Remember last June’s historic Brexit vote in the UK referendum on June 23? A few weeks before the vote, on June 7, the United Kingdom’s voter registration website crashed—inexplicably—100 minutes before the deadline to register. The government felt compelled to extend the voter registration deadline by two days, to allow its citizens to register. At the time, the UK government referred to the website crash as “an IT glitch.” However, months later, after further analysis of the problem, some Members of Parliament believe the website’s crash was not a technical failure but could have been a distributed denial of service (DDoS attack) launched by nation-state actors working on behalf of Russia or China.
According to Computer Business Review, last week the UK’s House ofCommons public administration and constitutional affairs committee published a report that said it was possible that Russia or China had launched a DDoS cyberattack on the UK’s voter registration site. They have no evidence, unfortunately. The lack of evidence is not surprising, because DDoS attacks are notoriously difficult to trace.
More often than not, hackers launch DDoS attacks for monetary gain, but some hackers are in it for political purposes. Volumetric, “brute force” attacks on corporate or political websites send a message of protest. Although in recent months DDoS attacks have become more stealthy and sophisticated, and some of them are larger in volume than ever before, they are not typically the weapon of choice for nation-states. That doesn’t mean government websites are safe; after all, because of DDoS-for-hire services, DDoS attacks can be launched for a very low cost, even by hackers with few cyber skills. That’s the scariest part; an individual with criminal intent could easily launch a DDoS attack on a major government website, if the website does not have DDoS protection.
Could a DDoS Attack on Voting Systems Happen in the US?
With all the news lately about Russia meddling in the U.S. presidential election, and possibly in France’s upcoming election, it’s hard to not think about the potential of a nation-state launching a DDoS attack on a national or municipal website that is vital for voter registration or voting. Fortunately, the voting system in America is very localized, which would make it harder for nation-states to cripple the system in one fell swoop like it did in the UK Brexit vote. On the other hand, a voter registration problem could impact voter turnout or results.
Thus far the cyber attacks on US elections have consisted of stealing information and influencing voter opinion via “fake news,” rather than technically hijacking the voting process. That’s probably by design, because a nation-state that opposes Western democracy would probably get more “bang for its buck” by stealing information and conducting fake news campaigns. Those kinds of hacks are even harder to prove or trace and may have a long-term influence on the opinions of the voting public, which may be more insidious and dangerous than any temporary government website crash.