The U.S. presidential election is fast approaching. Hackers are hard at work. What exactly are they doing?
Professor Ning Zhang's research experties is in system security at the McKelvey School of Engineering at Washington University in St. Louis. Previously he was a principal cyber engineer/researcher and technical lead at Cyber Security Innovations of Raytheon. Throughout his eleven-year career at Raytheon, he has worked to protect various critical networked and cyber-physical infrastructures.
Zang on cyber security and the upcoming election: We often think of hacking as a shadow form of computer engineering – a matter of ones and zeros, of clever coding and hijacked hardware, of software vulnerabilities and brute force attacks. And such “hacking the machine” techniques do exist, and surely are being explored.
But hacking the machine is hard. Hacking minds? That, as the malicious have learned, is easier to do, and harder to defend against.
Hacking minds sounds cyber-dystopian, but it’s not new. Propaganda posters (I want you!), books (Animal Farm), film (Birth of a Nation) and other pre-internet methods were, and still are used to influence how people feel and act. The internet simply allows such tactics to be deployed at mammoth scale while also micro-targeting specific groups or even individual users.
We saw this in 2016. Yes, there were attacks on infrastructure: The Russian Internet Research Agency infamously hacked the Democratic National Committee. Russian hackers also probed election-related systems in all 50 states — though they don’t appear to have tampered with results. But they didn’t need to.
Far more impactful were the coordinated social media disinformation campaigns, which fooled millions of unwary citizens into believing and sharing fake content.
Defenses against both kinds of attacks exist. Protecting computer systems largely boils down to straightforward security hygiene: updating software, limiting administrator privileges, and knowing what’s running on your network. Specialized tools, such as risks-limiting audits, have been proven effective at limiting fraud and catching errors. On certain voting machines, it can be as simple — really! — as double-checking that what you see on the screen matches the paper ballot you fed it.
Protecting the mind is trickier. And just as defending computers from hacking is more about protecting systems than about building walls around individual machines, the brutal truth is that we are all susceptible to deceit and misinformation. We are all susceptible to wishful thinking and confirmation bias. The key is to re-establish social norms around privacy and transparency, as well as honesty and responsibility.
Think about it. How does a stranger halfway across the world influence a U.S.? The hacker needs three things. First, they need to know who you are. Second, they need to be able to get to you. And third, they need a mechanism that allows them to maintain their influence over you.
To combat the first: Don’t let bad actors in the door. Guard your data. Be careful about posting personal information. Reject suspicious “friend” requests. If an app demands access to your location, your call history, and your microphone, you might want to think about deleting it. Still, some of this is easier said than done. On one side is the individual; on the other side — even putting hackers aside — are powerful companies collecting and often selling our data.
To combat the second: Consume information carefully. Don’t share information you haven’t verified. Learn how to spot a bot and encourage social media companies to nip bots and bad information in the bud.
To combat the third: Correct misinformation as soon as possible. Admit when you’ve been fooled. Learn from the experience. Correction, particularly by an authoritative figure, can be effective, but today, in many corners of the internet the very idea of an “authority figure” is seen by some as partisan. What remain powerful are personal connections. If you’ve enabled bad actors to pull your friends and family down a rabbit hole, you should do your best to try to pull them back out.
As in every election, people are trying to influence your vote. For all their benefits, computers, even un-hacked computers, provide the unscrupulous with powerful tools for spreading deceitful and malignant messages — messages intended to disorient rather than inform the electorate. Controlling that contagion is a matter of both individual and societal responsibility.
Here’s one more piece of advice. Vote. It remains the most important thing we can do as citizens. Every time we cast our ballots, we are reaffirming the crucial role we all play in sustaining our democracy.