10/06/2024
CTI
Elections: a year of threats – Episode 5
The episode 5 of our elections series is out!
This time, we focus on the targets by breaking down the specificity of threats depending on the victims’ profile. The social status of victims plays an important role in attracting cybercriminals. Indeed, depending on their position, the stakes may vary and lead into serious consequences beyond the cyber sphere.
Are you a target?
- The chosen ones
The status of some populations makes them particularly vulnerable to pressures even when they must embody neutrality. Landing a powerful position, possessing confidential data or be part of a community that can help tip the balance in favour of one candidate are the driving forces behind potential abuses, some being more vulnerable than others depending on their level of resources. Furthermore, it should be considered that elections are not always democratic. Depending on the country and the policies in place, the following individuals can become targeted.
- Media workers
a top target Journalists are key actors in charge of depicting the stakes of elections or thepublic and investigative journalists are getting even more attention. Between January 2019 and June 2022, UNESCO documented 759 attacks on journalists across 89 elections in 70 countries (physical violence, arbitrary arrests.intimidation). In 2023, media and journalism sites protected under Cloudfare’s Project Galilelo were subjected to over 30 million cyberattacks a day, according to the company. As a consequence, cybersecurity trainings are highly encouraged among journalists.
What can happen?
- Multiple risks entailed
From top-ranked representatives to simple voters, the risks are not equivalent. While a whole population can become the target of mass disinformation campaigns, the higher your position is, the more likely you are to undergo intense pressure and become the victim of a personalized malicious campaign. As such, cybersecurity training should be tailored accordingly. Here are a few examples of threats:
- Hack-and-leak
Officials who are in the light are vulnerable to this type of incident in case attackers manage to get access to one of their personal accounts.
- Doxing
From candidates to voters, the polarising nature of politics can lead opponents to massively use the disclosed information to harm a party.
- Phishing
Phishing can target any population, be careful when reading suspicious emails relating to elections.
A tool focus: the business of spyware
Since the 2010’s, multiple affairs entailing the use of spyware by governments were disclosed by media.
The Pegasus affair put the light on the lucrative business of spyware deployed from the East to the West, including by European countries. Democracy and the electoral processes can be heavily destabilised as the collected information can be used to discredit candidates. Lesser-known spywares include Predator and Candiru.
Popular applications such as Tik Tok can also be used as a spyware to track an identified person.
References
- AP News. 2024. https://apnews.com/article/jordan-hacking-pegasus-spyware-nso-group-99b0b1e4ee256e0b4df055f926349a43
- Center for Internet Security. 2024. https://www.cisecurity.org/spotlight/ei-isac-cybersecurity-spotlight-doxing/
- Center for News, Technology & Innovation. 2024. https://innovating.news/article/journalists-cyber-threats/
- Committee to Protect Journalists. 2024. https://cpj.org/reports/2022/10/when-spyware-turns-phones-into-weapons/
- ENGELEN, Karine. 2024. https://www.europarl.europa.eu/doceo/document/TA-9-2023-0244_FR.html
- ERBEN, Peter, GOLDSMITH, Ben, SHUJAAT, Aysha . 2024. https://www.ifes.org/publications/out-country-voting-brief-overview-0
- GOODWIN Andy, WOOLBRIGHT Jocelyn, TOME, Joao. 2024. https://blog.cloudflare.com/the-deluge-of-digital-attacks-against-journalists
- SARTOR, Giovanni. LOREGGIA, Andrea. 2024. https://www.europarl.euChatam House. 2024. https://www.chathamhouse.org/2024/03/how-foreign-policy-might-impact-outcome-us-election
- UK National Cyber Security Centre. 2024. https://www.ncsc.gov.uk/news/ncsc-support-those-high-risk-cyber-attacks-ahead-election
- United Nations. 2023. https://news.un.org/en/story/2023/11/1143122
- Volexity. 2021. https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/