Study: Hackers Will Exploit Upcoming U.S. Election
Hackers and cyber criminals will use the upcoming U.S. presidential election to attempt to trick unsuspecting citizens into giving away personal data as well as breach online accounts of candidates, election staffers and media outlets, a study released Dec. 2 said.
The annual report, released by Raytheon/Websense — a joint venture between Raytheon and Vista Equity Partners — outlined looming cyber threats and offered predictions of what might lie ahead in 2016.
“For the next year there’s going to be a heightened risk to anybody involved in this political process,” said Bob Hansmann, director of product security at Raytheon/Websense.
“Anybody participating in the campaign process — which goes for news agencies, private bloggers as well as the candidates and all of their staff — are potential targets,” he said. “Some of this could be just a hack … [to] cause disruption, other attacks could be extremely tactically planned to occur, say, the night before a particular state caucus takes place, a debate [or] around the convention.”
These hackers may just want to cause a harmless annoyance, but some may attempt to torpedo particular campaigns. Others may employ phishing scams to try and make money, he said.
Social media will be the “primary vehicle to raise awareness of campaign messages and events,” the report said. That will give hackers ample opportunities to strike.
“Attackers will use the 2016 election and related campaign issues to craft email lures and misdirects in order to push malware payloads with the intent to compromise,” the report said. “Expect lures made to look like political party or candidate email, advocating an online petition or survey about specific election issues, linking to a supposed news story, or relaying information about voter registration or debates.”
Hackers may also create confusion by hacking into candidates' Twitter accounts and sending false information, Hansmann said. For instance, the night before an election an infiltrator could hack into a candidate’s account and say that he or she has suddenly withdrawn from the election. That could have major ramifications, he said.
Additionally, hackers might try to break into candidates' private accounts to look for embarrassing information that could be made public, he said.
Campaigns must have a dedicated person on staff to help balance security with distributing information, he said.
“Anybody engaged in elections, they’ve got to have somebody responsible for it,” he said. “It’s got to be a senior member of their staff who is constantly thinking of the security angle.”
Another prediction is an increase in financial data being stolen from people using mobile wallets.
“As adoption and the types of transactions capable on mobile phones increases, malware authors will also increase their efforts to steal from a digital wallet,” the report said. “Mobile malware will evolve to use these payment methods to commit fraud. As the cell phone continues to become the preferred two-factor source of authentication for many financial transactions, it has also increased the value of exploiting the mobile device or its applications to empower much more theft than currently seen.”
Additionally, there are vulnerabilities as Americans continue to connect more and more devices to the Internet, the report said.
“The websites, apps and electronic devices that comprise the 'Internet of Things' … make navigating personal and business tasks more convenient than ever, but their popularity also means a wider attack surface, expanse of data and range of vulnerabilities for threat actors to exploit,” the report said.
Phishing attacks are still a major problem, Hansmann said. In the last four or five months, many software systems designed to block such emails have been challenged by hackers' changing tactics, he said.
“The bad guys are getting more innovative about how they formulate the content of the emails to make it look more and more legitimate” he said. “Now they’re getting very specific.”