Taiwan vote hacking efforts could be a warmup for U.S. elections

Hackers got busy as Taiwanese voters prepared to cast ballots last month.

Officials at U.S.-based cybersecurity firm Trellix said they detected a surge in hacking efforts against the island democracy just before fraught national elections. The firm assessed that the hackers were likely searching for compromising material to spring a last-minute surprise and shift voters’ opinions.

The cyberattacks, detailed in a report released Tuesday by the California-based firm, do not appear to have affected the election’s outcome but could foreshadow the danger for the U.S. ahead of the November elections, said Anne An, a lead threat intelligence researcher for Trellix.

Taiwan has a strict paper-ballot election system, but Americans have more ways to vote, which may give attackers a broader range of opportunities to cause problems.

“Similar tactics and attempts may target U.S. elections, and especially where we have more attack vectors, it’s done electronically, so it could potentially cause more chaos or even affect the result,” Ms. An said.

Taiwan’s case study could be particularly apt because preelection polls predicted a close contest between pro- and anti-China candidates for president and for the national legislature, attracting fierce interest from Beijing’s ruling Communist Party.

Trellix’s detection data showed a spike in threats in the final days before Taiwan’s presidential election, followed by plummeting activity on election day. The booming cybersecurity threat rose from 1,758 detected on Jan. 11 to more than 4,300 on Jan. 12, the final day before the election, according to Trellix’s report.

“According to Trellix telemetry data, a portion of the malicious traffic targets a variety of organizations, such as government offices, local police departments and financial institutions,” the report said. “This indicates that threat actors were likely interested in police reports, criminal records, bank statements, insurance information, as well as internal government communications.”

Ms. An suspected China was responsible for the surge in hacking attempts but said Trellix did not have sufficient data to pinpoint those responsible. The Biden administration and the FBI have repeatedly warned of attempts by hacking groups linked to the Chinese government to target U.S. government and private infrastructure systems. China denies the charges and says U.S. intelligence and security agencies are guilty of cyberespionage.

As U.S. officials brace for election threats from China and others, the federal government and the states must do more to treat election systems as critical infrastructure, said Karan Sondhi, Trellix’s chief technology officer for the public sector.

Reflecting on his time at Booz Allen Hamilton, Mr. Sondhi said the Department of Defense spent more money on training exercises overseas for hypothetical doomsdays than the government used for election security.

“We spent a lot of money — a lot of money — doing those exercises,” Mr. Sondhi said. “We don’t even spend a third of that money protecting our election systems. I mean, it’s just a joke. It’s a total joke.”

Federal cybersecurity officials insist they have taken steps to address foreign digital threats to the upcoming elections.

Fighting back

Last year, the National Security Agency and U.S. Cyber Command mobilized their election security group to combat foreign threats to the various voting processes. The group assembles information specialists, planners and operations specialists to identify attackers and fight back.

Before leaving the helm of NSA and Cyber Command this month, retired Gen. Paul M. Nakasone said in December that federal cybersecurity officials were examining China’s next moves and whether Beijing would target specific U.S. elections or pursue a broader approach.

In Taiwan, Trellix found that the hackers appeared to be looking for personally damaging information that could sway voters.

“Attackers likely established command and control to facilitate information collection from a remote system,” the Trellix report said. “It is apparent that the threat actor is single-mindedly focused on digging for information in the hours leading up to the election date.”

Trellix’s observations are consistent with those of others who closely watched Taiwan’s elections for clues about China’s operations. The Australian Strategic Policy Institute said last month that it observed multiple efforts by the Chinese Communist Party to spread disinformation about Taiwan’s Democratic Progressive Party on social media, but it concluded that the effort had a minimal impact.

The Australian think tank said the China-based efforts to interfere in the election included using a large network of inauthentic social media accounts with avatars generated by artificial intelligence to spread false information about China’s political opponents. Another China-based threat actor claimed to be sharing leaked Taiwanese government documents and deployed a fake paternity test to manipulate voters.

The effort fell short. Vice President William Lai of the independence-leaning Democratic Progressive Party won a clear victory over two rivals to succeed outgoing President Tsai Ing-wen. During her eight years in office, the mainland was sharply critical of Ms. Tsai and the DPP and cut off virtually all direct contact.

In one consolation for China, the DPP lost its majority in the parliamentary elections and the presidential vote.

China’s failure to change the minds of Taiwanese voters has some observers wondering whether America would be better served to focus less on operations trying to influence voters and more on disruptive hacks and other efforts to cause chaos to the voting systems.

Stewart Baker, former NSA general counsel who now practices law with the firm Steptoe & Johnson LLP, said China’s unimpressive efforts at persuasion in Taiwan should give people pause.

“We should watch for that, but I’m guessing maybe we should chill about the likelihood that they’re going to affect our election that way,” Mr. Baker said on The Cyberlaw Podcast last week. “There may be other things they’ll do, but I’m just not seeing a reason to think that this is the most important thing in the campaign.”

 5 total views,  1 views today