Conspiracy theories and concerns about misinformation peppered the political landscape Sept. 10 as many in the United States wondered what would happened next as the nation headed into the anxiously awaited debate that evening between Vice President Kamala Harris and former President Donald Trump.
First, researchers at Checkmarx posted a blog Tuesday which said that leading survey company Gallup addressed critical cross-site scripting (XSS) vulnerabilities that could be exploited to facilitate the dissemination of false information and compromise the personal data of users.
Then, the White House issued a warning Tuesday that false claims made by Republican vice presidential candidate JD Vance that Haitian immigrants were abducting and eating household pets in Ohio could spill over into anti-immigrant violence.
Finally, the Washington Post also reported Tuesday that local election officials were concerned about the impact of false and misleading social media posts made by billionaire Elon Musk earlier this year around a false claim that 2 million noncitizens had registered to vote in Arizona, Pennsylvania, and Texas. Musk, who owns X, formerly Twitter, who is closely aligned with Donald Trump, has reportedly made many of the misleading or false tweets on his own personal X account.
All of these incidents unfolded this week following last week’s move by the Justice Department to charge two Russian citizens in an alleged $10 million scheme to leverage online platforms to foster disinformation during the 2024 U.S. presidential election.
“This is a political season like no other,” said Morgan Wright, chief security advisor at SentinelOne, and an SC Media columnist. “There is little or no information currently available that suggests the Gallup XSS vulnerabilities, while an issue of concern, have skewed any polling data. As with any system the public looks to share trusted information with, the impact seems more technical and reputational than actually impacting any surveys. But it’s a cautionary tale — at what point do we lose trust in systems because of technical flaws and let the distrust bleed over to other areas not connected to the original system?”
Erez Yalon, vice president of security research at Checkmarx, added that threat actors who want to spread disinformation definitely have all the common tools at their disposal, but they can also exploit vulnerabilities in other organizations' technologies.
“Our research is an example of one way that it could have been done, where the exploit would involve both the vulnerability on the website and also leverage the credibility of the organization, said Yalon. “We can expect to see more examples as we get closer to the election and we should expect to see this in many places in the future where a critical national election is underway. The bigger the impact of an election, the more likely it is that the larger threat actors will join in and try to spread disinformation."
Ken Dunham, cyber threat director at Qualys, added that securing the naton’s election processes is crucial to upholding the democratic integrity of our society. Essential systems — including voter registration databases, electronic poll books, websites, email systems and communication networks —are potential targets for cyber threats like phishing, ransomware and distributed denial-of-service attacks, said Dunham.
Dunham said to protect against evolving threats, comprehensive cyber risk management strategies must be implemented. These strategies include conducting regular security audits, performing vulnerability assessments and adopting robust cybersecurity protocols. Continuous evaluation and enhancement of these measures are crucial to counter the threats posed effectively.
“Securing our election processes cannot be overstated,” said Dunham. “As we advance toward the 2024 election, stringent cybersecurity measures, collaborative efforts, continuous improvement and public advocacy will be foundational in protecting the integrity of our elections. It’s a collective effort that requires dedication from governments, private sector partnerships and the public. The security of our elections is not just an operational task but a fundamental pillar of our democracy.”
Alex Quilici, chief executive officer of YouMail, said one of the most pressing challenges the nation faces today is defending against election interference and scams that target voters through the telephone network — whether it's calls, texts, or voicemails. Quilici said these attacks are becoming increasingly sophisticated, especially as bad actors exploit vulnerabilities in communication systems to mislead and manipulate the public.
Quilici added that the rise of artificial intelligence (AI) and deepfake technology has taken these threats to a new level.
“We're not just dealing with generic robocalls anymore,” said Quilici. “AI can now create highly convincing voice attacks that make it sound like a trusted figure, such as a candidate, urging you not to vote or spreading false information. This kind of deception can seriously undermine public trust and disrupt the electoral process.”
SentinelOne’s Wright pointed out that the real danger here is that at some point, the ground truth becomes the real victim.
“Rather than dealing in shades of grey and appreciating the nuances of language and intent, we will have created a binary situation of real and false, and the only safe play is to believe everything is false,” said Wright. “At that point, no one wins.”