The midterms will take place in just a few days. During the lead up to the elections, much has been said about the weaknesses in voting machines as well as the manipulation tactics used by nation state actors such as Russia. But another, less obvious, threat is distributed denial of service (DDoS) attacks, which see a target such as a voting registration website flooded with traffic, rendering it useless.
The damage possible from this type of cyber-assault has already been seen. In 2011, South Korea became a victim of DDoS attacks designed to reduce turnout by preventing citizens from learning where to vote in its election.
Meanwhile, several DDoS attacks took down a congressional candidate’s website during this year’s California primary. The Knox County election commission website was also attacked in 2018, just as the primary election results were being posted. The fall-out was two-pronged: The results couldn’t be posted, while the attack served as subterfuge for another, more stealthy intrusion against a county server.
Michael McNerney a product manager in Cyber Threat Intelligence at NETSCOUT, thinks DDoS is a major threat to the midterms. “DDoS attacks aimed at election infrastructure such as voter databases can prevent officials from accessing crucial information about who is qualified to vote,” McNerney points out. “Similarly, DDoS attacks against election websites can prevent accurate and timely results from being shared with the public, undermining credibility and sewing confusion.”
He thinks DDoS should be considered a form of information warfare. “While a great deal of recent focus has been on disinformation campaigns, DDoS is about denial of information, which can be just as – if not more – dangerous,” says McNerney.
He points out: “An actual DDoS attack could not only cause confusion about the results of an election, it could also potentially undermine public faith in our entire democratic system.” – Forbes