2020 Election: URL Hijacking Could Be a Serious Issue

2020 Election Security

The Internet Is the Ideal Staging Ground for 2020 Election Attacks

Good and bad news spreads at the speed of the Internet. People share thousands of posts on social media before fact checking can even start. And once disseminated, even false information requires an enormous effort to correct. And we may not even be able to correct it. The Internet is fast and far-reaching. This is often a good thing, but in the case of elections where threat actors want to disrupt elections, that same speed and expanse works against us.

The truth is, the closer we get to an election, especially the 2020 election that has intense emotion or attention focused on it, the more misinformation is spread. The process of correcting it becomes even more turbulent and difficult. That’s why understanding potential attack methods is an important part of election security.

Sign Up to Receive Our Monthly Newsletter: Election Security In the News Sign up here

Cyber Criminals Are Finding New Ways to Interfere with Elections

There is some evidence by admission from numerous sources that our U.S. elections were influenced by outside entities. We fear that it will happen again. We have watchdogs left and right monitoring the highways along which attackers previously affected the elections. Which means criminals are blazing new paths or taking paths less traveled to interfere with the democratic process this time around.

One particularly effective avenue to poison the vote is a path that employs 90% truth and 10% lie. If information is only slightly inaccurate, the preponderance of right tricks us from seeing the wrong. Using this attack methodology, cyberattackers can achieve their missions with very little to counter their efforts.

URL Hijacking Can Easily Go Undetected

Staging attacks on county websites is a perfect example of a way to use 90% truth and 10% lie, not from the shadows but by subterfuge in the open. Right in our face. Do you know your county website? The official site that has the voting locations, when to vote, and how to do it?

It’s doubtful you keep it on speed dial or bookmarked in your browser. Years between voting events might as well be measured in eternities as far as the Internet goes. In most cases, the first place we will hit is whatever search engine we favor over another. Then we input “local county” and “elections” or “voting” as a keyword. After that we travel to the first few links of promise that come up.

What if they are 90% true — but 10% are a lie?  What if the site you want to go to for information uses a homoglyph, e.g, not officialcounty.gov but off1cialcounty.gov instead?  Would you notice?  Especially if it looked like official one and had updated information, but—maybe—just a little “adjusted” to send you to the wrong voting location. Say by transposing the street address to the wrong numbers (oops) or the wrong location altogether.  Would you get frustrated about being lost and go home and not vote?

How about the right place but the wrong times?  Too early, too late. How many times would you do that before getting frustrated enough to trashcan the whole thing and not vote at all?

Interference Could Take Many Different Forms

Perhaps, more insidious, an attacker would not change anything in the time or location but alter the process ever so slightly. Yes, you can vote but only if you bring this extra widget of identification, or not bring identification.

All of these and plenty more can easily frustrate one, two or dozens of voters from casting a vote. It doesn’t even have to be a homoglyph typo of the legitimate domain to function. It could be a website with a totally different name but information that sounds correct.

Knowledge cards — those snapshots you get on search engines that give you information in a nice capsule — are vulnerable to poisoning, a common black hat technique. If you haven’t purposefully taken them over then they are ripe for abuse. Anyone can take them over with a bit of work if you don’t maintain positive control over them. That means a subtle or not so subtle twist of the information and you can poison the voting process.

Acting Now to Avoid Far-Reaching Election Tampering

What’s the point in swaying a few voters?

Are you sure it is so few?

If you look at 2012 and 2016 US election site statistics, search and direct traffic vastly outweighed social traffic. Which means a lot of people searched for or directly went to the sites they knew for information.

For search, that means — perhaps obviously — that the sites topping the Google rankings for terms like “election map” and “elections results” had search traffic climbing to millions of concurrents.

Direct traffic, especially sites that people tuned into for election coverage also surged in the millions of concurrents.

If both of these approaches led millions of viewers to a website, then even misleading a small percentage of that traffic can equate to tens of thousands of voters. If only even a few of those thousands are misled, thousands of votes would be lost.

It’s enough of a problem to warrant focused attention, not later as the election approaches, but now while there is time to correct the issue. Cyber intelligence uses a range of effective techniques to identify hijacked, parked or compromised domains and websites. Once you have knowledge of which domains could be in trouble, you can take the corrective measures necessary to defend them and make sure your voters can only find your legitimate site with the correct information as they head to the polls.

Learn more about the ground-breaking work CyberDefenses is doing in our mission to protect the 2020 election. Explore our Protect 2020 Election Security Bundle in addition to our Election Security Training program.


About the author

Monty St John

Monty is a security professional with more than two decades of experience in threat intelligence, digital forensics, malware analytics, quality services, software engineering, development, IT/informatics, project management and training. He is an ISO 17025 laboratory auditor and assessor, reviewing and auditing 40+ laboratories. Monty is also a game designer and publisher who has authored more than 24 products and 35 editorial works.