US midterm votes vulnerable to cyber-attacks: Experts

Bloomberg

US cybersecurity experts are bracing for possible attempts to attack the midterm election by Russia or another adversary hoping to engineer a disruption that casts doubt on the integrity of the vote.
Interference may range from altering websites used by state and local election authorities, to spreading propaganda through social media, to hacking at polling places intended to complicate the casting of ballots.
“Anything that would drive uncertainty across the voting public — that’s probably the area that we’re going to see some activity, if we were to see anything,” Christopher Krebs, a deputy undersecretary at the Department of Homeland Security, said in October, describing possible threats “a day before or two days before” the election.
He added that there’s no intelligence indicating “a significant campaign afoot,” and that there’s been less activity in the lead-up to the election than there was in 2016 — an assessment that private sector and academic experts share.
Still, West Virginia Democratic Senator Joe Manchin’s office announced that its social media accounts had been compromised, the latest indication that US politicians and the election systems that put them in office continue to be a target.
Federal authorities responsible for securing elections, popular social media platforms, and private companies that specialise in detecting and preventing hacks face the first real test since 2016 of whether the US can defend against foreign interference in its vote.
Since Russian hackers meddled in the 2016 election with strategic hacking and leaking, as well as a covert social media campaign aimed at electing President Donald Trump, social media companies, cybersecurity firms and federal and state officials have sought to enhance US defenses against election interference.
Threat detection and information-sharing has been improved, while social media companies have cracked down on disinformation campaigns. The Defense Department has obtained approval to support the Department of Homeland Security response to a “significant incident for elections,” said Ed Wilson, the deputy assistant defense secretary for cyber policy, at an event last week.

‘Threat Actors’
But the US election system, spread across more than 50 states and territories that operate autonomously, remains vulnerable. And Krebs said in
October that there’s been “a consistent and persistent level of activity,” ranging from scanning of networks to phishing campaigns.
“There’s still a variety of opportunities for threat actors, including Russia, to mess with us, and I think that we need to remain vigilant,” Dmitri Alperovitch, chief technology officer at the security firm CrowdStrike Inc., said at an event hosted by the New York Times.
“I’ll certainly sleep better at night the day after the election — but not a moment sooner.”
The software security firm McAfee Inc. published a study in October that examined county websites in 20 states. It found that the majority were “sorely lacking in basic cybersecurity measures that could help protect voters from election misinformation campaigns.”