Election systems across the world are vulnerable to attack by malicious cyber actors, cyber intelligence company FireEye warned in a new report released today. The report comes weeks after the UK’s National Cyber Security Centre (NCSC) warned that some areas of the British electoral system were also vulnerable to cyber attack, despite the country’s heavily paper-based ballot system. “There are central vote tabulating machines that may be connected to an Intranet or the public Internet. It may be possible for remote adversaries to attack those machines”, FireEye said. It admitted, however, that it has not observed attacks against elections infrastructure, and that the US’s decentralised and unstandardised voting system, “a nation-wide coordinated attack on voting machines would require high technical sophistication, lengthy planning, and extensive resources.”
The California-based company highlighted weaknesses in electronic voter registration, DDoS against state elections websites, attacks against voting machines, and attacks against election management systems.
DDoS or website defacement is popular with cyber actors to prevent voters from locating and accessing their local polling station location.
During the 2015 Russian local elections, cyber threat actors conducted low-impact DDoS attacks against eight websites, including the country’s President, Central Commission and four opposition news websites. FireEye suggested the actors involved were trying to disrupt the political process in Russia.