2024 election threats from abroad
R. Michael Alvarez
Last week, Microsoft released a new “Threat Intelligence Report” that provides some important (and concerning) new information about attempts by malicious organizations abroad to influence the 2024 U.S. elections. The report gives a strong justification for the work that our project is conducting for the 2024 federal elections in the United States.
The report provides substantial details of efforts by cyber election influence operations, apparently originating in Iran, Russia, and China, trying to influence the 2024 U.S. elections. The report notes in particular that the activity from Iran has been increasing in recents weeks and months. These attacks generally seem to be election influence operations — activities designed to increase partisan polarization and discord in the United States and to spread misinformation.
According to the report, many of these operations are using AI-generated content, another concerning trend in this election. This is a trend that we warned about over a year ago in a CLSSP report and which we discussed in a paper on large language models (see footnote 3 for examples that show how easy it is to generate fake and misleading content using off-the-shelf AI tools).
However, it’s important to note that these cyber-attacks are also targeting election officials and perhaps seek to steal important election-related data. One of the recent attacks is worth quoting in detail from the report:
“In May, Peach Sandstorm (a.k.a. APT-33)—another group with assessed links to the IRGC— compromised aI user account with minimal access permissions at a county-level government in a swing state. The compromise was part of a broader password spray operation from the group, and Microsoft Threat Intelligence did not observe any lateral movement or privilege escalation, making it difficult to determine whether it was election-related. While unclear if related, it is worth noting that the targeted county had undergone a race-related controversy that made national news this year.”
Election officials throughout the nation have been working to harden their cyber-security and to train their staff to help mitigate the chances of a successful hack. However as we know all to well, sometimes hacks may succeed, and in those situations the attackers might be able to access election systems — including important election-related data, like voter registration information.
Detecting malicious activity in a data system is difficult, but we’ve developed, tested, and implemented various statistical tools that election officials or others can use to detect anomalous activities in a large database. These techniques have been discussed in two of our recent publications (“Evaluating the Quality of Changes in Voter Registration Databases,” published version, preprint) and (“Bayesian Analysis of State Voter Registration Database Integrity,” published version, preprint). We implemented these tools for large counties in Southern California (2018-2020) and statewide in California (2020), providing detailed reports to election officials about the results of our analyses. Many of these projects are summarized on our Monitoring the Election website.
We are re-starting these partnerships again for the 2024 general election. We’ll be posting the results to our project’s website, most likely starting later in August.
Any election officials interested in learning more about how we can help implemented these tools, get in touch!