These states are battling malware ahead of the midterm election

How malware could disrupt midterm elections

Campaign 2018: Election Hacking is a weekly series from CBS News & CNET about the cyber-threats and vulnerabilities of the 2018 midterm election.


Voters and political campaigns in some of the tightest battleground states of the 2018 midterm election are under assault from malware. Malicious software like ransomware, trojans, and adware has increased dramatically in eight states with close elections at stake, according to new data.

Trojans that lurk in the background of computers are the most widely-used malware this election season. These so-called "backdoor" exploits sneak on to computers through malicious software, and often delete, modify, or copy data from a victim's machine. Starting in July, instances of apps that carry these viruses increased dramatically in Arizona, Florida, Nevada, Tennessee, and Wisconsin.

Nevada malware trends ahead of the midterm election. Data: Kenneth Geers / Comodo

Because political campaigns typically possess piles of sensitive data it's easy to understand why this type of malware is so popular, said Kenneth Geers, the chief research scientist at Comodo Cybersecurity and former NATO cybersecurity ambassador. "Political campaigns are always at risk. We see a rise in malware with every major news event around the world, including elections in the US. The trend is clear: As geopolitical tension rises, so does the installation — the use —  of malware."

A sharp increase in malicious software like ransomware and adware was also detected in battleground states and was most prevalent in Minnesota, Missouri, and New Jersey. Traditional adware gathers browsing data and displays unwanted advertising, but this season, said Geers, browsing data gathered by "suspicious" web applications has been used to profile and target campaign workers with more malicious software.

Florida malware trends ahead of the midterm election. Data: Kenneth Geers / Comodo

"Hackers use apps that carry adware technology as part of a two-pronged attack," said Geers. "First they gather information about the target, then they use that data to send phishing attacks or ransomware or other malware."

READ: Hackers, trolls and the fight over your vote in the 2018 midterm elections

Campaigns are also contending with ransomware, the widely used malware that encrypts a victim's computer and holds the data hostage unless a fee is paid, usually in cryptocurrency. Geers fears a ransomware attack could devastate local campaigns and grassroots political organizations, many of which are underfunded and lack the resources to hire a dedicated IT team to fend off these types of attacks.

New Jersey malware trends ahead of the midterm election. Data: Kenneth Geers / Comodo

A number of high profile cyber-defense experts who spoke with CBS News —  including former NSA engineers and political advisors — are worried that ransomware could shut down campaigns, damage critical infrastructure, and slow communication systems ahead of the election.

"We know that ransomware has been hitting cities large and small all across America and all across the world," said Fortalice Solutions CEO and former White House Chief Information Officer Theresa Payton. "Election Day is a single day. So the question is: If ransomware hits, what's the backup plan to allow people to vote?"

READ: Midterm elections, social media and hacking: What you need to know

The use of malicious software in states critical to both political parties in the 2018 midterm election follows a global trend of cyber tactics designed to undermine the faith and confidence in democratic institutions, said Geers. According to Comodo data, similar spikes in malware were detected targeting elections in Russia, Turkey, Colombia, Azerbaijan, and Mali in recent years.

Data gathered through unscrupulous applications is particularly troubling, said Geers. "In countries where activists, journalists, and political dissidents are targeted by the government, you really don't want them to have the same intimate knowledge of you that advertisers have. Think about an app that harvests data from your phone as Cambridge Analytica did from Facebook under an autocratic government. The [global] data indicates this trend is now happening."

Global election malware trends. Data: Kenneth Geers / Comodo

Who is responsible for this rise in malware targeting political campaigns? Attribution, Geers says, is possible but very difficult. "The NSA and CIA are going to move heaven and earth to acquire attribution because it's what they do. Likely the breadcrumbs go to go back to China and Russia. But many other major nation-states are involved with election hacking. And two weeks out from the midterms, what are you going to do? Charge them like criminals? Unlikely."

Political campaigns around the country are taking a number of proactive steps to protect themselves and reduce the potential impact of election hacking. "We have rotating encryption keys, [two-factor] authentication, make sure all our [cloud data] is segmented by client so there's no co-mingling of data," said Chris Wilson, the director of research, analytics and digital strategy at WPA Intelligence. "Our data science team all have hard keys," physical devices that verify a user's identity. "So if they were to hypothetically lose their laptop or an if attempted breach on some of our security [were successful], we would be able to … make sure it was mitigated."

As election hacking tactics evolve, so too do defensive protocols. But hackers are always seeking new ways to defeat those systems, and the vicious cycle of escalation shows no sign of ending. In two years, Wilson said, the technology landscape might be dramatically different. "As hackers learn to do more we always have to stay one step ahead."

Learn more:

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.