TTI | Network Security Insights

We Know Hackers Threaten Our Digital Assets: Could They Threaten Our Political Discourse, Too?

Written by Craig Badrick | Jun 19, 2018 8:03:53 AM

By leveraging a simple botnet, hackers were able to submit millions of fraudulent comments to the FCC in advance of its vote on net neutrality.

We’ve written extensively about the threat cybercriminals pose to organizations’ digital assets. In short, the odds of a company suffering a data breach stand at roughly one in four, and the global cost of cybercrime is expected to exceed $6 trillion as soon as 2021.

But there are other, harder to quantify kinds of damage that nefarious online activity can cause. For instance, during the 2016 American presidential election, hacking collectives known as Fancy Bear and Cozy Bear allegedly used a simple spear phishing attack to steal hundreds of politically sensitive emails from Democratic National Committee servers. Similarly, hackers attacked the systems of voting authorities in as many as 39 states, compromising millions of files containing voters’ names, driver’s licenses, and partial Social Security numbers.

More recently, as-of-yet unidentified bad actors attempted to skew the political discourse on one of the defining technology issues of our time: net neutrality.

 

Suspicious Input Galore

Last December, the Federal Communications Commission (FCC) decided to roll back Obama-era net neutrality protections by a vote of 3-2. In the months leading up to the vote, the FCC was legally obligated to provide an online forum in which any member of the public could share their position on the issue. When all was said and done, the FCC received more than 22 million comments. The only problem? Millions of the comments were submitted not by concerned citizens, but by bots.

The New York State Attorney General’s Office became suspicious when New Yorkers started complaining that many of the comments in the FCC forum were submitted using the names and addresses of their loved ones — including some who had been dead for years.

According to an analysis conducted by data scientist Jeff Kao, only 800,000 of the tens of millions of comments submitted to the FCC “could be considered truly unique.” Granted, as The Verge editor Jacob Kastrenakes points out, “Americans by and large aren’t lawyers capable of putting together cogent legal analysis of telecommunications law, and prewritten form letters were widely offered to net neutrality supporters and opponents as a way to make their voice heard by the commission.”

Even so, the consensus among experts is that a significant percentage of the comments submitted to the FCC were fraudulent, and in some jurisdictions, illegal. “It’s scary to think that organic, authentic voices in the public debate are being drowned out by a chorus of spambots,” Kao tells The Washington Post.

 

The New Normal

In truth, the FCC vote was all but a foregone conclusion, but this episode’s underlying fraud is a troubling development in a political climate that is already fraught with “fake news” and growing distrust of traditional institutions.

As The Post reports, “7.5 million comments filed in favor of the regulations…appeared to come from 45,000 distinct email addresses, all generated by a single fake email generator website.” Further, “some 400,000 comments backing the rules…appeared to originate from a mailing address based in Russia.”

Ultimately, this scandal demonstrates just how easy it has become for bad actors to manipulate important political discussions by leveraging a botnet. Today’s bots can create accounts, confirm passwords, and even pass CAPTCHA authentication tests with remarkable consistency, making them a threat in any digital space.

As such, organizations public and private must make a concerted effort to protect their IT operations, whatever shape they may take. In many cases, the best way to do so is to partner with a seasoned networking and cybersecurity expert like Turn-key Technologies. With our nearly three decades of industry experience, we can help any organization do its digital due diligence, regardless of whether it’s in charge of running a small business or deciding the future of the internet as we know it.