Election Security 2020
In the weeks leading up to the 2020 election, technology firms and the U.S. government took steps to prevent and combat election interference in cyberspace. Nonetheless, there were still a handful of incidents.
After months of monitoring and coordinating with victims, Microsoft publicly discloses Chinese, Russian, and Iranian targeting of the election campaigns of former Vice President Joe Biden and President Donald Trump, U.S. think tanks, political consulting firms, and advocacy groups. The attacks attempt to compromise customer accounts, though Microsoft claims that it detected and stopped the majority of them before they could cause harm.
Twitter and Facebook suspend over twenty accounts behind a months-long disinformation campaign run by Turning Point Action, a conservative youth group based in Phoenix. The group paid American teenagers to use their personal social media accounts to spread false information, including tweets claiming that mail-in ballots “will lead to fraud” in the upcoming election and posts on Instagram claiming that 28 million ballots went missing in the past four elections.
Facebook removes a network of over one hundred pages, groups, and accounts posing as Americans based in China that both praised and criticized President Trump and former Vice President Biden. Although the network had limited reach, Facebook’s announcement is the first public disclosure of Chinese efforts to influence the presidential election.
Intelligence shared by the FBI prompts Twitter to remove 130 Iranian accounts that were attempting to disrupt online discourse during the presidential debate. In a public statement, Twitter says that the accounts had a minimal effect and were quickly removed.
Facebook announces that it is banning and deleting groups and pages affiliated with the conspiracy theory movement QAnon. Although individual accounts will still be permitted to post, the new policy aims to prevent QAnon followers from further organizing.
The Department of Justice (DOJ) confiscates ninety-two domain names used by Iran’s Islamic Revolutionary Guard Corps to spread propaganda to audiences in the United States, Western Europe, the Middle East, and Southeast Asia while disguised as genuine news outlets. Four of the domains were designed specifically to “target the United States with pro-Iranian propaganda in an attempt to influence the American people to change United States foreign and domestic policy toward Iran and the Middle East.”
Election infrastructure in Hall County, Georgia, including a voting precinct map and voter signature database, suffers a ransomware attack, marking the first known instance of ransomware affecting election systems during the 2020 presidential election.
Following U.S. Cyber Command strikes against Russian botnet Trickbot, a U.S. district court in Virginia issues an order allowing Microsoft to seize servers used by the network. Although the court order is granted on the grounds of trademark infringement, the decision is driven by concerns that Trickbot ransomware could threaten computers used to report on election results or maintain voter registration records.
The New York Post publishes a series of unconfirmed allegations against Hunter Biden. Citing hacked materials, privacy violations, and potential misinformation, Twitter and Facebook attempt to slow the spread of the article, which mirrored elements of Russian influence campaigns in 2016. Twitter also suspended accounts, including the official account of President Trump's reelection campaign and White House Press Secretary Kayleigh McEnaney, for sharing content related to the reports.
The Department of Justice indicts six officers of the Russian Main Intelligence Directorate, a military intelligence agency of Russia's General Staff of the Armed Forces, for carrying out sophisticated cyberattacks beginning in 2015 that cause billions of dollars in damage globally.
Russian and Iranian hackers obtain U.S. voter registration information. Iranian hackers send thousands of threatening emails to registered Democrats to cast doubt on the security of mail-in ballots. U.S. intelligence officials emphasize that there is no indication that any election result tallies were changed or that information about who is registered to vote was altered.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI announce [PDF] that Russian hackers have breached several state and local government networks and exfiltrated data from at least two victim servers since September. CISA and the FBI notify victims and state that there is no evidence to date that integrity of election data has been compromised.
Facebook officials remove Iranian influence network and warn that foreign actors could attempt to hype their own impact on the U.S. election to “weaponize uncertainty to sow distrust and division” about the vote—a strategy called “perception hacking.” “Overstating the importance of these campaigns plays into the hands of malicious actors, whether foreign or domestic, and we should not take the bait,” said Nathaniel Gleicher, head of cybersecurity policy at Facebook.
Voters’ private information taken from government databases in Hall County, Georgia is published on a website belonging to the DoppelPaymer ransomware group after officials allegedly refuse to pay a ransom. The leaked information includes voter names and registration numbers, an inventory of election equipment, and ballots identified to contain mismatched signatures. Parts of Hall County’s election infrastructure, including a voting precinct map and voter signature database, were first compromised by ransomware on October 7.
Wikimedia announces that Wikipedia pages tied to the presidential election will face additional protections to prevent the spread of disinformation. New accounts with limited contribution history will be unable to edit pages such as “2020 election.” In their release, Wikimedia writes, “if the internet is the most important battleground in next week’s U.S. presidential election, then Wikipedia is the Web’s neutral zone.”
Officials from U.S. Cyber Command inform the New York Times that it sent teams across the globe to identify and undermine foreign hacking groups ahead of the U.S. presidential election.
Election day passes without any major disruption from cyberattacks. "For the most part today it's been a little boring and that's a good thing — this is kind of one of those best-case scenarios that we would hope for," says a senior official from the Cybersecurity and Infrastructure Security Agency.
On Tuesday night, Twitter flags the first of many tweets by President Trump for containing misleading information, including premature declarations of victory and accusations of election fraud. Social media platforms continue to flag misleading posts as vote tabulation remains ongoing.