FBI and CISA warn foreign actors and cybercriminals will spread disinformation regarding 2020 election results

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a Public Service Announcement (PSA) to raise awareness of the potential threat posed by attempts to spread disinformation regarding the results of the 2020 elections. Foreign actors and cybercriminals could create new websites, change existing websites, and create or share corresponding social media content to spread false information in an attempt to discredit the electoral process and undermine confidence in U.S. democratic institutions, warns the PSA.

State and local officials typically require several days to weeks to certify elections’ final results in order to ensure every legally cast vote is accurately counted. The increased use of mail-in ballots due to COVID-19 protocols could leave officials with incomplete results on election night. Foreign actors and cybercriminals could exploit the time required to certify and announce elections’ results by disseminating disinformation that includes reports of voter suppression, cyberattacks targeting election infrastructure, voter or ballot fraud, and other problems intended to convince the public of the elections’ illegitimacy, says the PSA.

The FBI and CISA urge the American public to critically evaluate the sources of the information they consume and to seek out reliable and verified information from trusted sources, such as state and local election officials. The public should also be aware that if foreign actors or cyber criminals were able to successfully change an election-related website, the underlying data and internal systems would remain uncompromised.

Brandon Hoffman, Chief Information Security Officer at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, notes that it’s quite common for disinformation campaigns to pop up especially when there is an election of major importance.

"This is not just related to elections and political movements in America, but globally as the adversaries see opportunities to further their agenda. The reason these attacks persist in different variations is simply because they are effective. Something a little different this time is that the Chinese account network used GANs (Generative Adversarial Networks), an AI technique capable of fabricating faces in an attempt to elude detection," adds Hoffman. "Moving forward, we will continue to see more advance campaigns like this aimed at the 2020 elections and techniques that leverage automation to build more accounts and pages automatically. These pages will be used for propaganda or ideology dissemination. We will almost certainly see an attack of any voting equipment used and any mobile apps or websites that have anything to do with campaigns or hosting voter or voting information databases.”

Recommendations provided by the PSA include:

Seek out information from trustworthy sources, such as state and local election officials; verify who produced the content; and consider their intent.
Verify through multiple reliable sources any reports about problems in voting or election results, and consider searching for other reliable sources before sharing such information via social media or other avenues.
For information about final election results, rely on state and local government election officials.
Report potential election crimes—such as disinformation about the manner, time, or place of voting—to the FBI.
If appropriate, make use of in-platform tools offered by social media companies for reporting suspicious posts that appear to be spreading false or inconsistent information about election-related problems or results.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.