Midterm elections are only a few weeks away, and legislatures in Washington intend to prevent the type of sophisticated cyber attacks and “highly targeted influence operations” that disrupted the 2016 presidential election.
Currently, a Google-founded technology incubator, Jigsaw, is offering political campaigns a tool that can defend against a simpler cyber attack that could prove to be a threat to the democratic process.
Jigsaw announced, on May 16, 2018, that it will be providing political organizations free protection against “direct denial of service attacks” designed to overload a target with fake traffic. Project Shield creates a filter that stops malicious traffic from reaching the protected target. Project Shield is part of the “Protect Your Election” initiative. It is a suite of cyber-security tools that Jigsaw is offering campaigns. Jigsaw is owned by the Google parent company Alphabet.
Watching what has been happening over the past couple years, it was noticed that DDoS attacks tend to spike, according to George Conard, who is Project Shield’s product manager. “We’re trying to understand what organizations that are vulnerable to digital attacks need and how we can keep them safer.”
Jigsaw has been offering Project Shield to journalists and human rights organizations for free. The idea to offer Project Shield to political campaigns for free came from research and conversations with election officials and others who offer digital security during elections. Jigsaw offers tools that protect against phishing and unauthorized access to email accounts.
Alphabet is not the only company offering solutions to potential election inference. Facebook is working with the Atlantic Council think tank in an effort to deter disinformation on the social media platform during elections.
Days before the 2016 presidential election, hackers launched a series of DDoS attacks against Donald Trump and Hillary Clinton’s campaign websites. The sites did not crash, however, the attempts mirrored other successful attacks that used malware, which was publicly available, to shut down several major websites. Earlier in 2016, this type of malware was used to shut down Twitter and Spotify.
Cyber-security researchers discovered that hackers with foreign IP addresses bombarded an election website in Knox County, Tennessee. Malicious traffic was found during the county primary, held on May 1, 2018. The website was displaying election night returns. It crashed for an hour before officials were able to restore the site.
This style attack is designed to create confusion by preventing people from receiving needed data at critical moments.
In general, DDoS attacks are on the rise. The attacks that target political campaigns often come from hackers who want to intimidate the opposition or cause, according to Jose Nazario, director of security research at the cloud computing provider Fastly.
“As campaigns have moved online – whether to take donations, coordinate, or broadcast their message – it’s become a way to hit them directly. They can be very effective at silencing an opposing voice.” Nazario has studied DDoS attacks that were politically motivated.
DDoS attacks are inexpensive and do not require much technical skill. They may not be sophisticated; however, they are effective. There are multiple websites that offer ways to carry out DDoS attacks for $20 or less. The attacks work by hijacking devices that are connected to the internet and using them as “bots” to cripple their targets by flooding them with simultaneous internet requests.
A minor attack can take down the website of a small organization and cost them thousands of dollars to defend themselves.
Conard said, “When I think about the election space in the current climate, anybody who’s unhappy with what they heard a local or national office candidate say can go into their living room, open their laptop and find somebody to launch an attack.” DDoS attacks are difficult to trace, making it an even more attractive style of attack.
Many political campaigns are operating on tight budgets. Often, they do not have the knowledge to protect themselves or the resources to hire IT teams that can manage an attack for the campaign. Even well-funded campaigns spend their money on things other than protection, such as office space or travel.
Therefore, Jigsaw’s offer could come in handy to a variety of candidates and groups. Jigsaw is not sure how many campaigns will take advantage of their free offer of protection with Project Shield. According to Conard, political organizations across the United States, including nonprofits, candidates, political action committees, and campaigns are welcome to use the Project Shield tools for free.
Conard wants Project Shield to build awareness and ensure candidates are thinking about the possible threat early in the democratic process.
By Jeanette Smith
The Washington Post: The Cybersecurity 202: Google wants to help political groups fight these cheap but disruptive cyberattacks
Image Courtesy of Blue Coat Photos’ Flickr Page – Creative Commons License