How foreign actors are trying to undermine the US presidential election

Through disinformation campaigns, foreign adversaries attempt to exploit the fear and uncertainty among US voters, says Digital Shadows.

voting.jpg

hermosawave, Getty Images/iStockphoto

The 2016 presidential election was marked by meddling most notably from Russian agents who attempted to influence voters through disinformation on social media and other platforms. Now, the same type of activity has been seeking to undermine the 2020 election, and not just from Russia. A blog post published Tuesday by digital risk company Digital Shadows illustrates the foreign threats targeting this year's crucial election.

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic) 

Written by Digital Shadows cyber threat intelligence analyst Austin Merritt, the new blog post cites such adversarial nations as Russia, China, and Iran as the key sources behind these disinformation campaigns aimed at the US.

The campaigns work similarly by creating false news stories, blog posts, and social media posts designed to sway unsuspecting voters toward certain beliefs or ideas. Social media is an especially popular platform as information posted this way can quickly and easily go viral.

Russia

Considered one of the most successful operators of these campaigns, Russia has been spreading disinformation through state-owned traditional media, bots, hack and leak operations, and even cooperation between organized crime groups and Russian government agencies, according to Merritt. The campaigns have been linked to Russia's Foreign Intelligence Service (SVR) and the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). But it's cybercriminals working on behalf of these anti-democratic agencies who are pushing the false information directly through social media.

In one instance last month, Facebook took down groups and accounts associated with an organization called Peace Data. Despite its hopeful name, Peace Data was actually a deceptive news entity created by Russia's Internet Research Agency (IRA), which reportedly takes its orders directly from the Kremlin. Peace Data was known for pushing far-left stories that were either misconstrued or completely false but which were heavily shared on Facebook and even covered by journalists.

peacedata-digital-shadows.jpg

Peace Data articles promoted by Russian cybercriminals.

Image: Digital Shadows

Russian agents have also used the name of the far-right conspiracy group QAnon to spread disinformation. Twitter accounts traced back to Russia's IRA allegedly sent out a large number of tweets with the #Qanon hashtag, all designed to disseminate false information on such topics as child trafficking and COVID-19. The goal was to spread conspiracies with a theme of "The US is falling apart, look how much division there is."

qanon-digital-shadows.jpg

Misleading information on COVID-19 from a QAnon Facebook group.

Image: Digital Shadows

Iran

Iranian cybercriminals seem to have been running social media campaigns to spread disinformation and anti-American content, Merritt said. In early October, Iran's Islamic Revolutionary Guard Corps (IRGC) targeted the US from multiple domains with propaganda to influence US domestic and foreign policy, according to US Department of Justice. One domain in particular used the slogan "Awareness Made America Great" and published articles about Donald Trump, the Black Lives Matter movement, US unemployment, COVID-19, and police brutality.

violence-in-america-digital-shadows.jpg

The website newsstand7.com was propagating disinformation from the IRGC.

Image: Digital Shadows

China

Earlier this year, Chinese cybercriminals were found spreading disinformation primarily on Twitter and YouTube, Merritt said. On both sites, compromised accounts posted information favorable to the Communist Party of China (CCP) as well as reports about the political dynamics in Hong Kong. The YouTube accounts also discussed controversial events in the US, including protests, the wildfires on the West Coast, and COVID-19.

youtube-digital-shadows.jpg

Examples of videos removed from YouTube.

Image: Digital Shadows

Purpose

One of the goals of these foreign adversaries is to push one presidential candidate who may better serve them in terms of foreign policy. To further this goal, the cybercriminals have been sending spearphishing emails to employees of each of the two campaigns, hoping to access internal networks and confidential data.

One critical concern involves the integrity and security of the networks and hardware running the US election. Ransomware is seen as a top threat to this year's election as attackers could hold voter data and election results hostage or disable access to such information. The National Counterintelligence and Security Center has highlighted 18 different threats that could affect the integrity of the election.

Advice

As individuals, we may not be able to stop the actions of foreign adversaries. But because much of the disinformation is spread via social media, there is one thing we can do, according to Merritt. Be wary of what you read and share on social media.

"I think we've all done enough 'doom scrolling' (the tendency to continue to surf or scroll through bad news) in 2020 for one lifetime," Merritt said in the blog post. "Plus, do you want to be the person who shares an article created by a cybercriminal in Moscow? Of course not. But if you do continue to doom scroll right into November 3rd, remember that your state and local election officials are the best sources of accurate information."

Also see