Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/4/2020
06:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Disinformation Now the Top Concern Following Hack-Free Election Day

After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.

Election Day was a relatively quiet one for cybersecurity news, but officials remain on high alert for nefarious activity as the vote count continues. Disinformation is top of mind among federal officials and security experts keeping a vigilant watch for both foreign and domestic activity.

In a media call held on Nov. 3, senior officials at the Cybersecurity and Infrastructure Security Agency (CISA) expressed confidence that the voter count was not affected but emphasized "we're not out of the woods yet" when it comes to election-related security threats. While foreign activity has so far been lower than in 2016, the attack surface and potential for disinformation and foreign interference extends into the next month.

Related Content:

Securing the 2020 Election: 'We're Not Out of the Woods Yet'

The Changing Face of Threat Intelligence

New on The Edge: 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

Partners with the Election Integrity Partnership (EIP), a coalition of research entities with the goal of detecting and mitigating election-related threats, explained specific instances of disinformation spotted in the 2020 election during a briefing held on Nov. 4. Throughout the night of Nov. 3, they noticed disinformation amplify following tweets from President Trump and his supporters. 

Some of these posts related to claims of ballot fraud, irregularities around in-person voting, and reports from polling stations, said Camille Francois, CIO of Graphika NY. After the president's late-night speech, they noticed an uptick in related conversations, as well as an increase in "stop the steal" messages and hashtags across social media platforms. Around 3 a.m. to 4 a.m., they saw upticks in conversations around the potential for offline violence.

"This has been very high on our monitoring priorities and we're going to continue looking for those," Francois noted. There were a handful of accounts affiliated with Russia's Internet Research Agency (IRA) pushing stories throughout the night, but these gained little traction. 

"We haven't seen any significant incident of foreign disinformation throughout the night," she added. The team was also watching messages from Russian and Iranian state-sponsored media, which mostly pushed messages stating the US election was "unimportant for their countries."

Reusing False Narratives: A Concerning Pattern
There was an interesting, and concerning, pattern of disinformation chasing the news, noted Alex Stamos, director of the Stanford Internet Observatory and former Facebook CISO. As an example, he pointed to a narrative from a variety of different actors, who claimed voters were being provided with Sharpies in a conspiracy to steal the election. The story started in Chicago, he said, and, of course, using a Sharpie to mark a ballot doesn't affect one's vote.

However, once this story was out there, it later spread to Connecticut. After one news outlet called Arizona for Joe Biden and there was a discussion of whether that call was premature, the experts saw this narrative repurposed with Arizona as the location, without any evidence.

"I think we will continue to see this over the next couple of days," Stamos said of the false narrative spread. "As the electoral map shifts … different scenarios change. You're going to see the disinformation actors reach into their bag of different kinds of ideas that have been thrown out there, but they're going to recycle them in very specific scenarios tied to those places."

This should be especially interesting if there's a legal challenge to the election in specific states, he continued. If one state is determinative and pushed into the spotlight, we may see that state get false narratives recycled with them at the center. Stamos noted the team reported these cases to the social media platforms where they were found; most are believed to have been removed or at least labeled.

Kate Starbird, associate professor of Human Centered Design and Engineering at the University of Washington, calls all of these disinformation narratives, such as claims of voter fraud, "raw material." She warns we'll continue to see this kind content reused. The attacks may become more specific, she adds, as attackers will know which states to target as the election count continues.

"In coming days … that raw material is going to be placed into new narratives and focused on particular areas in order to continue to bolster these claims about voter fraud," Starbird says. While the EIP perceives there is a vulnerability to foreign influence and disinformation here, they have not seen much of this be influential. 

Disinformation rapidly spreads across platforms, noted Isabella Garcia-Camargo, researcher at the Stanford Internet Observatory. In keeping a close eye on different language groups, the EIP saw disinformation specifically targeting Spanish-speaking communities. Information security researcher The Grugq pointed out on Twitter that Facebook, Instagram, and WhatsApp were "heavily used" to spread disinformation written in Spanish.

"The vast majority of anti disinformation work this past year has been focused on English," he wrote. "There simply hasn't been the same attention and resources available to non English speaking communities."

Because the efforts to counter disinformation are overwhelmingly English, Spanish speakers are left vulnerable. As Garcia-Camargo noted, the disinformation in Spanish was seen into the morning of Nov. 4.

Federal officials emphasized they will continue to monitor for election threats in the coming days and weeks.

"We will remain vigilant for any attempts by foreign actors to target or disrupt the ongoing vote counting and final certification of results," said CISA director Chris Krebs in a Nov. 4 statement, also confirming there is no evidence a foreign adversary was able to interfere with vote tallies. 

General Paul Nakasone, director of the National Security Agency and US Cyber Command, said on Twitter both organizations are continuing to watch for foreign adversaries who seek to interfere in the electoral processes.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
biz@deansorensen.com
50%
50%
[email protected],
User Rank: Apprentice
11/6/2020 | 4:23:42 PM
Pending Review
This comment is waiting for review by our moderators.
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29129
PUBLISHED: 2020-11-26
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-29130
PUBLISHED: 2020-11-26
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-26936
PUBLISHED: 2020-11-26
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
CVE-2020-29042
PUBLISHED: 2020-11-26
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
CVE-2020-29043
PUBLISHED: 2020-11-26
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.