In July 2018, Twitter disclosed it had suspended 70 million accounts in May and June to lessen the flow of disinformation on its platform. As we head into the midterm elections in the US, the attraction to meddle in the democratic process by internal and external entities cannot be denied. One need only open a newspaper (yes, I still prefer to get a paper rather than read news online) to see the ongoing efforts by state actors to influence and promote their agenda by compromising voter integrity. Recent disclosures of foreign influence campaigns using Twitter, Facebook and other social media outlets highlight the potential impact on the preservation of the democratic process.
As I researched this topic, a couple things stood out. First, election meddling by “external actors” isn’t new. What is new is the ability for internal and external actors to obfuscate financial support, leak documents at scale and run a disinformation campaign inexpensively. Surprisingly, “hacking” voting equipment is allegedly relatively easy because of vulnerabilities in these legacy systems, yet we still haven’t seen a takedown of the entire US election infrastructure from compromised voter integrity.
Keeping Fraud Detection Software Aligned With the Latest Threats
Cloud-ready investigation and incident management
Election meddling isn’t new
Going back to the 1940s, the British Secret Intelligence Service flooded American newspapers with fake stories and leaked illegal electronic surveillance against US politicians who opposed participation in World War II. Sound familiar? One need only look at Cold War activities during the 1950s, 1960s and 1970s designed to “shape” elections in Korea, Central America, South America and Africa to see the common theme of partisan and process intervention.
Obfuscating financial support
Most developed nations have relatively strict campaign finance laws determining who can contribute how much money and the restrictions on the use of such funds. When funds are misused, a simple “follow the money” strategy generally identifies who profits from the public office. In the US, campaign finance disclosures are relatively easy to track. One need only go to the US Federal Election Commission’s download bulk data site to access a wealth of information on who donated to what. However, open donation data like this doesn’t tell the whole story, much less the $6.4 billion dollars spent on the 2016 election season.
Recently the US Supreme Court denied an application for a stay on a case that concerned the disclosure of political donors by “not-political committees.” Under the Federal Election Commission regulation that’s now been struck down, these committees were required to only identify donors who contributed at least $200 for the purpose of influencing an election, but only when their contribution was expressly to be used for a specific reported expenditure, like specific television ads or mailers. Any general political donations didn’t need to be disclosed. Now that this “dark money” data will have a little light thrown on it, it will be interesting to see how it can be analyzed.
Security researchers discovered a 10-year-old vulnerability in the M650 vote-counting machine used across 26 US states and the District of Columbia that could allow a hacker to manipulate results. DEF CON 26 Voting Village Report Report on Cyber Vulnerabilities in U.S. Election Equipment, Databases, and Infrastructure September 2018
Leaking of internal documents
“Don’t email anything you don’t want to see in The New York Times.” Sound advice that I’m sure more than a few politicians and their staffers wished they’d followed. Most organizations lack anything other than written supervisory controls on the flow of information. I’m not saying that organizations need to become surveillance states. But appropriate monitoring of sensitive assets like data, email or documents is just prudent practice – and in particular a good start in detecting fraud.
Email is an easy target, yet few organizations require the use of two-factor or multifactor authentication. Even fewer organizations monitor email content. Only after damage is done do organizations step back and think, “Maybe we should have done something about that.” An easy way to prevent your email from being hacked is simply to use multifactor authentication to text you a security code.
The ease with which a user can transfer sensitive documents in and out of a network is a serious security gap if left unmonitored. To date, most organizations have worried about external network intrusion attacks; however, it’s the existing insider to manipulate or exfiltrate data that is probably largest security threat for most organizations.
Spreading “fake news” or false information to deliberately deceive or incite action is a common practice going back decades. In 1941, for example, President Franklin D. Roosevelt claimed to have a “secret map” showing Nazi Germany’s designs on South America, which he used to stoke American support for the war. Of course, like most disinformation campaigns, he was just reinforcing the public’s confirmation bias. Disinformation campaigns are easy to spot, but hard to combat. They simply play on our natural tendency to favor information that confirms previously held beliefs or biases. I fall for it every fall when I point to a positive article about University of Georgia football and believe that this year, Georgia will be the national champions (this year is the year, I’m calling it!), and I call every negative story about the team or a player “fake news.”
We are now actively applying machine learning and AI to identify blatantly false and misleading content from social media platforms. NBC News published an excellent database of more than 200,000 tweets that Twitter has tied to malicious activity from accounts during the 2016 US presidential election. SAS’ Robert Allison provided a great step-by-step example of examining these tweets. If you ever want to try analyzing unstructured content, take a look at these tweets and extract the URLs from the body content – how many of those domains and websites still exist?
How can technology help?
Just like any other cybersecurity or fraud problem that an organization faces, election meddling is a high-security and low-friction dilemma. As an organization, you need the proper onboarding controls in place to prevent bad actors from entering the system. But you must assume that some bad actors will still enter. In monitoring the system, technology can identify both legitimate and fraudulent activity, of course; the balancing act is to minimize the impact on legitimate activity while preventing fraudulent activity.
And preserving voter integrity brings an entirely new dimension to the dilemma. Instead of lost dollars, we face the potential abuse of our political system by internal or external actors attempting to manipulate that process for their gain.
- Proactive detection – A new approach to counter terrorTo counter terror, investigative teams can better utilize the data they already have by applying a fresh approach with these steps to proactive detection.
- Stop contract and procurement fraudFraud affects an estimated 30 percent of organizations' procurement processes. Beyond business rules and anomaly detection, analytics can detect and prevent fraud and preserve the integrity of the procurement process.
- How can analytics change the world of 'Narcos'?Surveillance, wire-taps, interrogations, informants… all valuable intelligence gathering techniques. But modern law enforcement and federal agents are now aided by a new technology to zero in on drug trafficking: analytics.