Hacking specialist warns of election e-mail attacks
Heading toward Election Day in the U.S., hackers may target your inbox instead of the ballot box.
It’s difficult to alter overall ballot counts in the U.S., which doesn’t have a centralized voting system, but hackers could take advantage of the Nov. 8 election to dupe people and gain access to their personal information, according to Oren Falkowitz, chief executive officer of Redwood City, Calif.-based Area 1 Security.
Hackers regularly capitalize on world events from the G-20 summit to the Super Bowl to craft phishing campaigns that let them access computer networks, he said.
“People should expect that the theme of the election will be used as a lure — whether it’s to influence the election or not,” Falkowitz, a former National Security Agency analyst and director of technology and data science programs at U.S. Cyber Command, said Thursday. “It’s part of the dynamic that people are going to use to gain access and to cause harm.”
With U.S. voters getting deluged with campaign and election-related e-mails — not to mention pre-recorded phone calls and mailers — many may have their guard down when it comes to clicking on a link or attachment that deploys malware or gets users to enter their login credentials.
The high-profile release of hacked personal e-mails from political figures such as former Secretary of State Colin Powell and Hillary Clinton’s campaign chairman John Podesta are part of this pattern, said Falkowitz, adding that his company saw phishing attacks linked to Hurricane Matthew in Florida.
His company sells technology to prevent phishing, in which hackers typically obtain confidential information by sending an email that looks legitimate and includes a link to a website that mimics the real one, or contains an attachment with malware.
In terms of the actual vote, hackers could create confusion or meddle with turnout with false information about changes to precinct locations. They could also target political campaigns or media organizations with polling claims. Still, the “vast majority being victimized are private citizens,” he said.
“You might see, as an example, something like ‘Click here to get a free bus ride to the polling station,’ or ‘Hey, go to this precinct’ or ‘Hey, don’t go to this precinct,’ ” he said.
The threat of cyber breaches in this election cycle was heightened following the release of e-mails hacked from the Democratic National Committee on the eve of Hillary Clinton’s formal nomination as the party’s presidential candidate. On Oct. 7, U.S. intelligence officials said publicly for the first time that intelligence agencies are “confident that the Russian government directed” the hacking and subsequent disclosures “to interfere with the U.S. election process.” Russia has rejected the accusations.