The phenomenon of ‘election hacking’

31 May 2017

A new phenomenon has gripped the media narrative around the cyber security of a number of contemporary elections; that of ‘election hacking’. Allegations and rumours were rife in the run-up to the US presidential election in 2016 that foreign entities were seeking to undermine democratic processes. This narrative has remained in the spotlight with a number of elections in Western Europe over the course of 2017.[1]

The topic of ‘election hacking’ has returned in the wake of a snap general election being called in the UK for 8th June 2017. Even before this had been called, it was reported that GCHQ had been warning political parties over threats posed to democratic processes by cyber threat actors, including holding discussions over safeguarding data and electronic communications.[2] 

In France, which held the first round of voting in its presidential election on 23rd April 2017, eventual victor Emmanuel Macron was reported to have been the target of a campaign reported by research firm TrendMicro using spoofed domains to gain login credentials. On the eve of the second round of voting, up to 9GB of apparently leaked emails from the Macron campaign was dumped online although it is yet to be ascertained how much – if any – of this leaked data is legitimate and how much is spoofed.

However, in this context, the use of the term ‘election hacking’ in mainstream media reporting has become increasingly hackneyed and removed from its meaning in a cyber security context. There seems to be two broad streams of activity which are referred to under this umbrella - those which involve activity which would be regarded as ‘hacking’, and those which comprise broader disinformation or disruption techniques.

The term ‘hack’ normally refers to a threat actor gaining unauthorised access to data, which would suggest that ‘election hacking’ would see a threat actor compromising electronic voting systems and tampering with results or tallies; or that of a server being compromised to access sensitive data. Whilst the term ‘election hacking’ seems to be accurately applied in the case of Macron’s party being targeted by spoofed domains, there have been other instances in which its use is misleading or sensationalist.

For example, multiple media outlets reported UK MPs’ concerns that the voter registration website for the EU referendum may have been targeted by foreign ‘hackers’, causing it to crash just before the deadline for registration.[3] A ‘lessons learned’ publication by the UK parliamentary Public Administration and Constitutional Affairs Committee reported that “Although the Committee has no direct evidence, it considers that it is important to be aware of the potential for foreign interference in elections or referendums…. PACAC does not rule out the possibility that the crash may have been caused by a DDOS (distributed denial of service attack) using botnets.”[4]

Although the outage was in fact attributable to a spike in user demand, even if it had been a malicious DDoS attack, this would not constitute a ‘hack’ under the definition outlined above. DDoS attacks do not in themselves seek to gain access to servers or networks; rather, they seek to overwhelm a system by demand so that it is rendered temporarily unavailable.

Another important distinction should be made between election ‘hacking’ and disinformation campaigns. Some disinformation campaigns do indeed use confidential information that may have been exfiltrated through hacking activity (such as the DNC breach in the run-up to the US presidential election in 2016) with a view to influencing voter intentions. However, in and of itself the circulation or distribution of intentionally misleading information does not constitute ‘hacking’ as per our technical definition.

What are the challenges?
As is the case for organisations across a number of different sectors, political entities – including individuals, parties and think tanks – will need to remain alert to the cyber threats they face and the possibility that they could be seen as a target by threat actors aligned with specific strategic interests. However, it is important to recognise that some of the media reporting around the threat of foreign entities’ involvement in so-called ‘election hacking’ does not always comprise hacking as it is understood in the technical sense.

For our clients, it is important that they recognise they could be targeted as a means to reach an ultimate victim – perhaps a client or an associate with which they have a trusted relationship and could be used as a stepping stone for a threat actor to ‘island hop’ on to politically exposed entities, such as individuals, sovereign wealth funds or state owned entities, for example.

[1] This topic is discussed in greater detail in our report CTO-SIB-20170208-01A The Spectre of Information Warfare, available to Threat Intelligence subscription clients.
[4] Lessons learned from the EU Referendum, 12th April 2017, Public Administration and Constitutional Affairs Committee



Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated and will not appear until the author has approved them.