The U.S. government is concerned about foreign interference in the 2020 election, so much so that it will offer a reward of up to $10 million for anyone providing information that could lead to tracking down potential cybercriminals aiming to sabotage the November vote.
The U.S. Department of State’s Rewards for Justice (RFJ) program, overseen by the Diplomatic Security Service, will pay for info that can identify or locate someone workingwith or for a foreign government “for the purpose of interfering with U.S. elections through certain illegal cyber activities,” according to a release posted on the department’s website.
The reward covers anyone seeking to interfere with an election at the federal, state or local level by violating or even aiding the violation of a U.S. law against computer fraud and abuse, according to the department.
“The Computer Fraud and Abuse Act, 18 U.S.C. § 1030, criminalizes unauthorized computer intrusions and other forms of fraud related to computers,” according to the release. “Among other offenses, the statute prohibits unauthorized accessing of computers to obtain information and transmit it to unauthorized recipients.”
The department is encouraging anyone with information on foreign interference in U.S. elections to contact them via their website or contact a U.S. Regional Security Officer at the nearest U.S. embassy or consulate.
Recent research by Google identified two separate phishing campaigns targeting staffers of both President Trump and Democratic candidate Joe Biden from persistent threat (APT) groups. Google reported a China-linked APT group targeted Biden’s campaign staff, while an Iran-linked APT targeted Trump’s.
The COVID-19 pandemic has created new concerns in the upcoming election. Election security has been a hot topics at this year’s Black Hat USA 2020, which is being held this week for the first time virtually due to the pandemic.
The conference opened with Voting Village security celeb Matt Blaze calling for cybersecurity experts during his keynote to leverage their passion for election security to help secure the upcoming U.S. presidential elections. This includes helping to take on the myriad challenges the government faces to scale up mail-in voting with less than 100 days left before the election, he said.
“This community is precisely the one whose help is going to be needed by your local election officials,” Blaze said in his talk. “The logistical aspects of this are familiar to computing specialists,” he said, while urging virtual Black Hat attendees to “engage now.”
With the “operational environment being under uncertainty and in a state of emergency…our expertise in this community is central to many of the problems that we have here,” Blaze said.
To help secure in-person electronic voting, voting machine-maker Election Systems & Software (ES&S) formally announced a vulnerability disclosure policy Wednesday during a Black Hat session. The move signaled that voting-machine vendors also are beginning to take the role of the security research community seriously in helping to secure critical election infrastructure.
ES&S said that its formally released policy applies to all digital assets owned and operated by ES&S – including corporate IT networks and public-facing websites.
Christopher Krebs, director of the Department of Homeland Security’s CISA unit, also was expected to speak on election security Wednesday at a session at Black Hat called “Election Security: Securing America’s Elections” to discuss the risks for the 2020 presidential election and how the government hopes to mitigate them.
Complimentary Threatpost Webinar: Want to learn more about Confidential Computing and how it can supercharge your cloud security? This webinar “Cloud Security Audit: A Confidential Computing Roundtable” brings top cloud-security experts from Microsoft and Fortanix together to explore how Confidential Computing is a game changer for securing dynamic cloud data and preventing IP exposure. Join us Wednesday Aug. 12 at 2 p.m. ET for this FREE live webinar with Dr. David Thaler, software architect, Microsoft and Dr Richard Searle, security architect, Fortanix – both with the Confidential Computing Consortium. Register Now.