Ahead of Super Tuesday, US elections face existential and homegrown threats
Misinformation is rife, AI makes it easier to create, and 42 percent of the planet’s inhabitants get to vote this year
Feature Two US intelligence bigwigs last week issued stark warnings about foreign threats to American election integrity and security – and the nation's ability to counter these adversaries.
"This election cycle, the US will face more adversaries, moving at a faster pace, and enabled by new technology," warned FBI director Christopher Wray, speaking at the Intelligence and National Security Alliance breakfast on Thursday.
"Advances in generative AI, for instance, are lowering the barrier to entry – making it easier for both more and less-sophisticated foreign adversaries to engage in malign influence, while making foreign-influence efforts by players old and new more realistic and difficult to detect," Wray continued.
A few days earlier, US senator Mark Warner (D-VA), who chairs the Senate's Intelligence Committee, told Trellix CEO Bryan Palma that the United States is less prepared to combat foreign intervention in the 2024 elections than was the case in 2020.
In addition to China, Russia, Iran, and other nations meddling in American politics this year, homegrown criminals remain a very real menace to free and fair elections.
On Wednesday, an Alabama man was arrested for allegedly using social media to threaten election workers in Phoenix at around the time of Arizona's primary elections in August 2022.
"[Y]ou people are so ducking [sic] stupid," 59-year-old Brian Jerry Ogstad, of Cullman, allegedly posted, later accusing the election workers of treason and claiming "You will all be executed."
And a couple of days earlier, a political consultant admitted to paying a magician to create that fake Biden robocall urging people not to vote in New Hampshire's primary election.
All this came about in the lead-up to Super Tuesday – March 5, when 15 US states and one territory will vote in their respective primaries.
Misinformation 'the biggest threat'
It's important to realize that election security is a more complex challenge than just heading off worst-case scenarios, such as hijacked voting systems. Elections can be undermined with misinformation and bogus news planted to deter voting, or sow division and disillusion. Leaks of stolen, manipulated messages and other data from candidates and officials can also influence voters.
The process of casting, collecting, and counting ballots, and announcing results, can be secured – but that still leaves things like influence campaigns, cyber-attacks, and network intrusions that can potentially sway citizens. There are a lot of moving parts to keep an eye on.
"With elections, the biggest threat is misinformation, disinformation, from foreign and domestic [sources]," Crystal Morin, a cybersecurity strategist at infosec tools vendor Sysdig told The Register.
"Honestly, it doesn't really matter whether it's coming from a foreign adversary or someone in the US. None of it's good. We need to try to defend against that, and differentiate true from false as best we can."
Prior to joining the security outfit, Morin spent about a decade in various national security roles – including serving in the US Air Force and working for consultancy Booz Allen Hamilton.
As Super Tuesday approaches and the election season kicks into high gear, "I fully expect that there'll be a lot more of this," she added. "And probably a lot of hesitancy in voters. Everyone should have some level of cyber security acumen going into this election, especially after what's happened over the last couple of years."
This includes getting election information and news from official and reputable sources – "not TikTok or an advertisement on Facebook," Morin noted.
But frankly, that's a big ask.
US 'less prepared' for election intervention in 2024
Senator Warner, during his fireside interview with Palma at the Trellix and Scoop News Group cyber security summit in Washington, DC, noted that nearly "a majority of our young people get most of their news from TikTok."
"I worry that we are less prepared for foreign intervention in our elections in 2024 than we were in 2020," Warner opined, noting a handful of reasons for his fears.
"One is that if you're Russia, you very much have a candidate and we very much know it's cheaper to intervene in our election than it is to build new ships and planes and tanks," the Democrat explained, ostensibly referring to ex-president and current Republican front runner Donald Trump.
"Second, we've got a whole lot more Americans in 2024 that are more willing to believe, or have less faith, in our system to start with."
Plus, there's the ongoing legal effort to block government agencies like CISA from trying to curb misinformation spread on social media.
"We had testimony recently on the intel side that NSA, CISA, ODNI, FBI have had no communications with any of the social media platforms on election interference since July of last year," Warner revealed. "And that ought to scare the hell out of all of us."
And finally: AI. "The kind of manipulation taking place in 2016 looks like child's play at this point," Warner declared. "AI can do this at a scale and speed that's unprecedented."
Don't forget deepfakes
There seems to be a common fear among election security experts that The Register spoke with for this story: misinformation, coupled with AI-based threats including deepfake videos and robocalls, poses the biggest risk in 2024.
"Certainly gen-AI" is the biggest threat to this year's elections, agreed Karan Sondhi, Trellix CTO for the public sector.
"We're already seeing nation-state actors and cyber criminals experimenting with its use," she told The Register, citing AI-generated videos, sophisticated deepfakes, and bot farms automating misinformation.
"We most often observe disinformation generated from actors outside of the United States – Russia and China directly, and through partnerships with cyber criminals," Sondhi explained. "Groups are actively engaged in sowing seeds of doubt about the validity and fairness of US elections, the way in which elections are administered, and whether the outcome of the presidential election can be trusted."
Chris Henderson, senior director of threat ops at managed cybersecurity platform provider Huntress, referenced the Biden robocall and deepfakes.
"Consumers are already struggling to identify impersonations of businesses through phishing emails and text messages due to a lack of education and awareness of these threats," he told The Register.
"Expecting these same consumers to be able to determine whether a robocall is AI-generated would be a recipe for disaster, especially when the consequences touch on something so core to the foundation of our country: free and fair elections."
CrowdStrike, in its Global Threat Report, noted two potential threats at the "forefront" of 2024: generative AI and this year's global government elections.
People from 55 countries, representing more than 42 percent of the global population, will (or will be able to, at least) vote in a presidential, parliamentary, and/or general election in 2024. This includes seven of the ten most populous countries.
According to the report:
2024's potential to transform geopolitics around the globe for the near future will likely give adversaries numerous opportunities, and a considerable strategic impetus, to target entities involved in electoral processes throughout the coming year.
"We're seeing disinformation, misinformation be a huge factor," warned Adam Meyers, head of counter adversary operations at CrowdStrike. "We've already seen that in Taiwan, we've seen generative-AI use of President Biden's voice in robocalls, and this is going to get worse – not better – throughout the course of the year."
Meyers attributed this to a lowered barrier to entry for things like deepfakes, plus the widespread availability of powerful graphics processors.
On GitHub alone there are more than 3,000 repositories related to deepfake technology, and Telegram hosts between 400 and 500 channels and groups offering deepfake services, according to a Check Point report on deepfake threats to US elections.
The cost of these vid-generating services starts as low as $2 per video, and can reach up to $100 for multiple videos, the security firm found, noting that the price makes it "alarmingly affordable to commission deceptive content."
- Man admits to paying magician $150 to create anti-Biden robocall
- Days after half a billion Asians went to the polls, Big Tech promises to counter 2024 election misinformation
- Iran's cyber operations in Israel a potential prelude to US election interference
That combination of cheap prices and a receptive audience doesn't bode well for the rest of the year.
"Things are very polarized here in the US," Meyers told The Register. "Some people are looking for a specific message. And if you get a disinformation campaign with a deepfake that tells you that message," the fake news gets reinforced, and more readily believed and spread.
"But that's not truly a cyber problem," Meyers noted, explaining that misinformation is usually spread via social media and other forms of electronic communications. "The cyber problem is going to be tied to hack-and-leak operations. If you hack into one candidate's email and start leaking stuff, and then you use that leak of legitimate information to launder disinformation or misinformation, you've got a big problem."
The bottom line is that 2024 is going to be a wild ride. ®