Expert: Phishing Emails Pose Biggest Cybersecurity Threat In Election
The threat of hackers on the election process is on the minds of many as ballots are cast nationwide. It was a big topic at this week’s annual cybersecurity symposium at UNC Charlotte. The consensus: Phishing emails are the biggest threat.
Todd Inskeep, a Charlotte cybersecurity consultant who formerly worked for the National Security Agency and spoke at the symposium, says such emails will increase this election season.
Todd Inskeep: The phishing emails are going to be trying to get you to do things to give up your personal privacy, to think differently about the candidates or the way that you vote, and maybe to give you misinformation about what's happening in the election and how these votes are going to go.
Gwendolyn Glenn: Could you give more examples of some things that people should be on the lookout for? And how successful are they being?
Inskeep: People should be on the lookout for messages asking them to click on a link and vote online. You can't vote online any place. They should be wary of messages asking them to contribute to candidates online. Phishing messages have come across asking people to donate to a cause or to believe things that just aren't real about presidential candidates or even candidates for lower office.
Glenn: Well, let me ask you this: In terms of the ones asking people to vote online, if someone does click on that, what are they seeing? An actual ballot from their state? And what happens at that point?
Inskeep: They're probably not seeing an actual ballot from their state. One of the things that we've been doing some research on is there's a huge number of different ballots because of all the different voting districts at the national state, local, county, city level. It means that it's very hard to duplicate all the different ballots that are out there.
Cabarrus County, for example, has over 128 different ballots, depending on exactly where you live and which districts you fall into. So just trying to create fraud in that one county means a lot of work for an adversary.
Glenn: Any idea how successful these scams are in terms of the election?
Inskeep: Almost all of these scams are going to hit 5-10% success rates. It's very, very hard for people not to click, and the messages that they're getting are really crafted to get them to act" "You need to vote now, and if you don't, there will be consequences."
Glenn: We've heard about what the Russians have been doing. Are you seeing more of that, especially coming from Russia with North Carolina being a state, in terms of an election, that's being painted as it could determine who controls the U.S. Senate?
First, the Russians are much more active. There was a recent Senate report that talks about how activity kicked up after the 2016 election, and the Russians are really just spreading information.
They're trying to get us to attack each other and create more antagonism between different groups. And it can be between African Americans and other Americans. There are all kinds of messages coming out of Russia, but they're clearly trying to amp up the divisiveness between groups of people.
Glenn: But you're not seeing anything in terms of tampering with election machines? Some states have started to vote. Are you seeing anything or is that a possibility that someone could hack into the system and change people's votes?
Inskeep: It's really very hard to attack the integrity of the voting system. There's a whole process that goes into managing the votes. The electronic machines are basically just counting votes. They're very hard to hack into, and even the hacking demonstrations that we see are really limited by having physical access to those machines.
None of them are really connected online continuously in a way that would let you hack into them. So, it's very hard to hack in and change somebody's vote from that perspective. And then there's activity by the federal government, state and local authorities to monitor and manage the activity and check the machines. And they have people from both the Republican and the Democratic Party, as well as sometimes independents, involved throughout the process.
The FBI, DHS and other government organizations are all looking for indications that somebody is trying to hack into any of the systems across the country, as well as the activities that are being done locally in individual counties and individual states by their government agencies.
Glenn: Any other cybersecurity threats regarding elections that I didn't ask you about or that you are currently looking at?
Inskeep: The biggest thing people are looking at is the integrity of the voting lists themselves. That's the single biggest repository of data that could be attacked, is who's eligible to vote and who's not eligible to vote. So, we're watching that very carefully, and the various government and other monitors are watching that.
Glenn: Are you seeing cases where hackers have successfully purged rolls and got into some of these voting rolls?
Inskeep: There have been a couple of cases where hackers seem to have gotten access to the rolls, but because of the duplicates and copies that each county maintains, no one's really successfully changed their rolls or created any significant damage.
Glenn: Todd Inskeep formerly worked for the National Security Agency and is a cybersecurity consultant in Charlotte.
What questions do you have about the 2020 election, absentee voting or how to vote safely in person? Share your questions below.