As the US grapples with an election season rampant with mistrust and conspiracy theories, federal officials are warning Americans about threats to undermine the integrity of the vote – and how to avoid them.
Mail-in ballots, massive turnout and the pandemic could combine to delay the outcome of this year’s presidential election, providing a wide window for scammers and others to spread false information.
Social media is again populated by false election claims. Adding to the confusion, Microsoft says Russian, Chinese and Iranian hackers have targeted people and organizations involved in the election.
“A significant number of Americans appear susceptible to believing unproven claims,” Daniel A. Cox, director of the Survey Center on American Life and co-author of a report on US conspiracy theories, said in a statement. “Politically motivated conspiracy theories find a receptive audience among both Democrats and Republicans.”
Both the FBI and the Cybersecurity and Infrastructure Security Agency, which protects the nation’s infrastructure, have reassured voters that they’re working to protect the election’s integrity.
But the two agencies are urging Americans to keep an eye on the following threats:
False reports of leaked voter data
The stakes in this year’s election aren’t just high in the US. “Foreign actors” and cyber criminals may try to discredit the results by spreading disinformation, the FBI and CISA say. These false claims could include reports of ballot fraud, cyberattacks targeting election infrastructure, and other related issues that could make voters question whether the election is legitimate, federal officials say.
Hackers may also spread false reports that they obtained and leaked US voter registration data. But don’t worry, the feds say.
“In reality, much US voter information can be purchased or acquired through publicly available sources,” both federal agencies say. “While cyber actors have in recent years obtained voter registration information, the acquisition of this data did not impact the voting process or the integrity of election results.”
Public leaks of voters’ information do occasionally happen. In 2017 the personal information of almost 200 million registered US voters was accidentally exposed online by a Republican analytics firm.
Misleading online journals
Foreign governments have used pseudo-academic online journals to spread false information in the past. And they may use them again to try to influence the outcome of the election, the FBI says.
Such fake online journals could express support for specific candidates, allege voter suppression, amplify reports of real or alleged cyberattacks on election infrastructure and assert voter fraud, federal officials say.
Foreign actors employ social media and other online platforms to increase the journals’ global reach and give them credibility.
“Such sites could be employed … to manipulate public opinion, increase societal divisions, cause widespread confusion, discredit the electoral process and undermine confidence in US democratic institutions,” the FBI and CISA say.
Fake websites and email accounts
Cyber criminals have mastered the art of spoofing email domains. During elections, they use that to fool people into thinking that websites or emails are legitimate, federal officials warn.
“Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses,” the FBI says.
These crooks set up fake domains by making small changes to words (“electon” instead of “election”). Or they masquerade as official government sources but use an alternative domain, such as a dot.com instead of dot.gov site.
Even so, “if cyber criminals were able to successfully change an election-related website, the underlying data and internal systems would remain uncompromised,” the FBI and CISA say in a joint report.
Cyberattacks that slow election systems
Criminals also have tried to target election systems, federal officials say. While that can slow a system or make it temporarily inaccessible to election officials, it does not prevent voting or the reporting of results.
“The FBI and CISA have no reporting to suggest cyber activity has prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information,” the agencies say in a statement.
“Any attempts tracked by FBI and CISA have remained localized and were blocked, minimal, or easily mitigated,” the agencies say.
Federal officials say such attempts would be difficult to conduct undetected. And even if hackers did succeed in affecting voting, election officials say they have multiple safeguards and plans in place. They include provisional ballots so registered voters can cast ballots and paper backups.
How to thwart these threats
The federal agencies are providing tips on how to beat these scams:
- Ensure reports about election irregularities are from a credible source such as the media, state and local election officials. Always be aware of who’s sharing the information and their potential intent.
- Before sharing reports on social media, where they can take a life of their own, make sure they’re from reliable sources.
- Most social media platforms have ways to report suspicious posts and false information. Make use of them.
- Report any potential election crimes – such as false information about where to vote – to the FBI.
- Double-check web and email addresses to make sure they’re not imitations of legitimate election sources.
- Update your anti-malware and anti-virus software, along with your operating systems.
- Don’t open unknown emails or attachments, and avoid clicking on questionable files or links.
While voters should be concerned about election threats, they should not be worried about the integrity of their vote as long as they can verify that the systems in place have the appropriate safeguards, said Allyn Lynd, a senior adviser at Critical Start, a cybersecurity company in Texas.
“The US Election Assistance Commission — a federal agency that serves as a resource for election administrators and vendors – conducts testing and certification of voting machines,” he told CNN.
But if anyone believes their vote has been tampered with, they should notify election officials at their polling place and report it to federal agencies such as the FBI.
“The public should be aware that election officials have multiple safeguards and plans in place — such as provisional ballots to ensure registered voters can cast ballots, paper backups, and backup pollbooks — to limit the impact and recover from a cyber incident with minimal disruption to voting,” Lynd said.
The best protection to ensure a vote is correctly recorded, counted and tabulated is a paper trail showing all those steps, he said.