International Policy Center Home Page

Cyberattacks are major risk in elections, warns Ford School PhD

November 14, 2018

Data security is a hot topic in many aspects of life, including elections. Ford School doctoral student Nadiya Kostyuk’s recent research explores the pervasive threat that lies in the increasing ease of cyberattacks and how it could impact elections. In her November 5, 2018, Washington Post analysis “Hackers are using malware to find vulnerabilities in U.S. swing states. Expect cyberattacks,” written with Kenneth Geers, the duo explores their research on the swift rise of election-focused hacking attempts inside and outside the U.S.—and how easy it is for them to succeed.

Kostyuk and Geers’ research focuses on the use of malware, otherwise known as malicious software, that has seen a rise in the U.S. and internationally. “Malware seeks to steal, block or alter data,” the authors write, “It’s the kind of code used to steal your passwords or credit card numbers. And it can also steal your vote.” Malware’s advantage is its efficiency, as hackers hoping to obtain information about many people at once can manipulate software, which Kostyuk and Geers say “a high percentage of the targets already have installed, are willing to install, or are forced to install on their computers,” going on to note that, “Ironically, one tool for this operation could be voter registration software.”

These attacks can happen mere days before an election, as compared to fake social media campaigns, which need longer to take hold. However, clear patterns in the timeline of malware attacks could help identify them going forward. “First come computer and human reconnaissance via application; then, targeted malware dissemination via worm; and finally, information operations via trojan, doing anything from passively gathering intelligence to actively influencing votes,” Kostyuk and Geers write. Swing states, they say, are particularly appealing to hackers, with the recent midterm election finding the “13 swing states...recording more malware detections per day than the 37 non-swing states!”

We’re seeing elections being decided on increasingly small margins, so any threat to cybersecurity could be a tipping point. “With malware,” Kostyuk and Geers warn, “hackers can steal, deny or alter any type of digital information. Hackers can help politicians more easily win an election.” 

Read the full piece on Washington Post’s Monkey Cage.

Nadiya Kostyuk is a doctoral student in a joint program in Political Science/Public Policy at the University of Michigan.