With less than two weeks to the Swedish general election, the risk of foreign forces aiming to influence the outcome is higher than ever. The Swedish Security Service (SÄPO) and Swedish Civil Contingencies Agency (MSB) has acknowledged the threat - and there is a concern how this will affect the common opinion and the eventual results of the election. With cyber attacks and fake news dominating the headlines during election times across the world, there is no reason to believe Sweden would be spared. Already, the website of the Swedish Social Democratic Party has been hit by DDoS attacks, twice in the past weeks, the traces allegedly leading back to Russia and North Korea (that being said attribution is tad bit harder than just mapping IP to country).
What are the risks?
It should come as no surprise to anyone that foreign powers have been attempting to influence the popular opinion, and thus the results of democratic elections. The most prominent example is the use of Facebook and other social media platforms in an attempt to spread half truths, outright lies and ‘fake news’ in an attempt to steer the voting one way or the other. In addition to the ‘hearts and minds’ type of meddling, there are also more traditional hack-and-disclose attempts to embarrass the candidates.
Then we have the risk of attacks, such as DDoS, taking out websites of for instance political parties. For many parties the website is perhaps the heart of the campaign where they spread their message and provide information about their political views. Of course if citizens can’t access it, that’s a huge problem to a functional democracy. Other sites that are important for the election itself, such as sites with information on how and where to vote etc. could also be a target for attackers. Attackers use botnets consisting of hijacked computers and IoT devices, to increase the capacity and damage of the attacks. Today, as the number of connected devices is booming, the botnets can grow stronger than ever before. What is important to keep in mind is that DDoS-attacks are often used as smokescreens for other types of cybercrime. Hackers might start a DDoS-attack in order to lead away the attention from the actual objective - which could be to steal sensitive data with the purpose to sell it or to extort ransom.
How to prevent cyber attacks?
For obvious reasons the attacker has an advantage of having the upperhand choosing the target and time for the attack. As a defender taking that into the consideration that you don’t know which of your assets will be in scoop and when. A good start that will take you a long way is to work towards visibility into traffic towards your assets. Adding to that, having the ability to interrupt an ongoing attack and quickly respond to changes in the attack flow will enable you to stay on top of current events. This is by no means all you should do. But in between budget limitation and time constraints, this should take you to a better position fast.
The problem is that attacking is cheap - a few dollars and a laptop and you can rent a botnet - but defense is expensive, considering the time, training and technology needed. So where to start? Well, planning is key. In the event of an attack it is much easier to act if you have something written down. Ask yourself what are the most likely and most damaging scenarios that might happen. Make a contingency plan on what to do if they should occur. Map up phone trees, points of contacts at ISP, hosting provider and cloud vendors. And do a fire drill - test the process so it works when you actually need it.
It’s easy to assume that if you’re reading this, you are already aware of these issues, at least on a global scale. However I feel it needs to be said: Stay vigilant, be on the lookout for the circulation of fake news in social media and consider the source, even in your own local language. Do you part to stop the spread of this kind of threat. If you read something that gets your blood pumping, take a moment before you comment, like or share it.
And last but not least, for those of you in charge of information systems, networks, or anything else connected to the internet: patch and update (at home too!). Avoid hackers exploiting your systems and being part a cyber attack targeting the Swedish (or any other) democracy. You wouldn’t want to wake up one day and found out your refrigerator and fancy IoT car tipped the election, would you?
By: James Tucker, Director of System Engineering