Defending the 2018 Midterm Elections from Foreign Adversaries
Conference: Defcon 26
2018-08-01
Summary
The presentation discusses the importance of cybersecurity in elections and the various systems involved in the election process. It also highlights the attacks that occurred during the 2016 elections and the need for responsible disclosure.
- Screenshots are analyzed manually and with neural networks to identify potential security issues in election systems
- Election systems can be categorized into those controlled by election officials, candidates, and third-party sites
- Information flows from voters to various parts of the election system through voluntary transfers, voter registration systems, and ballot selections
- Attacks during the 2016 elections included phishing, typo squatting, social media manipulation, and data breaches
- Responsible disclosure is important in the field of elections to address security issues
Abstract
Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee (DNC) IT services company, and foreign adversaries probed voter registration systems. The tool now cross-checks domain information against open source threat intelligence feeds, and uses a semi-autonomous scheme for identifying phundraising and false flag sites via ensembled data mining and deep learning techniques. We identified Russian nationals registering fake campaign sites, candidates deploying defensive—and offensive—measures against their opponents, and candidates unintentionally exposing sensitive PII to the public. This talk provides an analysis of our 2016 Presidential Election data, and all data recently collected during the 2018 midterm elections. The talk also details technological and procedural measures that government offices and campaigns can use to defend themselves.
Materials:
Tags: