A report from Valimail revealed that several security breaches are potentially threatening the elections, including email spoofing. These vulnerabilities won’t affect the voting machines or mail-in ballots but there is an important risk of domain spoofing and impersonation-based phishing email attacks.
The report stated this gives an opportunity for malicious actors to impersonate authority figures involved with elections or campaigns, hence threatening unprotected domains. This kind of attack within the US election infrastructure remains unique and could interfere severely with a free and fair election.
These attacks could cause some serious trouble, including sending false emails purportedly from election officials claiming they are tampering with votes or ballots or a hoax claims that a certain political candidate is collaborating with the election officials to “rig” the election, in order to discredit the candidate.
The report also brought to light the potential for denial of service (DNS) attacks directed at political campaigns. In order to prevent this, organizations could apply patches on a routine basis, allow access to systems only to authorized personnel, mandate complex passwords to change frequently, remove access for former employees, and build a denial of the service protection strategy.
This would not be the first time a lack of email security is involved during an election. Indeed, in 2016, a Russian hacker compromised the Democratic National Committee’s email environment by using phishing strategies to gain access to more than 60,000 emails.
Ensuring the safety of emails depends on the use of Domain-based Message Authentication, Reporting, and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM). These tools employ a specific DNS record that will prove that an email source is legitimate. A DMARC record will instruct recipients to remove messages from unauthenticated senders, an SPF record will confirm the legitimate IP address of the sending email and finally, a DKIM record will provide public key information to be matched against a digital signature included in the email headers, so if the digital signature is missing or incorrect, the email won’t get through. Using all these records in conjunction assure better security.