Newsmaker Interview: Tom Kellermann on Hacking the Midterm Elections

Concerns over midterm election tampering reach a boiling point in the days leading up to actual voting.

Midterm elections are being held across the country Tuesday which means millions will be paying close attention to wins and losses. But, for cybersecurity experts, such as Tom Kellermann, the focus will be on voting irregularities.

Tom Kellermann

Kellermann is chief cybersecurity officer for Carbon Black and for months leading up to Tuesday’s vote his team has been analyzing election security. In a recent report that looks at cyberattacks leading up to the 2018 midterm election, Carbon Black found that two-thirds of incident response professionals surveyed believe hacking will influence the upcoming U.S. elections.

Threatpost caught up with Kellermann  on the eve of the 2018 midterms to discuss the study and better understand his biggest worries.

Threatpost: How concerned should voters be when it comes to trusting the integrity of the entire voting process and U.S. voting infrastructure?

Kellermann: They should very concerned for a number of specific reasons. Number one is the integrity of voter records and voter rolls. Our researchers found 20 separate state voter databases available for purchase on the Dark Web, representing 81 million voters. Some from swing states. The biggest concern relative to those records being exposed is not just the identity theft that will or will not occur, but it’s the nature in which someone can tamper with the integrity of the voting records.

Threatpost: How so?

Kellermann: The problem is if someone shows up at the polls to vote and they are denied the capacity to vote because someone has skewed the integrity of that voter roll data. Voter databases include full names, current and previous addresses, gender and phone numbers. By virtue that many of these databases ended up on the Dark Web there is a chance hackers had access to the source data and may have compromised the integrity of that data.

Threatpost: How might a hacker manipulate the data?

Kellermann: In our latest incident response report we report over 81.5 million American voter details for sale to other hackers, criminals and/ or nation states. My biggest concern with the availability of voter records is the construct that selectively foreign hackers could attempt to suppress the vote of American citizens by changing the integrity of their addresses and/ or spellings of their names in these databases.

Threatpost: How widespread is this problem?

Kellermann: I’m not suggesting that there’s going to be widespread tampering with the integrity of the data. That said, voter data is rich with PII. Targeting of messages could be very specific.

Threatpost: Can you talk about that some more? Your report discusses how hackers are advertising on the Dark Web “laser focused” ads on social media to hyper-target campaigns to “manipulate” public opinion.

Kellermann:  This is a secondary concern of mine on Tuesday. Whether it be foreign or domestic, there will be information influence operations to control individual voters in swing states and the mainstream media to convince the American public that certain races have already been decided, in hopes of eliminating the impetus and excitement of a voter to go out to the polls.

One of the more elegant attacks that we have seen in the past was an attack on a major media outlet covering Wall Street. Hackers created a disinformation campaign targeting a media outlet that a company’s stocks were plummeting. As a result of that media attack, people began to sell off the stocks. I’m seeing the same phenomenon in politics.

Politics, consumer confidence and investor confidence are all driven by a similar herd mentality. How much does it take to create a stampede? Hopefully less as we all get wiser to acts of manipulation.

Threatpost: Besides not falling for it, how do we combat the disinformation noise?

Kellermann: Vote. If the majority of Americans go out there and exercise their right to vote it reduces statistical ambiguity.

I’m sure that there’s going to be hackers on both sides of the American spectrum who will leverage their skillsets to attempt to manipulate the election in some fashion. But at the end of the day, the more voting that occurs the harder it will be to skew the results. If millions upon millions of Americans actually get off their couches and vote, we will have a larger and truer representation of the people’s will and a greater statistical significance of what should be occurring politically in the US.

Suggested articles