Chastened after the fallout from Russian interference during the 2016 election, the government is on high alert for destabilizing cyberattacks. As technologies emerge, cybersecurity experts must stand watch to protect against newer, more sophisticated ways to hack election systems. CBSNews reports how cybersecurity experts are preparing for this year’s election to ward off hackers using artificial intelligence, the Internet of Things and more.
"What I'm scared by is that there is this attacker-defender asymmetry," tells Mark Risher, Google's Director of Product Management for Security and Privacy, to CBSNews. "We need to make sure every door, every window, every little portal is securely closed. But the attackers only need to find one."
Artificial intelligence has become a weapon of choice for hackers. "If a human being were walking down the street trying to break into the car, they might try all the doors," Risher said to CBSNews. AI effectively increases both the rate and quantity of “car doors” an attacker can attempt and open.
Phishing, or the use of seemingly normal emails to extract personal information, is another tried-and-true hacking technique. Hackers used phishing emails sent to Clinton campaign chairman John Podesta to gain his password and access sensitive campaign data in 2016.
Password cracking is still the easiest method of hacking political campaigns and election officials, CBSNews quotes Akamai's Andy Ellis. Automated bots hack passwords using password stuffing, which attempts to login to one site using the stolen credentials of another in hopes the password is the same. "What they're really doing is attacking anybody who has ever reused a password with the same email address or username across multiple sites," says Ellis.
"Emerging threats are an evolution of current threats. The core threat is criminals who are trying to get access to our data, our systems, our devices."
Finally, big data collected from the Internet of Things becomes perfect ammunition for hackers. "Emerging threats are an evolution of current threats," Microsoft's cybersecurity field chief technology officer Diana Kelley tells CBSNews. "The core threat is criminals who are trying to get access to our data, our systems, our devices."
These devices range from smart home appliances to manufacturing control systems to smart cars and municipal transportation networks, CBSNews notes. With millions of devices collecting information daily, often poorly secured and vulnerable to attack, they are prime targets for password stuffing data.
While the solution might seem obvious - better passwords - the reality is that security requires cooperation and coordination between political campaigns, device manufacturers, consumers and "large and small companies need to take steps to ensure that they've built security into systems," Kelley added.