X

Midterm elections, social media and hacking: What you need to know

Hackers and propagandists are a threat to US elections. Here's how the US government and tech giants like Facebook and Twitter are working to stop them from interfering with the vote.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
6 min read
Stephen Maturen / Getty Images

When it comes to the 2018 midterm elections in the US, bad actors are still trying to mess with your vote.

Russian hackers and propagandists who interfered in the 2016 US presidential election didn't stop when it was over. They're still trying to influence the vote, and now they're being joined by other countries hoping to influence the midterms, according to the US Department of Homeland Security and other agencies. On Oct. 19, the US Department of Justice indicted a Russian woman for her alleged role in continued election interference, from the time leading up to the 2016 elections through to 2018.

Two years ago, hackers were caught trying to break into voter registration databases and other election infrastructure in at least 21 states during the race between Donald Trump and Hillary Clinton. They also infiltrated email accounts of two major organizations run by the Democratic party, as well as the private emails of members of Clinton's campaign. 

And they leaked thousands of emails to WikiLeaks and other websites, as well as members of the press, to sway public opinion and mislead voters into picking one candidate over another. 

That was on top of the misinformation campaign by professional internet trolls who created American personas on the most widely used social media sites, including Facebook, Twitter and Instagram, posting false news stories and helping plan real-world protests. Earlier this year, US special prosecutor Robert Mueller charged members of a Russian spy agency and people involved in running or working at Russia's Internet Research Agency of crimes relating to the alleged campaign.

Watch this: Justice Department indicts 12 Russian cyberspies suspected in DNC hacking

While hackers haven't been as busy in the lead-up to the 2018 midterm elections as they were, US intelligence agencies and DHS -- which is tasked with helping state and local elections agencies keep their systems secure -- warn that hackers are still active in their efforts to breach election infrastructure.

"The intelligence community continues to be concerned about the threats [toward] upcoming US elections," Dan Coats, director of national intelligence, said at a press briefing in August, "both the midterms and the presidential elections of 2020."

What has been hacked so far?

Most of the hacks that have come to light have either been unsuccessful or limited in their reach. During a Tennessee primary election for county mayor in May, a hacking approach called a DDoS attack flooded Knox County's website with so much traffic the page crashed. The page went down just as polls closed on election night. A more serious DDoS attack could take down pages with important information, like where your polling place is.

Watch this: Election hacking: What you need to know

There's also been a campaign of spearphishing emails targeting US senators running for re-election. Three emails sent to staffers of US Senators tried to trick them into entering their email usernames and passwords. One of the targets was Missouri Democrat Claire McCaskill, but it's not clear who the other two targets were.

Florida Senator Bill Nelson, also a Democrat, said he'd learned of a breach of voter registration systems in the state -- though officials who run the state's elections disputed that claim.

Securing the voting infrastructure

Close-up of a computerized screen displaying a ballot, and a hand reaching to press a red touch-screen button that says, "Vote."

A voting machine at a demonstration in California in 2002.

Getty Images

Hacking experts are trying to make electronic voting machines more secure. That's good, because the machines are notoriously easy to hack

The events of 2016 won extra attention for the vulnerabilities in voting machines and networks used by elections agencies, and those agencies and the federal government have been pushing forward on fixes. However, the fixes by and large won't be in place in time for the 2018 midterms, due in part to slow-moving government funds and bureaucracy.

Still, don't get so scared of hacked voting machines that you decide to sit out the election, experts say. The machines aren't as vulnerable as they sound. The main thing protecting voting machines from a large-scale attack is that they don't connect to the internet, so most vulnerabilities can only be exploited by hackers who have physical access to the machines.

A group of "white hat" hackers tested voting machines for vulnerabilities this summer at the annual Defcon event in Las Vegas. US officials said they hoped the Defcon hackers would identify even more issues than they did in the previous year's effort. They got what they asked for when the hackers released a report in September. It said the vote-counting machines its experts tested were vulnerable, allowing hackers who breached them to "flip the electoral college."

The fix to the voting machine security problem is twofold. First, experts say having a paper record of each ballot is key for auditing votes and catching software glitches as well as potential hacks. Second, computer scientists who've been examining the machines for years say the process for updating software and hardware needs to be streamlined, so problems can be addressed faster. (The answer doesn't include blockchain, they say, despite the enthusiasm of the technology's fans.)

The worst thing that could happen, according to DHS Secretary Kirstjen Nielsen, is an argument after the election over whether the vote was compromise. The discord is more likely than an actual hack, she said Friday, November 2.

Social media gets serious about trolls

Major social media companies have tried to show that they're taking abuse of their platforms seriously. That's meant rooting out organized campaigns run by users who lie about their identities and giving ordinary users more information about the political ads they're seeing.

Facebook CEO Mark Zuckerberg has created a dedicated team to fight fake news. It's also set up a war room to monitor activity on its site around elections and announced it's partnering with academics to help the company understand the impact of social networks on elections. The company also promised European officials it will block interference in elections there, too.

Facebook calls organized troll activity "inauthentic influence campaigns," which try to sway political protests in real life and spread misinformation online. So far this year, the company has announced twice that it's taken down accounts and pages associated with these campaigns, which it says have come from Russia and Iran. Google also identified a network of 58 accounts originating from Iran that were running an influence operation on the company's platforms, including its popular YouTube video service.

Facebook has imposed requirements for users who manage pages, making them confirm their locations and add extra security to prevent account takeovers. And Twitter, Facebook and Google have all announced updates to their advertising policies, including labeling political advertising and identifying who paid for it.

Other tech firms offer solutions

Social media companies aren't the only ones working on ways to crack down on hackers and online fakers. Microsoft has come up with a way to find and shut down fake pages that try to trick users into entering their Microsoft Outlook login credentials.

Google is also providing a free service to protect campaigns and elections agencies.

Cybersecurity firm Symantec created its own service to help campaigns and election officials find pages that impersonate them, which can make it harder for hackers to phish victims or spread misinformation under an official banner. 

Some technical support for the election is coming in the form of freebies for voters. Ride hailing apps and scooter companies are offering customers discounts and free rides to help get out the vote, like Lyft, Uber, Lime and Skip.

And then there are the secure-messaging companies Wickr and Signal, which are partnering with the Democratic National Committee to provide ways for campaign staffers to communicate with each other that aren't as easy to hack as email.

That's probably a smart idea, because even if a large-scale hacking effort doesn't materialize in the 2018, it's clear from what happened in 2016 that campaigns and elections agencies had room for improvement in their cybersecurity measures.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Special Reports: CNET's in-depth features in one place.