Election Security 2020

September 2020 – November 2020

In the weeks leading up to the 2020 election, technology firms and the U.S. government took steps to prevent and combat election interference in cyberspace. Nonetheless, there were still a handful of incidents.

Start
A Microsoft logo is seen on an office building in New York City.
A Microsoft logo is seen on an office building in New York City. REUTERS/Mike Segar/Files
Foreign Hackers Target Microsoft Customers With Ties to the Election

After months of monitoring and coordinating with victims, Microsoft publicly discloses Chinese, Russian, and Iranian targeting of the election campaigns of former Vice President Joe Biden and President Donald Trump, U.S. think tanks, political consulting firms, and advocacy groups. The attacks attempt to compromise customer accounts, though Microsoft claims that it detected and stopped the majority of them before they could cause harm.

Supporters cheer as U.S. President Donald Trump delivers remarks at the Turning Point USA Student Action Summit.
Supporters cheer as U.S. President Donald Trump delivers remarks at the Turning Point USA Student Action Summit. REUTERS/Marco Bello
Social Media Platforms Suspend Accounts of Conservative Youth Group Members

Twitter and Facebook suspend over twenty accounts behind a months-long disinformation campaign run by Turning Point Action, a conservative youth group based in Phoenix. The group paid American teenagers to use their personal social media accounts to spread false information, including tweets claiming that mail-in ballots “will lead to fraud” in the upcoming election and posts on Instagram claiming that 28 million ballots went missing in the past four elections. 

A Facebook sign is seen at the second China International Import Expo.
A Facebook sign is seen at the second China International Import Expo. REUTERS/Aly Song
First Public Disclosure of Chinese Efforts to Influence the Election

Facebook removes a network of over one hundred pages, groups, and accounts posing as Americans based in China that both praised and criticized President Trump and former Vice President Biden. Although the network had limited reach, Facebook’s announcement is the first public disclosure of Chinese efforts to influence the presidential election.

Electronic cables are silhouetted next to the logo of Twitter.
Electronic cables are silhouetted next to the logo of Twitter. REUTERS/Dado Ruvic/File Photo
Twitter Removes Over One Hundred Iranian Accounts

Intelligence shared by the FBI prompts Twitter to remove 130 Iranian accounts that were attempting to disrupt online discourse during the presidential debate. In a public statement, Twitter says that the accounts had a minimal effect and were quickly removed.

A supporter of President Donald Trump holds an U.S. flag with a reference to QAnon during a Trump 2020 Labor Day cruise rally.
A supporter of President Donald Trump holds an U.S. flag with a reference to QAnon during a Trump 2020 Labor Day cruise rally. REUTERS/Carlos Barria
Facebook Bans QAnon

Facebook announces that it is banning and deleting groups and pages affiliated with the conspiracy theory movement QAnon. Although individual accounts will still be permitted to post, the new policy aims to prevent QAnon followers from further organizing. 

U.S. Assistant Attorney General for the National Security Division John Demers takes a question from a reporter.
U.S. Assistant Attorney General for the National Security Division John Demers takes a question from a reporter. Andrew Harnik/Pool via REUTERS
Department of Justice Seizes Domain Names Used by Iran’s Islamic Revolutionary Guard Corps

The Department of Justice (DOJ) confiscates ninety-two domain names used by Iran’s Islamic Revolutionary Guard Corps to spread propaganda to audiences in the United States, Western Europe, the Middle East, and Southeast Asia while disguised as genuine news outlets. Four of the domains were designed specifically to “target the United States with pro-Iranian propaganda in an attempt to influence the American people to change United States foreign and domestic policy toward Iran and the Middle East.”

Poll workers pack up voting machines at an early voting location in Georgia.
Poll workers pack up voting machines at an early voting location in Georgia. REUTERS/Chris Aluka Berry
Georgia County Election Systems Hit by Ransomware

Election infrastructure in Hall County, Georgia, including a voting precinct map and voter signature database, suffers a ransomware attack, marking the first known instance of ransomware affecting election systems during the 2020 presidential election. 

SSgt June Sterbank, Boundary Technician, works at the 561st Network Operations Squadron.
SSgt June Sterbank, Boundary Technician, works at the 561st Network Operations Squadron. REUTERS/Rick Wilking
Justice Department, Cyber Command, and Microsoft Join Forces Against Russian Botnet

Following U.S. Cyber Command strikes against Russian botnet Trickbot, a U.S. district court in Virginia issues an order allowing Microsoft to seize servers used by the network. Although the court order is granted on the grounds of trademark infringement, the decision is driven by concerns that Trickbot ransomware could threaten computers used to report on election results or maintain voter registration records.

U.S. President Donald Trump holds up a front page of the New York Post.
U.S. President Donald Trump holds up a front page of the New York Post. REUTERS/Jonathan Ernst
Facebook and Twitter Limit Spread of New York Post Story

The New York Post publishes a series of unconfirmed allegations against Hunter Biden. Citing hacked materials, privacy violations, and potential misinformation, Twitter and Facebook attempt to slow the spread of the article, which mirrored elements of Russian influence campaigns in 2016. Twitter also suspended accounts, including the official account of President Trump's reelection campaign and White House Press Secretary Kayleigh McEnaney, for sharing content related to the reports.

A poster showing six wanted Russian military intelligence officers is displayed.
A poster showing six wanted Russian military intelligence officers is displayed. Andrew Harnik/Pool via REUTERS
Department of Justice Indicts Russian Military Hackers

The Department of Justice indicts six officers of the Russian Main Intelligence Directorate, a military intelligence agency of Russia's General Staff of the Armed Forces, for carrying out sophisticated cyberattacks beginning in 2015 that cause billions of dollars in damage globally.

U.S. Rep. John Ratcliffe (R-TX) testifies before a Senate Intelligence Committee nomination hearing.
U.S. Rep. John Ratcliffe (R-TX) testifies before a Senate Intelligence Committee nomination hearing. Gabriella Demczuk/Pool via REUTERS
Iranian Hackers Send Threatening Emails to Registered Democrats

Russian and Iranian hackers obtain U.S. voter registration information. Iranian hackers send thousands of threatening emails to registered Democrats to cast doubt on the security of mail-in ballots. U.S. intelligence officials emphasize that there is no indication that any election result tallies were changed or that information about who is registered to vote was altered.

Department of Homeland Security (DHS) Acting Secretary Chad Wolf (L) and Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs speak to reporters at CISA’s Election Day Operation Center.
Department of Homeland Security (DHS) Acting Secretary Chad Wolf (L) and Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs speak to reporters at CISA’s Election Day Operation Center. REUTERS/Kevin Lamarque
Russian Hackers Breach State and Local Government Networks

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI announce [PDF] that Russian hackers have breached several state and local government networks and exfiltrated data from at least two victim servers since September. CISA and the FBI notify victims and state that there is no evidence to date that integrity of election data has been compromised.

Facebook CEO Mark Zuckerberg.
Facebook CEO Mark Zuckerberg. Mandel Ngan/Pool via REUTERS
Facebook Warns of Perception Hacking

Facebook officials remove Iranian influence network and warn that foreign actors could attempt to hype their own impact on the U.S. election to “weaponize uncertainty to sow distrust and division” about the vote—a strategy called “perception hacking.” “Overstating the importance of these campaigns plays into the hands of malicious actors, whether foreign or domestic, and we should not take the bait,” said Nathaniel Gleicher, head of cybersecurity policy at Facebook.

Members of the Pinellas County canvassing board process ballots on Election Day.
Members of the Pinellas County canvassing board process ballots on Election Day. REUTERS/Octavio Jones
Ransomware Group Releases Private Voter Data in Georgia After Ransom Not Paid

Voters’ private information taken from government databases in Hall County, Georgia is published on a website belonging to the DoppelPaymer ransomware group after officials allegedly refuse to pay a ransom. The leaked information includes voter names and registration numbers, an inventory of election equipment, and ballots identified to contain mismatched signatures. Parts of Hall County’s election infrastructure, including a voting precinct map and voter signature database, were first compromised by ransomware on October 7.

A reporter's laptop shows the Wikipedia blacked out opening page.
A reporter's laptop shows the Wikipedia blacked out opening page. REUTERS/Yves Herman
Wikipedia Restricts Edits on Election-Related Pages

Wikimedia announces that Wikipedia pages tied to the presidential election will face additional protections to prevent the spread of disinformation. New accounts with limited contribution history will be unable to edit pages such as “2020 election.” In their release, Wikimedia writes, “if the internet is the most important battleground in next week’s U.S. presidential election, then Wikipedia is the Web’s neutral zone.”

National Security Agency Director General Paul Nakasone addresses a briefing on election security.
National Security Agency Director General Paul Nakasone addresses a briefing on election security. REUTERS/Carlos Barria
Cyber Command Reveals Global Threat Hunting Operation

Officials from U.S. Cyber Command inform the New York Times that it sent teams across the globe to identify and undermine foreign hacking groups ahead of the U.S. presidential election.

Barton Foley casts his ballot on Election Day.
Barton Foley casts his ballot on Election Day. REUTERS/Bryan Woolston
"Just Another Tuesday on the Internet"

Election day passes without any major disruption from cyberattacks. "For the most part today it's been a little boring and that's a good thing — this is kind of one of those best-case scenarios that we would hope for," says a senior official from the Cybersecurity and Infrastructure Security Agency.

U.S. President Donald Trump taps the screen on a mobile phone at the approximate time a tweet was released from his Twitter account.
U.S. President Donald Trump taps the screen on a mobile phone at the approximate time a tweet was released from his Twitter account. REUTERS/Leah Millis
Twitter Begins Flagging President Trump's Tweets

On Tuesday night, Twitter flags the first of many tweets by President Trump for containing misleading information, including premature declarations of victory and accusations of election fraud. Social media platforms continue to flag misleading posts as vote tabulation remains ongoing.

Election Security 2020