Amid Fears of Election Security, SEO Poisons URLs

Written by

A recent poll from the University of Chicago Harris School of Public Policy and the Associated Press–NORC Center for Public Affairs Research found that a wide majority of Americans are concerned about election security ahead of next month's midterm elections.

Though Republicans seem more confident in election security, a significant number of Americans across the aisle fear the potential of a hack on voter systems, with 58% of Democrats and 39% of Republicans not fully trusting the integrity of voting systems.

Many reportedly fear that election security has seen little to no improvement since 2016 when Russia meddled in the US presidential election, particularly in light of a report from The Washington Times earlier this month that Peter King’s congressional campaign site was hacked.

“Elections are one of the most important things we rely on our government to run and they’re being outsourced to companies that clearly don’t have security as their top priority,” said Brian Vecci, technical evangelist at Varonis.

“Election systems without a verifiable paper record are inherently insecure, and any electronic system is going to be vulnerable to attack," said Vecci. "If we can’t come up with a system that’s clearly better – including more secure – than the old way of pulling levers, should we be in a rush to change?

“Election security should not be outsourced to the lowest bidder in each state, which has resulted in a huge variety of different systems and platforms and made it even harder to ensure the integrity of an election. Instead, similar to the introduction of GDPR and the California Consumer Privacy Act, if we implement a standardized system with a set level of required security regulations, we can reduce threats and ensure the outcome of our elections are in the hands of US citizens and US citizens alone.”

When it comes to election security, though, there are factors beyond technology that impact the integrity of elections. While a lack of funding, regulation and skilled staff contribute to the lack of confidence in electronic voter systems, cyber-criminals are reportedly using SEO to poison the midterm elections. Researchers from Zscaler have been actively tracking SEO poisoning campaigns and found in excess of 10,000 compromised websites with more than 15,000 keywords leading to multiple redirects.

“SEO poisoning, also known as search engine poisoning, is an attack method that involves creating web pages packed with trending keywords in an effort to trick search engines to get a higher ranking in search results,” researchers wrote in a blog post. Researchers have spent more than a month watching this midterm-elections SEO poisoning campaign and said they continue to discover hundreds of newly compromised sites every day.

Regardless of the security solutions put in place to protect the voting machines, cyber-criminals are still able to use technology to influence what information is disseminated via websites and social media, a vital piece of the discussion that has yet to make it to the forefront of the election security conversation.

What’s hot on Infosecurity Magazine?