FBI, CISA remind US voters that DDoS attacks can't touch election systems

US law enforcement and cybersecurity agencies are reminding the public that the country's voting systems will remain unaffected by distributed denial of service (DDoS) attacks as the next presidential election fast approaches.

The PSA from both the FBI and CISA soon followed an eight-hour outage at Microsoft Azure this week, which it admitted yesterday began as a DDoS attack whose impact was actually exacerbated by an "error" in the Windows maker's "implementation of our defenses." The outage disrupted the likes of GitHub Codespaces, DocuSign, Microsoft 365, and Minecraft, among others.

It also comes amid a period of heightened public distrust of IT services, driven in no small part by the major outage catalyzed by that dodgy CrowdStrike update.

The joint PSA said that the security of voting systems or adjacent infrastructure would not be affected should a DDoS attack target them, and the most significant impact that could potentially manifest would be related to the access of information.

Things like voter look-up tools and "unofficial election night reporting" were included as examples of services that could be made unavailable.

But you're only getting your political news from trusted sources anyway, right?

The feds didn't go as far as to say they expected DDoS attacks to strike the November election, but they did comment on how popular a tactic they are among politically and ideologically motivated hacktivists and cybercriminals.

They also said those who launch DDoS attacks may falsely claim the disruption they cause is tantamount to a compromise of election systems – all in a bid to undermine public confidence in the democratic process.

"In the event that foreign actors or cybercriminals conduct DDoS attacks against election infrastructure or other infrastructure supporting election administration, the underlying data and internal systems would remain uncompromised, and anyone eligible to vote would still be able to cast a ballot," the PSA reads.

"In the past, cyber actors have falsely claimed DDoS attacks have compromised the integrity of voting systems to mislead the public that their attack would prevent a voter from casting a ballot or change votes already cast.

"The FBI and CISA have no reporting to suggest a DDoS attack has ever prevented an eligible voter from casting a ballot, compromised the integrity of any ballots cast, or disrupted the ability to tabulate votes or transmit election results in a timely manner."

The recommended steps are short and simple: Only trust information from official sources such as election officials, contact those officials if election-critical websites are downed, and remember that voting systems can't be compromised by a DDoS attack.

Chipping away at confidence

Foreign adversaries have been trying to undermine confidence in the US election process for many years in cyberspace, with the main culprits being China, Iran, and Russia – unsurprisingly.

• 'Error' in Microsoft's DDoS defenses amplified 8-hour Azure outage
• Global cops power down world's 'most prolific' DDoS dealership
• Can't get Minecraft, MongoDB Cloud, others to work today? Blame that Azure outage
• Big Tech's eventual response to my LLM-crasher bug report was dire

There are, of course, several instances of individuals in the US trying to interfere with their own country's voters, urging them to vote in one way or another.

US senator Mark Warner (D-VA) suggested earlier this year that the US is less prepared for election interference than it was back in 2020, citing Russia, a ban on CISA from helping social media platforms curb misinformation, and the power of AI and deepfake-enabled misinformation campaigns.

A recent report by Mandiant agreed that influence operations were highly likely to play a role in the upcoming election, including those generated with AI tech and amplified across social media.

Pro-China influence groups, for example, have been seen spreading deepfake videos of prominent US celebrities criticizing election candidates to mask the fact it's propaganda spread by a malign force.

All of the efforts over the past decade or so have hammered voter confidence in elections. According to nonprofit World Justice Project, just 58 percent of US citizens believed they could vote freely and without harassment or pressure – a significant drop from 91 percent in 2016. Equally, the Pew Research Center found the events surrounding the 2020 election had a negative impact on voter confidence too. ®