Our CISO Reflects on Cybersecurity and the 2024 U.S. Presidential Election
Table of contents
This article was written by Todd Carroll, SVP Cyber Operations CybelAngel and retired Deputy SAC at the Federal Bureau of Investigations.
Four years ago, I wrote about state sponsored influence on the presidential elections in the United States. Within that article I wanted to share my observations and experiences around elections, social media, voting influence, and how political adversaries to the “West” use our fears and issues to divide the public. This is known as the amplification of voice. Using fake social media profiles to add fuel to the far left or far right, to produce and disseminate false information all in the name of destabilizing nations or creating doubt in the voting systems we have and use.
The statistics of bot activity on social media accounts is also very telling. In a recent study by the Queensland University of Technology entitled, “Bots, Fake News and Election Conspiracies” researchers found that in 2 instances, “A coordinated network of over 1200 accounts promoting the conspiracy theory that Donald Trump won the 2020 United States presidential election that received over 3 million impressions on the platform.” The report in question collated data from during the first Republican primary debate and counter programmed Tucker Carlson and Donald Trump interview on the 23rd of August.
While this is still the case and people are more aware and educated about these tactics, it is a cheap and effective way for other nations to influence elections and deepen divides amongst the American people.
Cyber warfare
This time around, I wanted to highlight the cyber warfare involved in the targeting of our decision makers by other nations. This should not be surprising as it is a weaponized tactic used by countries such as China and Russia, seen as early as the 2008 elections when President Obama defeated John McCain. In the exploding realm of new social media networks, this was the first election where other countries created targeted campaigns aggressively and purposefully to gain insights on the stances of each candidate.This will continue to no one’s surprise.
Contrary to what you might expect, even though government entities operate behind ostensibly secure .gov domains, the reality is that many of these systems are not adequately protected. Key government personnel, influential political groups, and support staff often rely on the same technology and domains that are publicly accessible. This leaves them, and the critical information they handle, vulnerable to cybersecurity threats. It’s essential we recognize that robust security measures are needed across all platforms, not just those with protected domains.
Findings at CybelAngel
Here at CybelAngel during my six year tenure as CISO and VP of Special Operations, we have found a treasure trove for cybercriminals. From national security secrets, open shares of DoD facilities, classified information/materials, joint documents across several countries involving sensitive subjects and projects, and of course, extensive criminal activity. At CybelAngel, we have shared this information in a timely manner with the proper authorities as it is the right thing to do. Finding this information in the “wild” means it is open and accessible to all on the internet. We have found some damaging information and had it secured across all sectors before it was stolen, altered, encrypted or used for illegitimate purposes.
Unfortunately, the type of information available and exposed by politicians, their campaigns and staffers is frightening. Recently, we found an open backup device which contained over 400,000 files of a former staffer who worked for an elected Federal politician. Many of the files contained national security information, secrets, planning, and national strategy of a sensitive nature.
The data was exposed by a former staffer who used a backup device to listen to music while at work and ended up backing up the entire file structure of the Government official’s office. To make it worse, they gave the backup device to a parent to use at home on an unprotected and open network which exposed the entire content of the drive. This situation is not only a display of gross negligence but veers dangerously close to being criminal. The safeguarding and meticulous tracking of sensitive data at the governmental level are imperative. Trust me, the current state of affairs is alarmingly inadequate.
Malicious state actors are all over social media
While the United States House of Representatives and Congress are as a whole more concerned with the use of Microsoft Chatbot Copilot and banning OpenAI’s ChatGPT over the last year, social media is a huge playing field for malicious state actors. What is more is that our government does not fully understand the digital age.
The security surrounding our nation’s strategic planning is alarmingly precarious, relegated to the most accessible platforms with scant capability for identifying vulnerabilities. Countries like China and Russia, adept in the art of long-term strategizing, are asking themselves how they will dominate and thrive in the future. Meanwhile, our own leadership seems caught in a myopic cycle, prioritizing the survival of their party and power.
With the elections on our doorstep in the United States, the goal of our adversaries is not to put into office the most friendly official to them, but to sow discord and bolster a lack of confidence towards our officials but within the process itself. Securing our secrets and strategy is paramount to the success and security of our nation.
This article was written by Todd Carroll, SVP Cyber Operations CybelAngel and retired Deputy SAC at the Federal Bureau of Investigations.