Protecting Democracy – Elections Under Attack

Yoav Arad Pinkas/Checkpoint

Since the 2016 United States Presidential elections, the subject of foreign cyber intervention in Democratic elections has been the focus of public attention. Numerous articles and resources have been devoted to investigate and provide better protection to the core element of the democratic process.

Recognizing the critical importance of elections’ protection we set out to capture assaults in real time in an attempt to unveil the technicalities and forces behind them. Despite the increased attention focused on social media influence operations and fake news, we directed our investigation at cyber-attacks aimed at private and national infrastructures.

But where should we set our traps? Which critical intersections would be suitable for installation of sensors in order to proactively intercept an attack?

Research covering decades of great power intervention in the 20th century elections showed the conditions necessary for such involvement. The conclusions proved incompatible with the 21st century cyber battlefield and we needed a new approach to map this modern arena.

In our research we propose a new methodology of election attack classification. We assess the details and categorize all major published cyber-attacks on democratic elections according to the type of attacks, the targeted asset and the phase of elections in which they were performed. The result is a clear view of the characteristics of attacks and methods used by the aggressors.

Our research shows that despite the headlines and public attention to hacking and protection of voting machines, we did not find any attacks directed at voting machines or the integrity of the voting process itself. Instead, most attacks concentrate on either the Party or candidate’s IT infrastructure during the campaign stage or at the interfaces for publications of the preliminary and final results. Party IT infrastructure provides for an ideal target; party funding and proficiency of cyber protection are often lacking, it is not part of the national assets protected by national cyber authorities and it stores attractive information capable of skewing the results of the campaign. The conclusions of this research provide insights and recommendations suitable for anyone in the occupation of elections’ protection and cyber research.

Equipped with these insights we approached parties and elections’ administrators in various countries and suggested to install designated sensors in order to increase our visibility ahead of coming elections. We describe the findings of two such investigations where we combined forces with the local administration to monitor national and the EU elections in one of the oldest democracies.

November 7 at 11:40 - 12:00, Stage B

Yoav Arad Pinkas is a lead cyber intelligence analyst at Check Point Research. He has a Bachelor’s degree in Computer Science, studying for a Master`s Degree in the History and Philosophy of Sciences and Ideas and is a member of Elections Security working groups.