The hackers leaned back in their chairs and scanned through options to disrupt election day as if they were reading from a menu of chaos. Fake bomb threats. Orchestrated traffic jams. A botnet of faux Twitter accounts to spread discord. In a simulated exercise put on by the Boston-based cybersecurity firm Cybereason Sept. 20, a team of seven hackers tried to outwit a group of current and former law enforcement officials from the Massachusetts area. In the end, the hackers did not need to be selective about their options. They decided to combine all of their ideas into a concoction of havoc to pick apart the simulated voting day.
“We wanted to sow chaos with the intention of disrupting the election,” said Danielle Wood, director of advisory services at Cybereason, who was a member of the hacker team. “The stakes are low for us. If we fail, we can always try again tomorrow.”
In the simulation, the attackers were able to spread misinformation, hack the election registration lists and alter the voting locations displayed on public websites.
Law enforcement officials who participated in the exercise said they likely would have postponed the vote.
The red team of hackers “would have severely eroded confidence in having a smooth election,” said Sean Maloney, who works for the FBI’s Boston Division and headed the team of law enforcement officers. “It is a target that is very attractive. It is the cornerstone of our democracy.”