In 2024, elections have been scheduled in 55 countries, giving more than 2 billion voters the opportunity to choose their leaders and enjoy their democratic rights. While parties leave no stone unturned to propagate their agendas and win the hearts (and votes) of citizens, some bad creatures of the cyber world are planning ahead of upcoming elections to plague them with social engineering, phishing, and spoofing attempts.

It’s not new for these bad actors to take advantage of sensitive and critical situations, but with the growing penetration of machine learning and artificial intelligence-based tools, it’s getting easier for them to plan and attempt attacks, severely impacting the governments and citizens both.

America’s Cybersecurity & Infrastructure Security Agency (CISA) is anticipating the use of chatbots, AI-generated voice, and videos to spread false information about the time, manner, or place of voting via texts, emails, social media channels, phone calls, or print mediums. They are scared that AI-generated deepfake videos could be exploited to harass, impersonate, or delegitimize election officials. 

All these can strongly influence voters‘ decisions and opinions, attacking the whole idea and foundation of democracy.

 

The Anticipatory Threats and Damages to the 2024 Elections

Threat actors practice varying techniques to directly disrupt the voting process or indirectly influence the voters’ opinions in their favor. The common methods are attacking voting system software and hardware to interfere with recording, tallying, and transmitting votes properly. Bad actors are expected to exploit network systems or attempt to change vote counts covertly. 

Some of the not-so-direct strategies could be compromising government systems that give logistical information to voters or store voter registration data. These are most likely to happen through DDoS attacks or website defacements against government systems. Additionally, political candidates, parties, donors, and advocacy groups can be targeted through hack-and-leak operations aimed at discrediting them.

Malicious actors will target elections by generating disruptive narratives, undermining confidence in elections’ outcomes. 

 

Cyber Threats to Global Elections

Image sourced from cloud.google.com

 

The Notable 2016 United States Presidential Election Meddling

The 2016 US presidential election meddling was a complex and multi-faceted effort that involved different tactics played by Russian intelligence agencies. They aimed to manipulate the outcome of the elections by hacking into the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC) to get their hands on thousands of emails and documents containing sensitive details.

They released the stolen data on WikiLeaks and other platforms, disturbing the unity of the party members.

To add more to the damage, Russian operatives created fake accounts on Facebook, Twitter, and Instagram to spread discordant and misleading information, fueling polarizing political viewpoints

Later, the 2022 US midterm elections also observed a sudden increase in DDoS attacks allegedly deployed by pro-Russian hacktivist groups, however, no concrete evidence was found.

 

India Witnesses a Rise in Deepfake Content Ahead of Lok Sabha Elections 2024

In late April 2024, a doctored video of Amit Shah, the Minister of Home Affairs of India, was released. The original statement in the video indicated a commitment to abolish quota for Muslims on religious grand in Telangana but it was doctored to make it sound like the BJP stands against the reservations in the country.

 

Rise in Deepfake

 

Although an official complaint was registered immediately and the video was removed within 3 hours as it was proved to be tampered with, otherwise it could have wreaked havoc in the country on the grounds of religious biasism.

 

How Can Party Candidates, Members, and Supporters Defend Themselves Against AI-Driven Phishing and Ransomware Infesters 

Practice the following to limit opportunities for attackers to impersonate, harass, or influence you while also ensuring your phishing protection

  • Keep your social media accounts private so that adversaries don’t get easy access to your images, voice, and lifestyle. They can use social engineering tactics to fool you into taking actions in their favor.
  • Report instances of harassment to the relevant authorities.
  • Adopt zero-trust security principles to disallow unauthorized access to data and services. Also, move towards specific and detailed access control enforcement.
  • Implement email authentication protocols like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) to direct recipients’ mail servers to place illegitimate emails sent from your domain in the spam folders or rejecting their entry outright.

 

cybersecurity

 

  • Before any sensitive information is released in public on behalf of your party, verify requests using alternate channels and implement identity authentication tools for immediate communications. 
  • Human verification methods like zero trust identities, CAPTCHAs, and physical checks help distinguish human users from automated processes. Deploying these tools on forms and open records requests, particularly on website submissions, can minimize the influx of fraudulent requests an office encounters. Regularly assess authentication measures to ensure they remain effective against advancing capabilities, including AI-driven ones, such as employing tools with AI-hardened tasks or utilizing hardware-integrated software actions like rotating a phone.