Cybersecurity officials here and overseas have been sounding the alarm about the increasing election threat Russia and other countries pose to the 2020 election with broader, more sophisticated tactics. For instance, The New York Times reports, the NSA and its British counterpart have warned that Russian hackers infiltrated an Iranian group of hackers and attacked both governments and private companies from inside of it in an attempt to draw Iran into their chaos.
Campaign Action
And chaos, says Laura Rosenberger, director of the Alliance for Securing Democracy, "is the point." She says that "You don't actually have to breach an election system in order to create the public impression that you have. […] You can imagine many different scenarios." Making populations distrust their elections systems is probably the most effective means of undermining a democracy, which in the case of Russia and the U.S. has been the underlying objective. That puts officials trying to combat the incursions in a difficult position; they’re damned if they warn the citizenry of the hacking and increase people's perceptions that the system is rigged and damned if they don't warn the populace to be aware of attempts to manipulate them.
It's also turned into a game of whack-a-mole—as intelligence services shut down one avenue of combatting the attacks, the hackers find more sophisticated ways to circumvent them, including operating within the U.S. where the NSA can't legally fight them. They are, one intelligence official says, "refreshing" their operations to include recruiting (and paying) Americans to buy their political ads on Facebook for them, and to allow them to run their Facebook pages. Adding to the problem is an actual increase in hacking from Iran, who were caught trying to infiltrate elections systems in 2018. They might have a heightened, revenge-fueled incentive to increase their efforts this year.
There's been an uptick in ransomware attacks from overseas actors on local governments in the last year, which increases concerns about the vulnerability of county voter rolls on Election Day 2020. Those attacks could be dry runs for hackers hoping to maximize chaos on November 3. The attacks could range from taking voter rolls hostage to shutting down electricity in polling places. Incursions into voting machines isn't out of the question, either. And many states just don't have the resources to share with counties to beef up their systems and provide the human resources they need to have election officials trained in the security measures necessary. There's also that little problem of three major elections companies having control on the market and none of them being subject to much in the way of federal control over security. Some even use key components from China, which could conceivably be pre-hacked.
In a repeat of 2016, political campaigns, too, are once subject to infiltration. This report in the Times says Area 1, a security firm, told them that in the "last two months, there were roughly a thousand phishing attempts against each of the leading Democratic candidates." It did not specify which campaigns were targeted.
U.S. officials—the career ones, not Trumpsters who welcome Russia's help—are at work fighting this. That includes working with state and local governments to do what they can. But there are still limits, particularly out in the states which run the elections. The federal money to assist them that the House has passed continues to be blocked from advancing in the Senate by Mitch McConnell, doing Trump's dirty work again.