Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

06:10 PM
Connect Directly

Disinformation Now the Top Concern Following Hack-Free Election Day

After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.

Election Day was a relatively quiet one for cybersecurity news, but officials remain on high alert for nefarious activity as the vote count continues. Disinformation is top of mind among federal officials and security experts keeping a vigilant watch for both foreign and domestic activity.

In a media call held on Nov. 3, senior officials at the Cybersecurity and Infrastructure Security Agency (CISA) expressed confidence that the voter count was not affected but emphasized "we're not out of the woods yet" when it comes to election-related security threats. While foreign activity has so far been lower than in 2016, the attack surface and potential for disinformation and foreign interference extends into the next month.

Related Content:

Securing the 2020 Election: 'We're Not Out of the Woods Yet'

The Changing Face of Threat Intelligence

New on The Edge: 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

Partners with the Election Integrity Partnership (EIP), a coalition of research entities with the goal of detecting and mitigating election-related threats, explained specific instances of disinformation spotted in the 2020 election during a briefing held on Nov. 4. Throughout the night of Nov. 3, they noticed disinformation amplify following tweets from President Trump and his supporters. 

Some of these posts related to claims of ballot fraud, irregularities around in-person voting, and reports from polling stations, said Camille Francois, CIO of Graphika NY. After the president's late-night speech, they noticed an uptick in related conversations, as well as an increase in "stop the steal" messages and hashtags across social media platforms. Around 3 a.m. to 4 a.m., they saw upticks in conversations around the potential for offline violence.

"This has been very high on our monitoring priorities and we're going to continue looking for those," Francois noted. There were a handful of accounts affiliated with Russia's Internet Research Agency (IRA) pushing stories throughout the night, but these gained little traction. 

"We haven't seen any significant incident of foreign disinformation throughout the night," she added. The team was also watching messages from Russian and Iranian state-sponsored media, which mostly pushed messages stating the US election was "unimportant for their countries."

Reusing False Narratives: A Concerning Pattern
There was an interesting, and concerning, pattern of disinformation chasing the news, noted Alex Stamos, director of the Stanford Internet Observatory and former Facebook CISO. As an example, he pointed to a narrative from a variety of different actors, who claimed voters were being provided with Sharpies in a conspiracy to steal the election. The story started in Chicago, he said, and, of course, using a Sharpie to mark a ballot doesn't affect one's vote.

However, once this story was out there, it later spread to Connecticut. After one news outlet called Arizona for Joe Biden and there was a discussion of whether that call was premature, the experts saw this narrative repurposed with Arizona as the location, without any evidence.

"I think we will continue to see this over the next couple of days," Stamos said of the false narrative spread. "As the electoral map shifts … different scenarios change. You're going to see the disinformation actors reach into their bag of different kinds of ideas that have been thrown out there, but they're going to recycle them in very specific scenarios tied to those places."

This should be especially interesting if there's a legal challenge to the election in specific states, he continued. If one state is determinative and pushed into the spotlight, we may see that state get false narratives recycled with them at the center. Stamos noted the team reported these cases to the social media platforms where they were found; most are believed to have been removed or at least labeled.

Kate Starbird, associate professor of Human Centered Design and Engineering at the University of Washington, calls all of these disinformation narratives, such as claims of voter fraud, "raw material." She warns we'll continue to see this kind content reused. The attacks may become more specific, she adds, as attackers will know which states to target as the election count continues.

"In coming days … that raw material is going to be placed into new narratives and focused on particular areas in order to continue to bolster these claims about voter fraud," Starbird says. While the EIP perceives there is a vulnerability to foreign influence and disinformation here, they have not seen much of this be influential. 

Disinformation rapidly spreads across platforms, noted Isabella Garcia-Camargo, researcher at the Stanford Internet Observatory. In keeping a close eye on different language groups, the EIP saw disinformation specifically targeting Spanish-speaking communities. Information security researcher The Grugq pointed out on Twitter that Facebook, Instagram, and WhatsApp were "heavily used" to spread disinformation written in Spanish.

"The vast majority of anti disinformation work this past year has been focused on English," he wrote. "There simply hasn't been the same attention and resources available to non English speaking communities."

Because the efforts to counter disinformation are overwhelmingly English, Spanish speakers are left vulnerable. As Garcia-Camargo noted, the disinformation in Spanish was seen into the morning of Nov. 4.

Federal officials emphasized they will continue to monitor for election threats in the coming days and weeks.

"We will remain vigilant for any attempts by foreign actors to target or disrupt the ongoing vote counting and final certification of results," said CISA director Chris Krebs in a Nov. 4 statement, also confirming there is no evidence a foreign adversary was able to interfere with vote tallies. 

General Paul Nakasone, director of the National Security Agency and US Cyber Command, said on Twitter both organizations are continuing to watch for foreign adversaries who seek to interfere in the electoral processes.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[email protected],
User Rank: Apprentice
11/6/2020 | 4:23:42 PM
This article seems to be disinformation.
You check with a few techies and state there's no evidence, and it's all rumors.  Maybe you should do a more serious investigation before jumping into the political fray.  Better yet, stick to technical reporting and stay away from politics altogether.
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...