At this time of the year, I see a lot of security predictions for the upcoming 12 months. It’s not that these predictions are confined to a January 1 to December 31 time period, and while most of the predictions are based on what we’ve been seeing for the past six to 12 months, it is unusual to have a next-year prediction come true before we hang up the new calendars.
Security researchers from Raytheon-Websense predicted that the upcoming elections will be a driver for “significant themed attacks.” The white paper went on to state:
We’ve already seen websites hacked to promote propaganda or create confusion. Beginning in 2011 the Syrian Electronic Army (SEA), a group of hackers supporting the government of Syrian President Bashar al-Assad, began targeting and defacing the websites of political opposition groups, government agencies and news organizations with pro-regime commentary. . . . These attacks demonstrated how relatively simple it was to deface websites and appropriate others’ media technology to achieve recognition and reach, even if only temporarily. Other groups may look to follow the SEA’s lead in 2016, training their sights on candidates’ web pages and social media with a goal to embarrass or discredit, or hijacking the Twitter accounts of legitimate news media to inflame and influence the electorate.
Considering that the 2016 campaign season began sometime in early 2013, we shouldn’t be surprised to see this prediction already coming to life. However, I wouldn’t have expected Anonymous to be the group behind the attacks – at least not at this point.
But that’s exactly what’s happening. Anonymous has threatened presidential candidate Donald Trump. The hacker collective said it would go after Trump because of comments he made about Muslims and later take down the Trump Tower website. (Anonymous has been busy lately, as it has also declared a “cyberwar” of sorts with ISIS.)
Look beyond the sensationalist parts of the Anonymous vs. Trump story, and you see what could be the future of this presidential election when it really does hit full on (when people actually start voting). As John McCormack, Raytheon|Websense CEO, said to me in an email statement:
This is just the beginning and it will get worse - and more personal - as candidates see their campaign apps hacked, Twitter feeds hijacked, and as voters are targeted with very specific phishing attacks based on public information such as voter registration, Facebook and LinkedIn data. Current events can provide social engineering threat vectors to target users, data and networks. Anticipating those attacks is a vital part of defending and disrupting attacks when they happen.
I would add to that the chance of revenge against businesses or individuals who make political stands. In this election, no one is safe.
For companies, however, I think the time is now to alert employees on the potential onslaught of election-based malware and disruptions, and to forewarn clients and customers that the attacks sent out in a business’s name don’t necessarily represent the business’s point of view. Politics create strong emotions, and I’ve no doubt that the bad guys and the hacktivists will be taking advantage of this during election season.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba