Hackers and trolls target the US midterms, but the extent of foreign influence remains unclear

The US midterm elections today (Tuesday) are being closely watched by cybersecurity experts – not least because of the Russian interference accusations surrounding the US presidential elections two years ago.

On Monday, Facebook acted on a tip from (unnamed) US law enforcement sources by suspending 115 accounts linked to “coordinated inauthentic behavior”, the latest in an ongoing series of whack-a-mole clampdowns.

The suspect 30 Facebook and 85 Instagram accounts involved in the latest wave of suspensions are been investigated by the social media giant.

“Almost all the Facebook Pages associated with these accounts appear to be in the French or Russian languages, while the Instagram accounts seem to have mostly been in English, some were focused on celebrities, others political debate,” the social media giant in an election update yesterday.

It’s as yet unclear whether or not the suspended accounts were run by groups such as Russia’s Internet Research Agency (implicated in coordinated trolling around the 2016 US presidential election) or other mendacious foreign entities.

Sean Sullivan, a security advisor at F-Secure, told The Daily Swig that Facebook often talks about stricter rules about candidate ads to deflect awkward questions about such “inauthentic account activity”.

“Facebook has introduced stricter rules for candidate ads but the real issue centers around the promotion of pages and group membership rather than candidates,” Sullivan explained.

Sullivan reckons the bigger challenge to the midterm elections comes from domestic US trolls looking to suppress the vote rather than foreign entities attempting to sow the seeds of discord.

“I suspect/trust that Facebook is hunting for all troll accounts. But it’s only going to make announcements about the potentially nation-state ones,” he said.

Suppression and manipulation

Suppression of the vote can come can involve discontents telling people to go and vote in the wrong place (US polling stations are subject to not infrequent change) or launching denial of service attacks against voting information websites.

Manipulation of sites reporting the voting from precincts is another possibility, according to Sullivan. The political science graduate noted that Facebook has been active in clamping down “don’t go out to vote” campaigns on its platform.

Hackers have targeted voter registration databases and other election infrastructure in the run-up to Tuesday’s vote, according to Department of Homeland Security election threat reports seen by the Boston Globe.

The nationwide attacks extend from bogus requests for voter registration forms all the way up to complex attempts to push malware onto election systems, according to the paper.

There is less of a focus of hostilities in the midterm election compared to the presidential election two years ago, largely because Hillary Clinton is such as polarizing character in US politics, but there will nonetheless be hard-fought battlegrounds in Tuesday’s campaign.

Key votes include the Georgia gubernatorial race and the vote for a senator in Florida. A ballot on whether to give felons the vote in the Sunshine State is also likely to be contentious.

GRU watching closely?

Russian military intelligence (GRU) was blamed for orchestrating an influence campaign against Hillary Clinton during the 2016 presidential election but it appears to be “lying low” this time around, according to Sullivan.

To the extent organizations such as the IRA are involved in anything it is in playing both sides by encouraging both protests and counter-demonstrations on contentious issues such as migrant rights.

Priscilla Moriuchi, who led the National Security Agency’s East Asia and Pacific cyber threats office prior to joining threat intel firm Recorded Future, disagreed with this assessment and said Russia actively engaged in cyber operations in the run up to the elections.

“For the past several months, Recorded Future has been researching Russian cyber operations in the run-up to the 2018 US midterm elections,” she explained.

“While we believe that we have identified only a portion of the full scale of the operation, important trends have emerged that may be applicable to larger Russian operations targeting the US.”

She added: “In particular, that Russian influence operations have continued and evolved since 2016 and that the content propagated by these operations has shifted focus from verifiably false information (or ‘fake news’) to hyper partisan perspectives.”

Moriuchi, director of strategic threat development at Recorded Future, explained that Russian efforts to influence public discourse about the 2018 US midterm elections, have included advocacy for specific candidates and policy positions.

“A dominant trend in the propagated content are, hyper partisan, or sharply polarized perspectives on legitimate news stories,” she explained. “Propagation of fake news disseminating verifiably false information still occurs but has been largely supplemented by extremely biased or opinionated content.”

Tactics have shifted over the past two weeks to appear more real and legitimate, Moriuchi concluded.

“We have insight primarily into ‘right trolls’, largely supportive of President Trump. We assess that ‘left trolls’ are also likely leveraged by Russian influencers, but that the network we currently have identified is targeting the far right of American political discourse,” she said.