Election security Q&A: What are bot farms and why do hackers target elections?

Posted at 1:37 PM, Oct 31, 2018
and last updated 2018-10-31 13:49:06-04

Campaign 2018: Election Hacking is a weekly series from CBS News & CNET about the cyber-threats and vulnerabilities of the 2018 midterm election.

Over the weekend, CNET senior producer Dan Patterson hosted a live conversation on Twitter and Facebook. Viewers asked some of the biggest questions they have about potential hacking threats to our election system, and they also learned what is being done to prevent them.

Patterson joined CBSN Wednesday with some of those questions and answers:

Q. Why don’t we just go back to paper ballots? At least they can’t be hacked.

Patterson: This was a very common question. And it seems like a common theme through the entire series was: Look, if it can be hacked it probably will be hacked at some point, and that includes election machines and election computers.

Through the course of our reporting, we learned a lot about how not just voting computers work, but the entire process. And as we move into this digital age of connected devices — we call it the IoT, the Internet of Things — more and more election systems probably are and will be connected in the future, which means that it probably is a good idea to have a paper backup or an audit trail — something that is a hard, non-digital receipt of your voting record.

Q. Why do hackers target elections?

Patterson: So, the motives of hacking an election are kind of as broad as the number of vulnerabilities that exist and the types of hackers, and we did cover this in previous episodes. So, hackers attack elections for a few specific reasons. One is obviously political. Whether you’re a nation-state, a lone wolf or a hactivist, or you are a private organization, an oligarch, or a company like Cambridge Analytica, the goals kind of differ.

For China, Russia, Saudi Arabia, the goals are obviously political. For a hacktivist group or organization, those goals can be political as well, but a little more nuanced. And that can kind of vary, whether it’s Anonymous or New-World Hackers or a different group, those goals kind of depend on what they want at that particular moment.

With private organizations, it’s very easy for us to kind of look the IRA [Russia’s Internet Research Agency] or the GRU [Russian military intelligence agency] or Cambridge Analytica, but there are also companies like Devumi here in the United States that sold fake followers, and those tie into what we call social proof. So that is: if you have more followers, or it looks like you have more followers, you’re more influential and carry more weight. So, that ties into influence campaigns and the use of social media to not necessarily hack one particular vulnerability, but to kind of do what we call cognitive hacking, which is hacking our minds.

Q. Since 2016, we’ve learned about the various influence campaigns and have this new sort of dictionary of words that we never knew anything about before. You’ve talked about hacktivists and bot farms. Go over again what they are?

Patterson: So this again ties into the IRA and the GRU. We did see this in Saudi Arabia. What Russia did is hire almost like a company.  [In Saudi Arabia] there were employees, they went to an office, they checked in, they had systems administrators. They had people who were coding algorithms. … They were paid almost $3,000 as individuals to create fake and spam accounts, and once one got banned or blocked they would start another one. Some of these companies and individuals create algorithms that will kind of do this at mass scale.

A bot farm is kind of colloquial language that refers to the organized effort to create spam accounts on social media.

Q. Some people wonder if whoever loses the election is going to blame hacking. If Republicans lose, they’ll say hacking. If Democrats lose, they’ll say hacking. What’s your response to that?

Patterson: So this is, again, a very common refrain, and it’s very important that we address this, because hacking and election security is a non-partisan issue. We spoke to dozens of individuals on both sides of the aisle who are experts and they want us to all understand that our democratic process is very important. It’s very important that we go and vote and feel a sense of trust and security.

Hackers can target particular systems, but they are not necessarily taking one particular side.  They may take a side in individual elections and all of the actors that we have discussed may have their own agendas. But hacking is a non-partisan issue, and if we get mired into a mud-sling on the left or the right, or any particular issue, it’s a diversion from the real issue.