials and security experts keeping a vigilant watch for both foreign and domestic activity.

In a media call held on Nov. 3, senior officials at the Cybersecurity and Infrastructure Security Agency (CISA) expressed confidence that the voter count was not affected but emphasized "we're not out of the woods yet" when it comes to election-related security threats. While foreign activity has so far been lower than in 2016, the attack surface and potential for disinformation and foreign interference extends into the next month.

Related Content:

Securing the 2020 Election: 'We're Not Out of the Woods Yet'

The Changing Face of Threat Intelligence

New on The Edge: 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

Partners with the Election Integrity Partnership (EIP), a coalition of research entities with the goal of detecting and mitigating election-related threats, explained specific instances of disinformation spotted in the 2020 election during a briefing held on Nov. 4. Throughout the night of Nov. 3, they noticed disinformation amplify following tweets from President Trump and his supporters. 

Some of these posts related to claims of ballot fraud, irregularities around in-person voting, and reports from polling stations, said Camille Francois, CIO of Graphika NY. After the president's late-night speech, they noticed an uptick in related conversations, as well as an increase in "stop the steal" messages and hashtags across social media platforms. Around 3 a.m. to 4 a.m., they saw upticks in conversations around the potential for offline violence.

"This has been very high on our monitoring priorities and we're going to continue looking for those," Francois noted. There were a handful of accounts affiliated with Russia's Internet Research Agency (IRA) pushing stories throughout the night, but these gained little traction. 

"We haven't seen any significant incident of foreign disinformation throughout the night," she added. The team was also watching messages from Russian and Iranian state-sponsored media, which mostly pushed messages stating the US election was "unimportant for their countries."

Reusing False Narratives: A Concerning Pattern
There was an interesting, and concerning, pattern of disinformation chasing the news, noted Alex Stamos, director of the Stanford Internet Observatory and former Facebook CISO. As an example, he pointed to a narrative from a variety of different actors, who claimed voters were being provided with Sharpies in a conspiracy to steal the election. The story started in Chicago, he said, and, of course, using a Sharpie to mark a ballot doesn't affect one's vote.

However, once this story was out there, it later spread to Connecticut. After one news outlet called Arizona for Joe Biden and there was a discussion of whether that call was premature, the experts saw this narrative repurposed with Arizona as the location, without any evidence.

"I think we will continue to see this over the next couple of days," Stamos said of the false narrative spread. "As the electoral map shifts … different scenarios change. You're going to see the disinformation actors reach into their bag of different kinds of ideas that have been thrown out there, but they're going to recycle them in very specific scenarios tied to those places."

This should be especially interesting if there's a legal challenge to the election in specific states, he continued. If one state is determinative and pushed into the spotlight, we may see that state get false narratives recycled with them at the center. Stamos noted the team reported these cases to the social media platforms where they were found; most are believed to have been removed or at least labeled.

Kate Starbird, associate professor of Human Centered Design and Engineering at the University of Washington, calls all of these disinformation narratives, such as claims of voter fraud, "raw material." She warns we'll continue to see this kind content reused. The attacks may become more specific, she adds, as attackers will know which states to target as the election count continues.

"In coming days … that raw material is going to be placed into new narratives and focused on particular areas in order to continue to bolster these claims about voter fraud," Starbird says. While the EIP perceives there is a vulnerability to foreign influence and disinformation here, they have not seen much of this be influential. 

Disinformation rapidly spreads across platforms, noted Isabella Garcia-Camargo, researcher at the Stanford Internet Observatory. In keeping a close eye on different language groups, the EIP saw disinformation specifically targeting Spanish-speaking communities. Information security researcher The Grugq pointed out on Twitter that Facebook, Instagram, and WhatsApp were "heavily used" to spread disinformation written in Spanish.

"The vast majority of anti disinformation work this past year has been focused on English," he wrote. "There simply hasn't been the same attention and resources available to non English speaking communities."

Because the efforts to counter disinformation are overwhelmingly English, Spanish speakers are left vulnerable. As Garcia-Camargo noted, the disinformation in Spanish was seen into the morning of Nov. 4.

Federal officials emphasized they will continue to monitor for election threats in the coming days and weeks.

"We will remain vigilant for any attempts by foreign actors to target or disrupt the ongoing vote counting and final certification of results," said CISA director Chris Krebs in a Nov. 4 statement, also confirming there is no evidence a foreign adversary was able to interfere with vote tallies. 

General Paul Nakasone, director of the National Security Agency and US Cyber Command, said on Twitter both organizations are continuing to watch for foreign adversaries who seek to interfere in the electoral processes.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
biz@deansorensen.com
50%
50%
[email protected],
User Rank: Apprentice
11/6/2020 | 4:23:42 PM
This article seems to be disinformation.
You check with a few techies and state there's no evidence, and it's all rumors.  Maybe you should do a more serious investigation before jumping into the political fray.  Better yet, stick to technical reporting and stay away from politics altogether.
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27225
PUBLISHED: 2021-03-01
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.